CVE-2025-21074

Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-21074

Out-of-bounds read in libimagecodec.quram.so prior to SMR Nov-2025 Release 1 allows remote attackers to access out-of-bounds memory...

CVE-2025-60784

A vulnerability in the XiaozhangBang Voluntary Like System V8.8 allows remote attackers to manipulate the zhekou parameter in the /topfirst.php Pay module, enabling unauthorized discounts. By sending a crafted HTTP POST request with zhekou set to an abnormally low value, an attacker can purchase...

EUVD-2025-37897

An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.07 allows a remote, authenticated attacker to escalate their privileges. By sending a specially crafted HTTP request, a low-privilege user can access and modify the profile data of any other user,...

PT-2025-45122

Name of the Vulnerable Software and Affected Versions ZwiiCMS versions prior to 13.6.07 Description An incorrect access control issue exists in the user management component. A remote, authenticated attacker with low privileges can escalate their privileges by sending a specially crafted HTTP...

Liferay Portal 7.4.3.8 < 7.4.3.112 XSS

Reflected cross-site scripting XSS vulnerability in Language Override in Liferay Portal allows remote attackers to inject arbitrary web script or HTML via the comliferayportallanguageoverridewebinternalportletPLOPortletselectedLanguageId parameter. Note that Nessus has not tested for this issue b...

rack: Rack memory exhaustion denial of service

A denial of service flaw has been found in the rubygems rack package. Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory without a size cap, allowing...

rack: Rack memory exhaustion denial of service

A denial of service flaw has been found in the rubygems rack package. Rack::Multipart::Parser can accumulate unbounded data when a multipart part’s header block never terminates with the required blank line CRLFCRLF. The parser keeps appending incoming bytes to memory without a size cap, allowing...

EUVD-2025-37478

A vulnerability was identified in fushengqian fuint up to 41e26be8a2c609413a0feaa69bdad33a71ae8032. Affected by this issue is some unknown functionality of the file fuint-application/src/main/java/com/fuint/module/clientApi/controller/ClientSignController.java of the component Authentication Toke...

CVE-2025-12622 Tenda AC10 SysRunCmd formSysRunCmd buffer overflow

A vulnerability was determined in Tenda AC10 16.03.10.13. Affected by this vulnerability is the function formSysRunCmd of the file /goform/SysRunCmd. This manipulation of the argument getui causes buffer overflow. The attack may be initiated remotely. The exploit has been publicly disclosed and m...

CVE-2025-12618

A vulnerability has been found in Tenda AC8 16.03.34.06. This impacts an unknown function of the file /goform/DatabaseIniSet. The manipulation of the argument Time leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used...

CVE-2025-12618

The CVE-2025-12618 vulnerability affects Tenda AC8 firmware 16.03.34.06, specifically the /goform/DatabaseIniSet function where manipulating the Time argument causes a buffer overflow. Multiple connected sources (CNVD-2025-27899, RH:CVE-2025-12618, CNNVD-202511-093, EUVD-2025-37474, NVD/CVE recor...

EUVD-2025-37470

A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRETKEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack...

CVE-2025-12617

The CVE-2025-12617 issue affects itsourcecode Billing System 1.0, specifically the file /admin/app/login_crud.php. The vulnerability stems from improper handling of the Password argument, enabling SQL injection. It is exploitable remotely, and public exploits have been published. Multiple connect...

CVE-2025-12616

A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexi...

CVE-2025-12616

A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexi...

CVE-2025-12616 PHPGurukul News Portal settings.py insertion of sensitive information into debugging code

A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexi...

CVE-2025-12616 PHPGurukul News Portal settings.py insertion of sensitive information into debugging code

A vulnerability was detected in PHPGurukul News Portal 1.0. The impacted element is an unknown function of the file /onps/settings.py. Performing a manipulation results in insertion of sensitive information into debugging code. It is possible to initiate the attack remotely. The attack's complexi...

CVE-2025-12616

PHPGurukul News Portal 1.0 contains an information disclosure flaw in an unknown function of /onps/settings.py. Manipulation can insert sensitive data into debugging code, enabling remote exploitation. The vulnerability is exploitable remotely, with high attack complexity, and public exploit avai...

CVE-2025-12615 PHPGurukul News Portal settings.py hard-coded key

A security vulnerability has been detected in PHPGurukul News Portal 1.0. The affected element is an unknown function of the file /onps/settings.py. Such manipulation of the argument SECRETKEY leads to use of hard-coded cryptographic key . The attack may be performed from remote. The attack...