DbGate 安全漏洞

DbGate is a database manager in the DbGate open source. A security vulnerability exists in DbGate 6.4.3-premium-beta.5 and earlier versions, which stems from insufficient validation of file parameters and can lead to directory traversal...

CVE-2025-8197

...

Security Bulletin: Security Vulnerability Exists in QueueWatch UI of IBM Sterling B2B Integrator and IBM Sterling File Gateway Due to Lack of Validation of Request Parameters (CVE-2025-33014)

Summary IBM Sterling B2B Integrator and IBM Sterling File Gateway have addressed the security vulnerabilty Vulnerability Details CVEID:CVE-2025-33014 DESCRIPTION: IBM Sterling B2B Integrator Standard Edition uses a web link with untrusted references to an external site. A remote attacker could...

PT-2025-29494 · Semcms · Semcms

Name of the Vulnerable Software and Affected Versions: SemCms version 5.0 Description: SemCms version 5.0 contains a SQL injection issue via the pid parameter at the SEMCMS Infocategories.php file. Recommendations: Address the SQL injection issue by sanitizing or validating the pid parameter in t...

MeterSphere SQL注入漏洞

MeterSphere is MeterSphere's open source one-stop open source continuous testing platform. A SQL injection vulnerability exists in MeterSphere versions prior to 3.6.5-lts, which stems from insufficient validation of the sortField parameter and could lead to SQL injection...

GHSA-QCJ2-99CG-MPPF Jenkins Git Parameter Plugin vulnerable to code injection due to inexhaustive parameter check

Jenkins Git Parameter Plugin implements a choice build parameter that lists the configured Git SCM’s branches, tags, pull requests, and revisions. Git Parameter Plugin 439.vb0e46ca14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered...

Jenkins Git Parameter Plugin vulnerable to code injection due to inexhaustive parameter check

Jenkins Git Parameter Plugin implements a choice build parameter that lists the configured Git SCM’s branches, tags, pull requests, and revisions. Git Parameter Plugin 439.vb0e46ca14534 and earlier does not validate that the Git parameter value submitted to the build matches one of the offered...

Local Services Search Engine Management System SQL Injection Vulnerability

Local Services Search Engine Management System is a local services search engine management system. Local Services Search Engine Management System suffers from a SQL injection vulnerability, which originates from the lack of validation of the editid parameter in the file...

gnuboard5 安全漏洞

gnuboard5 is an application by kagla personal developer. A security vulnerability exists in gnuboard5 version 5.5.16, which stems from insufficient validation of URL parameters in bbs/memberconfirm.php, which could lead to an open redirection attack...

PT-2025-28219 · Wegia · Wegia

Name of the Vulnerable Software and Affected Versions: WeGIA versions prior to 3.4.3 Description: A critical issue was identified in WeGIA, a web manager for charitable institutions. The /html/funcionario/profile funcionario.php endpoint is vulnerable due to the id funcionario parameter not being...

CVE-2025-38230

In the Linux kernel, the following vulnerability has been resolved: jfs: validate AG parameters in dbMount to prevent crashes Validate dbagheight, dbagwidth, and dbagstart in dbMount to catch corrupted metadata early and avoid undefined behavior in dbAllocAG. Limits are derived from L2LPERCTL,...

CVE-2025-38230

CVE-2025-38230 concerns the Linux kernel’s JFS subsystem. The issue arises from not validating AG parameters in dbMount(), allowing corrupted metadata to reach dbAllocAG and cause crashes. A UBSAN shift-out-of-bounds occurs in fs/jfs/jfs_dmap.c:1400 during dbAllocAG, as demonstrated by the trace ...

PT-2025-28005

Name of the Vulnerable Software and Affected Versions: Linux kernel versions prior to 6.14.0-rc5-syzkaller Description: A vulnerability in the Linux kernel has been resolved, which involved validating AG parameters in dbMount to prevent crashes. The validation checks db agheight, db agwidth, and ...

Inventory Management System editBrand.php File SQL Injection Vulnerability

Inventory Management System is an inventory management system. Inventory Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter editBrandStatus in file /phpaction/editBrand.php. An attacker can...

TOTOLINK EX1200T /boafrm/formSysCmd File Buffer Overflow Vulnerability

The TOTOLINK EX1200T is a Wi-Fi range extender from China's Gion Electronics TOTOLINK. The TOTOLINK EX1200T suffers from a buffer overflow vulnerability, which originates from the failure of the parameter submit-url in the file /boafrm/formSysCmd to correctly validate the length and size of the...

Directory Traversal

openc3-cosmos-tool-iframe is vulnerable to Directory Traversal. The vulnerability is due to improper input validation and insufficient sanitization of path parameters in the /script-api/scripts/ endpoint, allowing attackers to access unauthorized directories...

Complaint Management System SQL Injection Vulnerability

Complaint Management System is a complaint management system. Complaint Management System suffers from a SQL injection vulnerability that originates from a lack of validation of externally entered SQL statements in the parameter fromdate/todate in the file /admin/between-date-complaintreport.php...

D-Link DIR-816 /goform/form2lansetup.cgi file buffer overflow vulnerability

The D-Link DIR-816 is a wireless router from China's AUO D-Link. The D-Link DIR-816 suffers from a buffer overflow vulnerability that stems from the file /goform/form2lansetup.cgi parameter ip failing to properly validate the length and size of the input data, which can be exploited by an attacke...

Dairy Farm Shop Management System /search-product.php File SQL Injection Vulnerability

Dairy Farm Shop Management System is a PHP and MySQL based dairy farm management system . The Dairy Farm Shop Management System suffers from a SQL injection vulnerability that originates from the lack of validation of an externally-entered SQL statement in the parameter productname in the file...

Cisco Unified Communications 命令注入漏洞

Cisco Unified Communications is an enterprise call control and session management platform from Cisco that connects people anywhere using any device. A command injection vulnerability exists in Cisco Unified Communications that stems from insufficient validation of command parameters and can be...