PT-2025-20666 · D Link · D-Link Di-8100

Name of the Vulnerable Software and Affected Versions: D-Link DI-8100 versions up to 16.07.26A1 Description: A critical issue affects the processing of the file /ddos.asp of the component jhttpd. The manipulation of the arguments def max, def time, def tcp max, def tcp time, def udp max, def udp...

PT-2025-20655 · Unknown · Jeecg-Boot

Name of the Vulnerable Software and Affected Versions: JeecgBoot versions up to 3.8.0 Description: A vulnerability was found in JeecgBoot that affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the...

PT-2025-20635 · Unknown · Phpgurukul E-Diary Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul e-Diary Management System version 1.0 Description: A critical issue has been found in the PHPGurukul e-Diary Management System, affecting the processing of the file /manage-notes.php. The manipulation of the ID argument leads to SQ...

PT-2025-20439 · D Link · D-Link Dir-605L

Name of the Vulnerable Software and Affected Versions: D-Link DIR-605L version 2.13B01 Description: A critical issue affects the formSetWAN Wizard55 function, where manipulation of the curTime argument leads to a buffer overflow. This can be initiated remotely. The vendor was contacted about this...

CVE-2025-43852

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to unsafe deserialization. The modelchoose variable takes user input e.g. a path to a model and passes it to the uvr function in vr.py. In uvr , if modelname contains t...

CVE-2025-43844

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to command injection. The variables expdir1, among others, take user input and pass it to the clicktrain function, which concatenates them into a command that is run on...

CVE-2025-43845 GHSL-2025-015_Retrieval-based-Voice-Conversion-WebUI

Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. Versions 2.2.231006 and prior are vulnerable to code injection. The ckptpath2 variable takes user input e.g. a path to a model and passes it to changeinfo function, which opens and reads the file on the given path...

PT-2025-19764 · Torch +2 · Torch +2

Name of the Vulnerable Software and Affected Versions: Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior Description: The issue concerns a voice changing framework based on VITS, where unsafe deserialization can occur. The ckpt a and cpkt b variables take user input, such as a...

PT-2025-19765 · Unknown · Retrieval-Based-Voice-Conversion-Webui

Name of the Vulnerable Software and Affected Versions: Retrieval-based-Voice-Conversion-WebUI versions 2.2.231006 and prior Description: Retrieval-based-Voice-Conversion-WebUI is a voice changing framework based on VITS. The issue arises from unsafe deserialization. The ckpt dir variable takes us...

PT-2025-18199 · Vmsman · Vmsman

Name of the Vulnerable Software and Affected Versions: VMSMan up to 20250416 Description: A problem was found in the software. It affects some unknown functionality of the file /login.php. The issue can be exploited by manipulating the Email argument with the input "alert1, leading to cross-site...

PT-2025-17452 · Opencms · Opencms

Name of the Vulnerable Software and Affected Versions: opencms version 2.3 Description: The issue allows for Arbitrary file read in the src/main/webapp/view/admin/document/dataPage.jsp file. Recommendations: For opencms version 2.3, as a temporary workaround, consider restricting access to the...

PT-2025-17390 · Unknown · Phpgurukul Men Salon Management System

Name of the Vulnerable Software and Affected Versions: PHPGurukul Men Salon Management System version 1.0 Description: A critical vulnerability has been found in the PHPGurukul Men Salon Management System. The issue affects an unknown functionality of the file /admin/search-appointment.php. The...

PT-2025-17304 · Jmbroadcast · Jmbroadcast Jmb0150 Firmware

Name of the Vulnerable Software and Affected Versions: JMBroadcast JMB0150 Firmware version 1.0 Description: The issue is related to incorrect access control in the "HOME.php" endpoint, allowing attackers to access the Admin panel without authentication. Recommendations: For JMBroadcast JMB0150...

CVE-2025-22371

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SicommNet BASEC SaaS Service login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 De...

PT-2025-16299 · Apache · Apache Http Server

Name of the Vulnerable Software and Affected Versions: Apache HTTP Server affected versions not specified Description: The issue is related to a denial of service. No information is provided about the estimated number of potentially affected devices worldwide or real-world incidents where this...

PT-2025-16336 · Peertube · Peertube

Name of the Vulnerable Software and Affected Versions: PeerTube affected versions not specified Description: The issue allows an existing user to add playlists to a different user’s channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who...

CVE-2025-22371

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in SicommNet BASEC SaaS Service login page allows an unauthenticated remote attacker to Bypass Authentication and execute arbitrary SQL commands.This issue at least affects BASEC for the date of 14 De...

CVE-2025-22371

CVE-2025-22371 affects SicommNet BASEC (SaaS) login page. A SQL Injection flaw in the authentication flow allows an unauthenticated remote attacker to bypass login and execute arbitrary SQL commands. The vulnerability is described as present at least since 14 Dec 2021 and likely earlier. Accordin...

CVE-2021-4217 affecting package unzip for versions less than 6.0-22

CVE-2021-4217 affecting package unzip for versions less than 6.0-22. A patched version of the package is available...

PT-2025-15794 · Unknown · Agence Web Eoxia - Montpellier Wp Shop

Name of the Vulnerable Software and Affected Versions: Agence web Eoxia - Montpellier WP shop versions n/a through 2.6.0 Description: The issue is a Cross-Site Request Forgery CSRF vulnerability that allows an attacker to upload a web shell to a web server. This can be achieved through exploiting...