CVE-2025-11902

ChanCMS

Flowring Agentflow 安全漏洞

Flowring Agentflow is an intelligent process automation RPA platform from Flowring China. A security vulnerability exists in Flowring Agentflow that originates from allowing an unauthenticated, remote attacker to download arbitrary system files using relative path traversal...

IBM MQ Denial of Service Vulnerability (CNVD-2026-19183)

IBM MQ is a leading enterprise-class messaging middleware designed for cross-platform asynchronous communication. It uses a queuing mechanism to ensure reliable and secure data transfer between applications and supports integration in heterogeneous environments. A denial of service vulnerability...

CVE-2025-11864 NucleoidAI Nucleoid Outbound Request cluster.ts extension.apply server-side request forgery

A vulnerability was identified in NucleoidAI Nucleoid up to 0.7.10. The impacted element is the function extension.apply of the file /src/cluster.ts of the component Outbound Request Handler. Such manipulation of the argument https/ip/port/path/headers leads to server-side request forgery. The...

CVE-2025-11864

CVE-2025-11864 affects NucleoidAI Nucleoid up to 0.7.10. The vulnerable element is the function extension.apply in /src/cluster.ts of the Outbound Request Handler. Manipulation of the argument https/ip/port/path/headers can lead to server-side request forgery (SSRF). The attack can be performed r...

CVE-2025-11853

A vulnerability was determined in Sismics Teedy up to 1.11. This affects an unknown function of the file /api/file of the component API Endpoint. Executing a manipulation can lead to improper access controls. The attack may be performed from remote. The exploit has been publicly disclosed and may...

CVE-2025-36128 IBM MQ denial of service

IBM MQ 9.1, 9.2, 9.3, 9.4 LTS and 9.3, 9.4 CD is vulnerable to a denial of service, caused by improper enforcement of the timeout on individual read operations. By conducting slowloris-type attacks, a remote attacker could exploit this vulnerability to cause a denial of service...

OPEXUS FOIAXpress unauthenticated administrator password reset

RISK EVALUATION OPEXUS FOIAXpress allows a remote, unauthenticated attacker to reset the administrator password and gain full administrative access to a vulnerable system. 2. RECOMMENDED PRACTICES Update to FOIAXpress version 11.13.2.0 or later. 3. DESCRIPTION OPEXUS FOIAXpress allows a remote,...

Teedy 访问控制错误漏洞

Teedy is an open source, lightweight document management system for individuals and businesses open-sourced by Teedy France. An access control error vulnerability exists in Teedy 1.11 and earlier versions, which stems from improper access control of the API endpoint component in file/api/file, an...

Apeman ID71 访问控制错误漏洞

The Apeman ID71 is a webcam from Apeman. The Apeman ID71 suffers from an Access Control Error vulnerability that stems from a lack of authentication in the ONVIF Service component in the file /onvif/deviceservice, which could lead to a remote attack...

CVE-2025-11736

A flaw has been found in itsourcecode Online Examination System 1.0. Affected by this issue is some unknown functionality of the file /index.php. This manipulation of the argument Username causes sql injection. It is possible to initiate the attack remotely. The exploit has been published and may...

EUVD-2011-5262

A vulnerability has been identified in SIMATIC S7-1200 CPU V1 family incl. SIPLUS variants All versions V2.0.3, SIMATIC S7-1200 CPU V2 family incl. SIPLUS variants All versions V2.0.3. The web server interface of affected devices improperly processes incoming malformed HTTP traffic at high rate...

Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP 安全漏洞

The Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP is an industrial grade DC uninterruptible power supply module from Phoenix Contact, Germany. A security vulnerability exists in the Phoenix Contact QUINT4-UPS/24DC/24DC/10/EIP that originates from a remote attacker who can construct a specially...

Microsoft Windows SMB Server 访问控制错误漏洞

Microsoft Windows SMB Server is a network file-sharing protocol from Microsoft. It allows applications on a computer to read and write files and request services from server programs on a computer network. A security vulnerability exists in Microsoft Windows SMB Server that can be exploited by an...

CVE-2025-62389

CVE-2025-62389 is a SQL injection vulnerability in Ivanti Endpoint Manager. The vulnerability allows a remote authenticated attacker to read arbitrary data from the database. Multiple connected advisories confirm this family of SQL injection issues affects Ivanti Endpoint Manager and note a remed...

CVE-2025-9265 API Authentication Bypass via Header Spoofing vulnerability in Kiloview NDI N30 Products

A broken authorization vulnerability in Kiloview NDI N30 allows a remote unauthenticated attacker to deactivate user verification, giving them access to state changing actions that should only be initiated by administratorsThis issue affects Kiloview NDI N30 and was fixed in Firmware version late...

EUVD-2025-33961

A weakness has been identified in Campcodes Online Beauty Parlor Management System 1.0. The affected element is an unknown function of the file /admin/manage-services.php. This manipulation of the argument sername causes sql injection. The attack can be initiated remotely. The exploit has been ma...

EUVD-2025-33957

A vulnerability was found in ProjectsAndPrograms School Management System up to 6b6fae5426044f89c08d0dd101c7fa71f9042a59. This affects an unknown part. Performing manipulation results in missing authentication. The attack is possible to be carried out remotely. The exploit has been made public an...

CVE-2025-11594

A vulnerability has been found in ywxbear PHP-Bookstore-Website-Example and PHP Basic BookStore Website up to 0e0b9f542f7a2d90a8d7f8c83caca69294e234e4. This issue affects some unknown processing of the file /index.php of the component Quantity Handler. Such manipulation leads to improper validati...

CVE-2025-11628

A flaw has been found in jimit105 Project-Online-Shopping-Website up to 7d892f442bd8a96dd242dbe2b9bd5ed641e13e64. This affects an unknown function of the file /delete.php of the component Product Inventory Handler. This manipulation of the argument productcode causes sql injection. It is possible...