CVE-2025-11030

A vulnerability was detected in Tutorials-Website Employee Management System up to 611887d8f8375271ce8abc704507d46340837a60. Impacted is an unknown function of the file /admin/all-applied-leave.php of the component HTTP Request Handler. The manipulation results in improper authorization. The atta...

CVE-2025-10988

A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor w...

CVE-2025-10770

A vulnerability was found in jeecgboot JimuReport up to 2.1.2. This impacts an unknown function of the file /drag/onlDragDataSource/testConnection of the component MySQL JDBC Handler. Performing manipulation results in deserialization. Remote exploitation of the attack is possible. The exploit ha...

CVE-2025-10070

A flaw has been found in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /enturmacao-em-lote/. This manipulation causes improper access controls. The attack is possible to be carried out remotely. The exploit has been published and may be used...

CVE-2025-10013 Portabilis i-Educar exportacao-para-o-seb access control

A vulnerability was detected in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /exportacao-para-o-seb. Performing manipulation results in improper access controls. The attack is possible to be carried out remotely. The exploit is now public and may be used...

CVE-2025-9514

A vulnerability has been found in macrozheng mall up to 1.0.3. This impacts an unknown function of the component Registration. Such manipulation leads to weak password requirements. The attack can be executed remotely. Attacks of this nature are highly complex. The exploitability is said to be...

CVE-2025-9167 SolidInvoice Recurring Invoice recurring cross site scripting

A vulnerability has been found in SolidInvoice up to 2.4.0. This vulnerability affects unknown code of the file /invoice/recurring of the component Recurring Invoice Module. The manipulation of the argument client name leads to cross site scripting. The attack may be initiated remotely. The explo...

CVE-2025-9151 LiuYuYang01 ThriveX-Blog web updateJsonValueByName improper authorization

A security flaw has been discovered in LiuYuYang01 ThriveX-Blog up to 3.1.7. Affected by this vulnerability is the function updateJsonValueByName of the file /webconfig/json/name/web. Performing manipulation results in improper authorization. It is possible to initiate the attack remotely. The...

CVE-2025-8542

A vulnerability was found in Portabilis i-Educar 2.10. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/empresascad.php. The manipulation of the argument fantasia/razaosocial leads to cross site scripting. The attack may be initiated remotely. The...

CVE-2025-7602

A vulnerability was found in D-Link DI-8100 16.07.26A1 and classified as critical. This issue affects some unknown processing of the file /arpsys.asp of the component HTTP Request Handler. The manipulation leads to stack-based buffer overflow. The attack may be initiated remotely. The exploit has...

DEBIAN-CVE-2025-2176

A vulnerability classified as critical has been found in libzvbi up to 0.2.43. This affects the function vbicapturesimloadcaption of the file src/io-sim.c. The manipulation leads to integer overflow. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and...

CVE-2024-13105

A vulnerability has been found in D-Link DIR-816 A2 1.10CNB05R1B011D88210 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /goform/form2Dhcpd.cgi of the component DHCPD Setting Handler. The manipulation leads to improper access controls. The attac...

CVE-2023-27359

TP-Link AX1800 hotplugd Firewall Rule Race Condition Vulnerability. This vulnerability allows remote attackers to gain access to LAN-side services on affected installations of TP-Link Archer AX21 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists withi...

Google Chrome 缓冲区错误漏洞

Google Chrome is a web browser from Google, Inc. An out-of-bounds read vulnerability exists in versions of Google Chrome prior to 111.0.5563.110, which stems from a lack of proper validation of user-supplied data by ANGLE, where specially crafted data could trigger a read beyond the end of the...

SUSE CVE-2014-1481

Mozilla Firefox before 27.0, Firefox ESR 24.x before 24.3, Thunderbird before 24.3, and SeaMonkey before 2.24 allow remote attackers to bypass intended restrictions on window objects by leveraging inconsistency in native getter methods across different JavaScript engines...

OpenJDK: improper restriction of MethodHandle.invokeBasic() (Hotspot, 8281866)

Vulnerability in the Oracle Java SE, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Hotspot. Supported versions that are affected are Oracle Java SE: 7u343, 8u333, 11.0.15.1, 17.0.3.1, 18.0.1.1; Oracle GraalVM Enterprise Edition: 20.3.6, 21.3.2 and 22.1.0. Difficult to...

Libtaxii 1.1.117 / OpenTaxi 0.2.0 Server-Side Request Forgery

Libtaxii version = 1.1.117 & OpenTaxi =0.2.0 Blind SSRF Details ======================================================================================== Product: Security-Risk: High Remote-Exploit: yes Vendor-URL: https://github.com/eclecticiq/OpenTAXII , https://github.com/TAXIIProject/libtaxii...

USN-4575-1 dom4j vulnerability

It was discovered that dom4j incorrectly handled reading XML data. A remote attacker could exploit this with a crafted XML file to expose sensitive data or possibly execute arbitrary code. CVE-2020-10683...

EasyIO 30P Authentication Bypass / Cross Site Scripting Vulnerabilities

EasyIO 30P versions prior to 2.0.5.27 suffer from authentication bypass and cross site scripting vulnerabilities. EasyIO 30P Authentication Bypass / Cross Site Scripting Vulnerabilities INFORMATION Product: EasyIO 30P http://www.easyio.com Affected versions: 2.0.5.27 tested on version 2.0.5.16 CV...

EasyIO 30P Authentication Bypass / Cross Site Scripting

INFORMATION Product: EasyIO 30P http://www.easyio.com Affected versions: 2.0.5.27 tested on version 2.0.5.16 CVE IDs: CVE-2018-15820 Stored XSS and CVE-2018-15819 Authentication bypass Remote-exploit: yes TIMELINE Vendor notification: 3rd August, 2018 Vendor acknowledgment: 22nd August, 2018 Patc...