Vvveb 安全漏洞

Vvveb is a powerful and easy-to-use CMS from Givan Individual Developers for building websites, blogs or e-commerce stores. A security vulnerability exists in Vvveb version 1.0.7.2 and earlier, which stems from an information disclosure issue in the Image Handler component...

GHSA-57HM-8RJV-498W ml-logger deserialization vulnerability

A vulnerability was determined in geyang ml-logger 0.10.36 and prior. Affected is the function loghandler of the file mllogger/server.py of the component Ping Handler. This manipulation of the argument data causes deserialization. It is possible to initiate the attack remotely. The exploit has be...

CVE-2025-10091

CVE-2025-10091 affects Jinher OA up to version 1.2. The vulnerability is located in the XML Handler component, specifically the file /c6/Jhsoft.Web.projectmanage/ProjectManage/XmlHttp.aspx/?Type=add, where manipulation enables an XML External Entity (XXE) reference. Remote exploitation is possibl...

CVE-2025-9416

The CVE-2025-9416 entry concerns the oitcode samarium project (versions up to 0.9.6) and a Cross‑Site Scripting flaw in the /cms/webpage/ area of the Pages Image Handler. The vulnerability can be exploited remotely to impact user data/experience, with exploit code publicly available. Publicly doc...

CVE-2025-9404

A vulnerability was identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file /pointHierarchySLTS of the component Folder Handler. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit...

CVE-2025-9402 HuangDou UTCMS Config update.php server-side request forgery

A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery. The attack is possible to be carri...

CVE-2025-9146 Linksys E5600 Firmware checkFw.sh verify_gemtek_header risky encryption

A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verifygemtekheader of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. The attack requires a high leve...

ROS-20250616-05

A vulnerability in the File Handler component of the cross-platform 3D model import library Assimp Open Asset Import Library is related to a buffer overflow in aiString::Set in include/assimp/types.h library. Exploiting the vulnerability could allow an attacker to execute arbitrary code...

CVE-2023-3834

A vulnerability was found in Bug Finder EX-RATE 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /user/ticket/create of the component Ticket Handler. The manipulation of the argument message leads to cross site scripting. The attack may be...

TOTOLINK A720R Access Control Error Vulnerability

TOTOLINK A720R is a wireless router from China's Gion Electronics TOTOLINK. TOTOLINK A720R suffers from an access control error vulnerability that stems from improper access control of the parameter topicurl in the Log Handler component file /cgi-bin/cstecgi.cgi, no details of the vulnerability a...

PT-2025-17225 · Sourcecodester · Sourcecodester Loan Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Phone Management System version 1.0 Description: A critical vulnerability has been found in the SourceCodester Phone Management System. This issue affects the main function of the Password Handler component. The manipulation of...

PT-2025-16780 · Sourcecodester · Sourcecodester Web-Based Pharmacy Product Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Web-based Pharmacy Product Management System version 1.0 Description: A critical issue has been discovered, affecting the Login Handler component. The manipulation of the login email argument leads to SQL injection. This issue...

CVE-2025-3549

CVE-2025-3549 affects Open Asset Import Library Assimp 5.4.3. The vulnerability is in Assimp::MD3Importer::ValidateSurfaceHeaderOffsets (MD3Loader.cpp, File Handler) and causes a heap-based buffer overflow. The issue requires local access to exploit, and the exploit has been disclosed publicly. C...

PT-2025-14629 · Fastcms · Fastcms

Name of the Vulnerable Software and Affected Versions: FastCMS version 0.1.5 Description: A critical issue affects the JWT Handler component, where the manipulation leads to the use of a hard-coded cryptographic key. The attack can be initiated remotely, with a rather high complexity, making...

Cross-Site Scripting (XSS)

ContentTools is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to improper handling of the onload argument in the Image Handler component, allowing an attacker to exploit it...

PYSEC-2025-162

A vulnerability has been found in Open Asset Import Library Assimp 5.4.3 and classified as problematic. This vulnerability affects the function Assimp::CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp of the component CSM File Handler. The manipulation of the argument na...

PT-2025-10451 · Geshi +1 · Geshi +1

Name of the Vulnerable Software and Affected Versions: GeSHi versions up to 1.0.9.1 Description: A problematic issue has been found in GeSHi, affecting the get var function of the /contrib/cssgen.php file in the CSS Handler component. The manipulation of the...

PT-2025-6899 · Microworld · Microword Escan Antivirus

Name of the Vulnerable Software and Affected Versions: MicroWord eScan Antivirus version 7.0.32 Description: A critical vulnerability was found in the USB Password Handler component of MicroWord eScan Antivirus, leading to os command injection. The attack must be approached locally and has a high...

PT-2025-2045 · Kingsoft · Kingsoft Wps Office

Name of the Vulnerable Software and Affected Versions: Kingsoft WPS Office version 6.14.0 Description: A critical issue was found in the TCC Handler component of Kingsoft WPS Office, allowing for code injection. The manipulation can lead to an attack on the local host. The issue has been publicly...

Online Railway Reservation System 访问控制错误漏洞

Online Railway Reservation System is an online railroad reservation system by adminastro individual developers. An access control error vulnerability exists in SourceCodester Online Railway Reservation System version 1.0, which stems from an improper access control issue contained in the id...