CVE-2025-5642

A vulnerability classified as problematic has been found in Radare2 5.9.9. Affected is the function rconspalinit in the library /libr/cons/pal.c of the component radiff2. The manipulation leads to memory corruption. The attack needs to be approached locally. The complexity of an attack is rather...

PT-2025-23787 · Unknown · Codeastro Real Estate Management System

Name of the Vulnerable Software and Affected Versions: CodeAstro Real Estate Management System version 1.0 Description: A critical issue has been found in the system, affecting an unknown part of the file /login.php. The manipulation of the email argument leads to SQL injection. It is possible to...

CVE-2025-48997

Multer is a node.js middleware for handling multipart/form-data. A vulnerability that is present starting in version 1.4.4-lts.1 and prior to version 2.0.1 allows an attacker to trigger a Denial of Service DoS by sending an upload file request with an empty string field name. This request causes ...

PT-2025-23225 · Gradio · Gradio

Name of the Vulnerable Software and Affected Versions: Gradio versions prior to 5.31.0 Description: Gradio is an open-source Python package that allows quick building of demos and web applications for machine learning models, API, or any arbitrary Python function. An arbitrary file copy...

PT-2025-23020 · Unknown · Phpgurukul News Portal Project

Name of the Vulnerable Software and Affected Versions: PHPGurukul News Portal Project version 4.1 Description: A critical vulnerability was found in the PHPGurukul News Portal Project. The issue affects the file /admin/edit-subadmin.php, where the manipulation of the emailid argument leads to SQL...

CVE-2024-43027

DrayTek Vigor 3900 before v1.5.1.5Beta, DrayTek Vigor 2960 before v1.5.1.5Beta and DrayTek Vigor 300B before v1.5.1.5Beta were discovered to contain a command injection vulnerability via the action parameter at cgi-bin/mainfunction.cgi...

CVE-2024-20011

In alac decoder, there is a possible information disclosure due to an incorrect bounds check. This could lead to remote code execution with no additional execution privileges needed. User interaction is not needed for exploitation. Patch ID: ALPS08441146; Issue ID: ALPS08441146...

CVE-2023-32075

The Customer Management Framework CMF for Pimcore adds functionality for customer data management. In pimcore/customer-management-framework-bundle prior to version 3.3.9, business logic errors are possible in the Conditions tab since the counter can be a negative number. This vulnerability is...

CVE-2022-41948

DHIS 2 is an open source information system for data capture, management, validation, analytics and visualization. Affected versions are subject to a privilege escalation vulnerability. A DHIS2 user with authority to manage users can assign superuser privileges to themself by manually crafting an...

PT-2025-22957 · D Link · D-Link Di-8100

Name of the Vulnerable Software and Affected Versions: D-Link DI-8100 versions up to 20250523 Description: A critical issue was found in the D-Link DI-8100, affecting the httpd get parm function of the /login.cgi file in the jhttpd component. The manipulation of the notify argument leads to a...

CVE-2020-36618

A vulnerability classified as critical has been found in Furqan node-whois. Affected is an unknown function of the file index.coffee. The manipulation leads to improperly controlled modification of object prototype attributes 'prototype pollution'. It is possible to launch the attack remotely. Th...

CVE-2020-35824

Certain NETGEAR devices are affected by stored XSS. This affects D7800 before 1.0.1.56, R7500v2 before 1.0.3.46, R7800 before 1.0.2.74, R8900 before 1.0.4.28, R9000 before 1.0.4.28, RAX120 before 1.0.0.78, RBK50 before 2.3.5.30, RBR50 before 2.3.5.30, RBS50 before 2.3.5.30, XR500 before 2.3.2.56,...

CVE-2015-10106

UNSUPPORTED WHEN ASSIGNED A vulnerability classified as critical was found in mback2k mhhttpbl Extension up to 1.1.7 on TYPO3. This vulnerability affects the function moduleContent of the file mod1/index.php. The manipulation leads to sql injection. The attack can be initiated remotely. Upgrading...

CVE-2019-8056

Adobe Acrobat and Reader versions 2019.012.20035 and earlier, 2019.012.20035 and earlier, 2017.011.30142 and earlier, 2017.011.30143 and earlier, 2015.006.30497 and earlier, and 2015.006.30498 and earlier have an use after free vulnerability. Successful exploitation could lead to arbitrary code...

CVE-2016-15009

A vulnerability classified as problematic has been found in OpenACS bug-tracker. Affected is an unknown function of the file lib/nav-bar.adp of the component Search. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The name of the patch is...

PT-2025-22493

Name of the Vulnerable Software and Affected Versions: Campcodes Online Shopping Portal version 1.0 Description: A critical issue affects the processing of the file /admin/updateorder.php, where the manipulation of the remark argument leads to SQL injection. This issue can be initiated remotely...

Oracle Linux 9 : krb5 (ELSA-2025-7067)

The remote Oracle Linux 9 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-7067 advisory. - Prevent overflow when calculating ulog block size CVE-2025-24528 Resolves: RHEL-76759 Tenable has extracted the preceding description block directly from the...

CVE-2025-5029

Kingdee Cloud Galaxy Private Cloud BBC System (versions up to 9.0 Patch April 2025) contains a path traversal vulnerability in File Handler: BaseServiceFactory.getFileUploadService.deleteFileAction (fileUpload/deleteFileAction.jhtml) caused by unvalidated filePath input. Remotely exploitable; exp...

WordPress Ruizarch Theme <= 1.1.0 is vulnerable to Local File Inclusion

Software Ruizarch Type Theme Vulnerable versions = 1.1.0 Fixed in 1.2.0 OWASP Top 10 A3: Injection Classification Local File Inclusion CVE CVE-2025-48290 Patch priority High CVSS severity High 8.1 Developer Claim ownership PSID a39d5d2adb6a Credits Bonds Required privilege Unauthenticated Publish...

PT-2025-22312 · Sourcecodester · Sourcecodester Client Database Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester Client Database Management System version 1.0 Description: A critical issue was found in the SourceCodester Client Database Management System. This affects an unknown part of the file /user proposal update order.php. The...