CVE-2025-41018

SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'...

CVE-2025-41018 SQL injection vulnerability in Sergestec's Exito

SQL injection in Sergestec's Exito v8.0. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'cat' parameter in '/public.php'...

CVE-2025-5352 Environment Variable XSS in Analytics Component in lunary-ai/lunary

A critical stored Cross-Site Scripting XSS vulnerability exists in the Analytics component of lunary-ai/lunary versions up to 1.9.23, where the NEXTPUBLICCUSTOMSCRIPT environment variable is directly injected into the DOM using dangerouslySetInnerHTML without any sanitization or validation. This...

GLPI Inventory Plugin 路径遍历漏洞

GLPI Inventory Plugin is a French GLPI open source plugin . It is used to handle various types of tasks for GLPI agents. A path traversal vulnerability exists in versions prior to GLPI Inventory Plugin 1.0.2, which stems from a public script that can be used to read the contents of system files...