CVE-2025-10685 HTTP POST with specific higher content length leads into heap corruption

Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT Webserver modules allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42...

CVE-2025-15540

Raytha CMS is affected by CVE-2025-15540 in the Functions module. Privileged users can write and execute JavaScript that can instantiate .NET components and perform arbitrary operations within the hosting environment due to insufficient sandboxing/access restrictions. Impact is described as authe...

CVE-2025-15540 Authenticated RCE in Raytha CMS

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...

CVE-2025-15540 Authenticated RCE in Raytha CMS

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...

CVE-2025-15540

"Functions" module in Raytha CMS allows privileged users to write custom code to add functionality to application. Due to a lack of sandboxing or access restrictions, JavaScript code executed through Raytha’s “functions” feature can instantiate .NET components and perform arbitrary...

CVE-2026-4225 CMS Made Simple User Management listusers.php cross site scripting

A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible to be carried out...

CVE-2026-4225

CMS Made Simple

CVE-2026-4225

A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible to be carried out...

PT-2026-25829

A vulnerability was determined in taoofagi easegen-admin up to 8f87936ac774065b92fb20aab55b274a6ea76433. This issue affects the function downloadFile of the file - yudao-module-digitalcourse/yudao-module-digitalcourse-biz/src/main/java/cn/iocoder/yudao/module/digitalcourse/util/PPTUtil.java of th...

CVE-2025-65734

The CVE-2025-65734 entry concerns gunet Open eClass. An authenticated arbitrary file upload vulnerability exists in the Courses/Work Assignments module, allowing code execution via a crafted SVG file. Affected version v3.11; fixed in v3.13. The issue requires authentication and uses a crafted SVG...

CMS Made Simple 代码注入漏洞

CMS Made Simple CMSMS is an open-source content management system developed by the Cmsms team. This system supports role-based permission management systems, wizard-based installation and update mechanisms, and intelligent caching features. Versions of CMS Made Simple prior to 2.2.21 contained a...

PT-2026-25711

Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT Webserver modules allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42...

PT-2026-25854

Summary A critical unrestricted file upload vulnerability exists in the Documents & Files module of Admidio. Due to a design flaw in how CSRF token validation and file extension verification interact within UploadHandlerFile.php, an authenticated user with upload permissions can bypass file...

PT-2026-25845

Name of the Vulnerable Software and Affected Versions IncusOS versions prior to 202603142010 Description The default configuration of systemd-cryptenroll, as used by IncusOS through mkosi, allows an attacker with physical access to the machine to access encrypted data without requiring interactio...

Raytha CMS 代码注入漏洞

Raytha CMS is a content management system developed by the American company Raytha. Raytha CMS has a code injection vulnerability, which stems from the lack of sandboxing or access restrictions in the Functions module. This vulnerability could allow JavaScript code to instantiate.NET components a...

PT-2026-26172

Summary The documents and files module in Admidio does not verify whether the current user has permission to delete folders or files. The folder delete and file delete action handlers in modules/documents-files.php only perform a VIEW authorization check getFolderForDownload / getFileForDownload...

EulerOS 2.0 SP12 : python3 (EulerOS-SA-2026-1376)

According to the versions of the python3 packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : When building nested elements using xml.dom.minidom methods such as appendChild that have a dependency on clearidcache the algorithm is quadratic...

PT-2026-25704

A flaw has been found in itsourcecode Free Hotel Reservation System 1.0. This vulnerability affects unknown code of the file /hotel/admin/mod reports/index.php. Executing a manipulation of the argument Home can lead to sql injection. The attack may be performed from remote. The exploit has been...

PT-2026-25635

A security flaw has been discovered in CMS Made Simple up to 2.2.21. Impacted is an unknown function of the file admin/listusers.php of the component User Management Module. Performing a manipulation of the argument Message results in cross site scripting. The attack is possible to be carried out...

EulerOS 2.0 SP10 : ruby (EulerOS-SA-2026-1324)

According to the versions of the ruby packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : URI is a module providing classes to handle Uniform Resource Identifiers. In versions prior to 0.12.5, 0.13.3, and 1.0.4, a bypass exists for the fi...