SUSE CVE-2025-66410

Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder...

CVE-2025-66410

Gin-vue-admin is a backstage management system based on vue and gin. In 2.8.6 and earlier, attackers can delete any file on the server at will, causing damage or unavailability of server resources. Attackers can control the 'FileMd5' parameter to delete any file and folder...

PT-2025-48577

Name of the Vulnerable Software and Affected Versions Gin-vue-admin versions prior to 2.8.6 Description Gin-vue-admin, a backstage management system based on vue and gin, is affected by a file deletion issue. Attackers can delete any file on the server, potentially causing damage or unavailabilit...

CVE-2025-32015 FreshRSS vulnerable to Cross-site Scripting by embedding <script> tag inside <iframe srcdoc>

FreshRSS is a self-hosted RSS feed aggregator. Prior to version 1.26.2, HTML is sanitized improperly inside the attribute, which leads to cross-site scripting XSS by loading an attacker's UserJS inside . In order to execute the attack, the attacker needs to control one of the victim's feeds and...

CVE-2025-48738

An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage...

CVE-2025-48738

An e-mail flooding vulnerability in StrangeBee TheHive 5.2.0 before 5.2.16, 5.3.0 before 5.3.11, 5.4.0 before 5.4.10, and 5.5.0 before 5.5.1 allows unauthenticated remote attackers to use the password reset feature without limits. This can lead to several consequences, including mailbox storage...

Zhejiang Dahua Technology Co., Ltd. EIMS management system has a logic flaw vulnerability

Zhejiang Dahua Technology Co., Ltd. is the world's leading video-centered intelligent IOT solution provider and operation service provider. A logic flaw vulnerability exists in the EIMS management system of Zhejiang Dahua Technology Co. Ltd. that can be exploited by an attacker to gain unauthoriz...

ScanCode.io command injection in docker image fetch process

Command Injection in docker fetch process Summary A possible command injection in the docker fetch process as it allows to append malicious commands in the dockerreference parameter. Details In the function scanpipe/pipes/fetch.py:fetchdockerimage1 the parameter dockerreference is user...

sambar.remote.dos.txt

Remote attack on Sambar Server 4.3 Beta 2 It is possible to crash sambar server by causing buffer overflow. The attack isn't recorded at the logs. You can make the attack by connecting the remote server at port 80, by telnet or any other program you find. You can do it by connection to the remote...