783 matches found
CVE-2025-8262
A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...
CVE-2025-8176
A flaw was found in libtiff. The gethistogram function in file/tiffmedian.c exhibits a use-after-free condition when processing a specially crafted file, allowing a local attacker to trigger memory corruption. This manipulation results in a use-after-free vulnerability, and can lead to a denial o...
PT-2025-31053 · Unknown +1 · Yarnpkg Yarn +1
Name of the Vulnerable Software and Affected Versions: yarnpkg Yarn versions up to 1.22.22 Description: A vulnerability exists in the explodeHostedGitFragment function within the src/resolvers/exotics/hosted-git-resolver.js file. This manipulation results in inefficient regular expression...
CVE-2025-8225
A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function processdebuginfo of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patc...
CVE-2025-8176
A vulnerability was found in LibTIFF up to 4.7.0. It has been declared as critical. This vulnerability affects the function gethistogram of the file tools/tiffmedian.c. The manipulation leads to use after free. The attack needs to be approached locally. The exploit has been disclosed to the publi...
CVE-2025-8177 LibTIFF thumbnail.c setrow buffer overflow
A vulnerability was found in LibTIFF up to 4.7.0. It has been rated as critical. This issue affects the function setrow of the file tools/thumbnail.c. The manipulation leads to buffer overflow. An attack has to be approached locally. The patch is named e8c9d6c616b19438695fd829e58ae4fde5bfbc22. It...
CVE-2025-7949
A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url lead...
CVE-2025-7949 Sanluan PublicCMS preview.html redirect
A vulnerability was found in Sanluan PublicCMS up to 5.202506.a. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file publiccms-parent/publiccms/src/main/resources/templates/admin/cmsDiy/preview.html. The manipulation of the argument url lead...
CVE-2025-7863
A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the argument url leads to open redirect. The attack may be...
CVE-2025-7864 thinkgem JeeSite FileUploadController.java upload unrestricted upload
A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been classified as critical. This affects the function Upload of the file src/main/java/com/jeesite/modules/file/web/FileUploadController.java. The manipulation leads to unrestricted upload. It is possible to initiate the attack...
PT-2025-30202 · Harry0703 · Moneyprinterturbo
Name of the Vulnerable Software and Affected Versions: harry0703 MoneyPrinterTurbo versions through 1.2.6 Description: A critical issue exists in harry0703 MoneyPrinterTurbo. The upload bgm file function within the File Extension Handler component, located in the app/controllers/v1/video.py file,...
PT-2025-30167
Name of the Vulnerable Software and Affected Versions thinkgem JeeSite versions up to 5.12.0 Description A vulnerability exists in thinkgem JeeSite up to version 5.12.0 related to cross-site scripting. The issue resides in the xssFilter function within the...
PT-2025-30207 · Yangzongzhuan · Ruoyi
Name of the Vulnerable Software and Affected Versions: yangzongzhuan RuoYi versions up to 4.8.1 Description: A cross-site scripting issue exists due to the addSave function within the com/ruoyi/web/controller/system/SysNoticeController.java file. This allows for remote attacks. The exploit detail...
PT-2025-30166
Name of the Vulnerable Software and Affected Versions thinkgem JeeSite versions up to 5.12.0 Description A critical issue exists in thinkgem JeeSite that allows for unrestricted file uploads. The Upload function within the file src/main/java/com/jeesite/modules/file/web/FileUploadController.java ...
PT-2025-30204 · Unknown · Moneyprinterturbo
Name of the Vulnerable Software and Affected Versions: harry0703 MoneyPrinterTurbo versions through 1.2.6 Description: A critical issue exists in the verify token function within the app/controllers/base.py file of the API Endpoint component. This allows for missing authentication and may be...
PT-2025-30079 · Gpac +1 · Gpac +1
Name of the Vulnerable Software and Affected Versions: GPAC versions up to 2.4 Description: A null pointer dereference issue exists in the gf dash download init segment function within the src/media tools/dash client.c file. Manipulation of the base init url argument can trigger this issue. This...
CVE-2025-7763
A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is the function select of the file src/main/java/com/jeesite/modules/cms/web/SiteController.java of the component Site Controller. The manipulation of the argument redirect leads to open...
CVE-2025-7763 thinkgem JeeSite Site Controller SiteController.java select redirect
A vulnerability, which was classified as problematic, was found in thinkgem JeeSite up to 5.12.0. Affected is the function select of the file src/main/java/com/jeesite/modules/cms/web/SiteController.java of the component Site Controller. The manipulation of the argument redirect leads to open...
PT-2025-29981
Name of the Vulnerable Software and Affected Versions thinkgem JeeSite versions up to 5.12.0 Description A problematic vulnerability exists in thinkgem JeeSite. The select function within the src/main/java/com/jeesite/modules/cms/web/SiteController.java file of the Site Controller component is...
PT-2025-29978
Name of the Vulnerable Software and Affected Versions thinkgem JeeSite versions up to 5.12.0 Description A critical vulnerability exists in thinkgem JeeSite. The issue is located in an unknown part of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java within the UEdit...