CVE-2025-52671

Debug information disclosure in the SQL error message to in Revive Adserver 5.5.2 and 6.0.1 and earlier versions causes non-admin users to acquire information about the software, PHP and database versions currently in use...

CVE-2025-12766 Insecure Direct Object Reference (IDOR) vulnerability in the Management Console of affected versions of BlackBerry AtHoc.

An Insecure Direct Object Reference IDOR vulnerability in the Management Console of BlackBerry® AtHoc® OnPrem version 7.21 could allow an attacker to potentially gain unauthorized knowledge about other organizations hosted on the same Interactive Warning System IWS...

PT-2025-47148

Name of the Vulnerable Software and Affected Versions itsourcecode Online Voting System version 1.0 Description A weakness exists in itsourcecode Online Voting System version 1.0. The issue involves the manipulation of the id/category argument in the file '/index.php?page=categories', potentially...

CVE-2025-47222

A class name enumeration was found in Keyfactor SignServer versions prior to 7.3.2. Setting any chosen class name to any of the properties requiring a class path and the provided class is not expected to return different errors if the class exists in deployment or not. This returns information...

CVE-2025-24863

Improper privilege management for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with an authenticated user combined with a low complexity attack may enable data exposure. This result...

CVE-2025-20614

External control of file name or path for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a low complexity attack may enable escalation of privileg...

CVE-2025-64280

A SQL Injection Vulnerability in CentralSquare Community Development 19.5.7 allows attackers to inject SQL via the permitno field...

PT-2025-46603

Name of the Vulnerable Software and Affected Versions Linux kernel versions prior to 6.17.0-rc4-custom+ 283 Description The Linux kernel contains a flaw related to handling symbolic links when the block size is larger than the page size bs ps within the Btrfs filesystem. Specifically, the issue...

CentralSquare Community Development 安全漏洞

CentralSquare Community Development is a public affairs department software system for local governments from CentralSquare USA. A security vulnerability exists in CentralSquare Community Development version 19.5.7, which stems from an authentication bypass that could result in unauthorized acces...

CVE-2025-24862

Unrestricted upload of file with dangerous type for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with a privileged user combined with a high complexity attack may enable data...

CVE-2025-24314

Improper access control for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may...

CVE-2025-24516

Improper access control for some IntelR CIP software before version WINDCA2.4.0.11001 within Ring 3: User Applications may allow an information disclosure. Unprivileged software adversary with a privileged user combined with a low complexity attack may enable data exposure. This result may...

PT-2025-46431

Name of the Vulnerable Software and Affected Versions PRI Driver software versions prior to 03.03.1002 Description An unquoted search path in some PRI Driver software before version 03.03.1002 within Ring 3: User Applications may allow an escalation of privilege. An unprivileged software adversar...

CVE-2025-64529 SpiceDB's WriteRelationships fails silently if payload is too big

SpiceDB is an open source database system for creating and managing security-critical application permissions. In versions prior to 1.45.2, users who use the exclusion operator somewhere in their authorization schema; have configured their SpiceDB server such that...

PT-2025-46157

Name of the Vulnerable Software and Affected Versions JetBrains YouTrack versions prior to 2025.3.104432 Description A missing VCS URL validation in JetBrains YouTrack allows delegation to unauthorized repositories through the Junie widget. This issue affects versions prior to 2025.3.104432...

PT-2025-45358

Name of the Vulnerable Software and Affected Versions Advantech WebAccess/VPN versions prior to 1.1.5 Description The software contains a SQL injection issue in the AjaxDeviceController.ajaxDeviceAction function. An authenticated, low-privileged user can inject SQL code through datatable search...

CVE-2025-63248

DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing the questionnaire ID with the ID of another questionnaire can enable the deletion of other questionnaires...

CVE-2025-45378

CVE-2025-45378 (Dell CloudLink) affects Dell CloudLink running versions 8.0–8.1.2, with a vulnerability in the restricted shell that allows a privileged user with a known password to break into the CloudLink server command shell and escalate privileges, gaining unauthorized system access. If SSH ...

Abis BAPSIS SQL注入漏洞

Abis BAPSIS is a subject management system from Abis Turkey. An SQL injection vulnerability exists in versions prior to Abis BAPSIS 202510271606, which stems from improper neutralization of special elements and could lead to a blind SQL injection attack...

CVE-2016-15053 Nagios XI < 5.2.4 XSS via “My Reports” Listing

Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting XSS via the “My Reports” listing of the web interface. Insufficient validation or escaping of user-supplied input may allow an attacker to inject and execute arbitrary script in the context of a victim's browser...