CVE-2025-68937

A flaw was found in Forgejo. This vulnerability allows a remote attacker to write to unintended files and potentially gain server shell access. The flaw occurs due to mishandling of symlink destinations that point outside of the repository when processing template repositories. This could lead to...

Alteryx Server 授权问题漏洞

Alteryx Server is a cloud-hosted or self-hosted application from Alteryx, Inc. It is used to publish, share and execute workflows. An authorization issue vulnerability exists in Alteryx Server that stems from improper authentication in the file /gallery/api/status/, which could lead to a remote...

CVE-2025-15073

A vulnerability was determined in itsourcecode Online Frozen Foods Ordering System 1.0. This affects an unknown part of the file /contactus.php. This manipulation of the argument Name causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly disclosed and...

CVE-2025-15082

The CVE-2025-15082 entry concerns TOZED ZLT M30s (versions up to 1.47) with a vulnerability in the Web Management Interface. The root cause is manipulation of the goformId argument in the /reqproc/proc_post function, leading to information disclosure. Exploitation can be performed remotely, and p...

CVE-2025-15045

A flaw has been found in Tenda WH450 1.0.0.18. The affected element is an unknown function of the file /goform/Natlimit of the component HTTP Request Handler. This manipulation of the argument page causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has...

CVE-2025-3232

A remote unauthenticated attacker may be able to bypass authentication by utilizing a specific API route to execute arbitrary OS commands...

Advantech WebAccess/SCADA Code Issue Vulnerability

Advantech WebAccess/SCADA is a set of SCADA software based on browser architecture from Advantech, China. The software supports dynamic graphical display and real-time data control, and provides remote control and management of automation equipment. A code issue vulnerability exists in Advantech...

CVE-2025-12491 Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability

Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Senstar Symphony. Authentication is not required to exploit this vulnerability. The specific flaw exists within the...

CVE-2025-15046

CVE-2025-15046 affects Tenda WH450 (firmware 1.0.0.18). The vulnerability lies in the HTTP Request Handler’s /goform/PPTPClient function, where manipulating the netmsk argument causes a stack-based buffer overflow. It can be exploited remotely, and public PoCs/exploits are described in the cited ...

CVE-2025-14408

CVE-2025-14408 affects Soda PDF Desktop. The flaw is in the PDF parser, caused by insufficient validation of user-supplied data, leading to a read past the end of an allocated object and potential information disclosure. Exploitation requires user interaction (visiting a malicious page or opening...

CVE-2023-53982 PMB 7.4.6 SQL Injection Vulnerability via Unsanitized Storage Parameter

PMB 7.4.6 contains a SQL injection vulnerability in the storage parameter of the ajax.php endpoint that allows remote attackers to manipulate database queries. Attackers can exploit the unsanitized 'id' parameter by injecting conditional sleep statements to extract information or perform time-bas...

CVE-2025-15014

A security flaw has been discovered in loganhong php loganSite up to c035fb5c3edd0b2a5e32fd4051cbbc9e61a31426. This affects an unknown function of the file /includes/articledetail.php of the component Article Handler. Performing manipulation of the argument ID results in sql injection. It is...

CVE-2025-15005

A security flaw has been discovered in CouchCMS up to 2.4. Affected is an unknown function of the file couch/config.example.php of the component reCAPTCHA Handler. The manipulation of the argument KRECAPTCHASITEKEY/KRECAPTCHASECRETKEY results in use of hard-coded cryptographic key . It is possibl...

CVE-2025-15004

A vulnerability was identified in DedeCMS up to 5.7.118. This impacts an unknown function of the file /freelistmain.php. The manipulation of the argument orderby leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and might be used...

ROS-20251223-7306

Vulnerability in libarchive related to uncontrolled resource consumption. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

ROS-20251223-7321

A vulnerability in the urllib.parse.urlsplit and urlparse functions of the Python programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity...

ROS-20251223-7315

Vulnerability in php-symfony4 related to the use of non-canonical url-paths for authorization solutions. Exploitation of the vulnerability could allow an attacker acting remotely to escalate their privileges...

ROS-20251223-7322

A vulnerability in the urllib.parse.urlsplit and urlparse functions of the Python programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity...

ROS-20251223-7323

A vulnerability in the urllib.parse.urlsplit and urlparse functions of the Python programming language interpreter is related to insufficient validation of incoming requests. Exploitation of the vulnerability could allow an attacker acting remotely to affect data integrity...

Regular Expression Denial of Service (ReDoS)

Overview @fedify/fedify is an An ActivityPub server framework Affected versions of this package are vulnerable to Regular Expression Denial of Service ReDoS via docloader.ts. An attacker can cause the event loop to become unresponsive by supplying a specially crafted HTML payload that triggers...