CVE-2025-10685

Heap-based buffer overflow vulnerability in Softing Industrial Automation GmbH smartLink SW-PN and smartLink SW-HT Webserver modules allows overflow buffers.This issue affects: smartLink SW-PN: through 1.03 smartLink SW-HT: through 1.42...

EUVD-2026-9542

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in Mikado-Themes Malgré malgre allows PHP Local File Inclusion.This issue affects Malgré: from n/a through = 1.0.3...

[SECURITY] Fedora 42 Update: drupal7-7.103-1.fc42

Equipped with a powerful blend of features, Drupal is a Content Management System written in PHP that can support a variety of websites ranging from personal weblogs to large community-driven websites. Drupal is highly configurable, skinnable, and secure...

CVE-2025-62007 WordPress Voice Feedback plugin <= 1.0.3 - Privilege Escalation vulnerability

Incorrect Privilege Assignment vulnerability in bPlugins Voice Feedback voice-feedback allows Privilege Escalation.This issue affects Voice Feedback: from n/a through = 1.0.3...

CVE-2025-11371

In the default installation and configuration of Gladinet CentreStack and TrioFox, there is an unauthenticated Local File Inclusion Flaw that allows unintended disclosure of system files. Exploitation of this vulnerability has been observed in the wild. This issue impacts Gladinet CentreStack and...

PT-2025-32431 · Minio +1 · Minio +1

Name of the Vulnerable Software and Affected Versions: macrozheng mall versions up to 1.0.3 Description: A vulnerability exists in the Upload function of the /minio/upload file within the Add Product Page component. Manipulation of the File argument can lead to cross-site scripting XSS. This issu...

SUSE CVE-2025-52556

rfc3161-client is a Python library implementing the Time-Stamp Protocol TSP described in RFC 3161. Prior to version 1.0.3, there is a flaw in the timestamp response signature verification logic. In particular, chain verification is performed against the TSR's embedded certificates up to the trust...

ZTE GoldenDB 安全漏洞

ZTE GoldenDB is a financial-grade transactional distributed database from China's ZTE Corporation ZTE. It is used in finance, government and enterprise, telecom and other industries to provide highly available data services. An improper privilege management vulnerability exists in ZTE GoldenDB...

WordPress SetSail Membership plugin <= 1.0.3 - Authentication Bypass via Account Takeover vulnerability

Authentication Bypass via Account Takeover vulnerability discovered by Tonn in WordPress Plugin SetSail Membership versions = 1.0.3...

PT-2025-5216 · Crudlab · Image Gallery Box

Name of the Vulnerable Software and Affected Versions: Image Gallery Box by CRUDLab versions n/a through 1.0.3 Description: The issue is related to improper control of filename for Include/Require Statement in PHP Program, also known as 'PHP Remote File Inclusion', which allows PHP Local File...

WordPress plugin Lock User Account Cross-Site Request Forgery Vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports personal blog sites on PHP and MySQL servers.WordPress plugin is an application plugin. A cross-site request forgery vulnerability...

CVE-2023-35780

Cross-Site Request Forgery CSRF vulnerability in Andy Whalen Galleria plugin = 1.0.3 versions...

CVE-2022-4103

creationtimestamp| type| source ---|---|--- 2023-01-10 02:28:21+00:00| seen| https://t.me/cibsecurity/56204...

Cognex 3D-A1000 Dimensioning System 安全漏洞

The Cognex 3D-A1000 Dimensioning System is a compact industrial smart camera capable of capturing moving objects in 3D and 2D from Cognex Corporation. A security vulnerability exists in Cognex 3D-A1000 Dimensioning System version 1.0.3 3354 and prior versions, which is caused by invalid log outpu...

GNU Inetutils 代码问题漏洞

GNU Inetutils is a common set of networking programs in the GNU community. A security vulnerability exists in GNU Inetutils version 2.3 and earlier, MIT krb5-appl version 1.0.3 and earlier, which stems from dereferencing the NULL pointer and causes the telnetd application to crash...

Liferay Portal Vulnerable to XSS in Profile Search Functionality

Cross-site scripting XSS vulnerability in users.jsp in the Profile Search functionality in Liferay Portal Search Web before 1.0.3 from Liferay before 7.0.0 CE RC1 allows remote attackers to inject arbitrary web script or HTML via the FirstName field...

SQL Injection Vulnerability in 1039, Inc.'s Home and School

Beijing One Zero Three Nine Technology Development Co., Ltd 1039 Company for short is a technology enterprise specializing in standardized software development and large-scale applied platform for the training industry, and is a partner in the information construction of the training industry. A...