Exploit for PHP Remote File Inclusion in Scripteo Ads_Pro

CVE-2025-4380 - Ads Pro Plugin Burpsuite Request/Response...

CVE-2025-37107

An authentication bypass vulnerability exists in HPE AutoPass License Server APLS prior to 9.18...

PT-2025-29535

Name of the Vulnerable Software and Affected Versions Alone – Charity Multipurpose Non-profit WordPress Theme versions up to and including 7.8.3 Description The Alone – Charity Multipurpose Non-profit WordPress Theme is vulnerable to arbitrary file deletion due to insufficient file path validatio...

CVE-2025-4828 Support Board <= 3.8.0 - Unauthenticated Arbitrary File Deletion

The Support Board plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the sbfiledelete function in all versions up to, and including, 3.8.0. This makes it possible for attackers to delete arbitrary files on the server, which can easily lead to...

CVE-2025-42978

The widely used component that establishes outbound TLS connections in SAP NetWeaver Application Server Java does not reliably match the hostname that is used for the connection against the wildcard hostname defined in the received certificate of remote TLS server. This might lead to the outbound...

Security Updates for Microsoft SQL Server (July 2025)

The Microsoft SQL Server installation on the remote host is missing a security update. It is, therefore, affected by the following vulnerabilities: - A remote code execution vulnerability. An attacker can exploit this to bypass authentication and execute unauthorized arbitrary commands...

GHSA-2RHQ-96Q8-4VJQ LlamaIndex vulnerable to Path Traversal attack through its encode_image function

A path traversal vulnerability exists in run-llama/llamaindex versions 0.11.23 through 0.12.40, specifically within the encodeimage function in genericutils.py. This vulnerability allows an attacker to manipulate the imagepath input to read arbitrary files on the server, including sensitive syste...

MongoDB Server 安全漏洞

MongoDB Server is the United States MongoDB company's set of open source NoSQL database . The database provides collection-oriented storage , dynamic query , data replication and automatic failover and other functions . A security vulnerability exists in MongoDB Server versions prior to 6.0.23,...

RHEL 9 : xorg-x11-server (RHSA-2025:10352)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:10352 advisory. X.Org is an open-source implementation of the X Window System. It provides the basic low-level functionality that full-fledged graphical us...

CVE-2025-27456

The SMB server's login mechanism does not implement sufficient measures to prevent multiple failed authentication attempts within a short time frame, making it susceptible to brute-force attacks...

CVE-2025-27457 CVE-2025-27457

All communication between the VNC server and clients is unencrypted. This allows an attacker to intercept the traffic and obtain sensitive data...

CVE-2025-27456

CVE-2025-27456 is described as a brute-force vulnerability in the SMB server login. Connected documents confirm concrete details for Endress+Hauser MEAC300-FNADE4 (accessible via Ethernet) with multiple reports noting the login mechanism allows rapid failed attempts; some entries cite no public f...

Path Traversal

lightrag-hku is vulnerable to Path Traversal. The vulnerability is due to improper validation of user-supplied filenames due to unsanitized input in the file.filename parameter in the uploadtoinputdir function, allowing an attacker to write files to arbitrary locations on the server...

VulnCheck KEV: CVE-2024-5334

A local file read vulnerability exists in the stitionai/devika repository, affecting the latest version. The vulnerability is due to improper handling of the 'snapshotpath' parameter in the '/api/get-browser-snapshot' endpoint. An attacker can exploit this vulnerability by crafting a request with...

CVE-2025-53260

Unrestricted Upload of File with Dangerous Type vulnerability in getredhawkstudio File Manager Plugin For Wordpress file-manager-plugin-for-wordpress allows Upload a Web Shell to a Web Server.This issue affects File Manager Plugin For Wordpress: from n/a through = 7.5...

CVE-2025-44163

RaspAP raspap-webgui 3.3.1 is vulnerable to Directory Traversal in ajax/networking/getwgkey.php. An authenticated attacker can send a crafted POST request with a path traversal payload in the entity parameter to overwrite arbitrary files writable by the web server via abuse of the tee command use...

WordPress Auto Upload Images plugin code issue vulnerability

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress plugin is an application plugin. A code issue vulnerability exists in the WordPress Auto Upload Images plugin that stems from the server not implementing an adequate authentication mechanism to confirm the orig...

CVE-2025-6512

On a client with a non-admin user, a script can be integrated into a report. The reports could later be executed on the BRAIN2 server with administrator rights...

xorg-x11-server and xorg-x11-server-Xwayland security update

xorg-x11-server 1.20.11-31 - CVE fix for: CVE-2025-49175 RHEL-97289, CVE-2025-49176 RHEL-97311, CVE-2025-49178 RHEL-97388, CVE-2025-49179 RHEL-97410, CVE-2025-49180 RHEL-97255 1.20.11-30 - xfree86: Fix potentially NULL reference to platform device's PCI device Resolves:...

DSA-5947-1 xorg-server - security update

Bulletin has no description...