CVE-2025-11071

A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admincron.php of the component Cron Task Management Module. The manipulation of the argument resourcefrom/collectID leads to sql injection. The attack can be initiated remotely. The...

CVE-2025-11071 SeaCMS Cron Task Management admin_cron.php sql injection

A security vulnerability has been detected in SeaCMS 13.3.20250820. Impacted is an unknown function of the file /admincron.php of the component Cron Task Management Module. The manipulation of the argument resourcefrom/collectID leads to sql injection. The attack can be initiated remotely. The...

CVE-2025-11071

SeaCMS 13.3.20250820 is affected by a SQL injection in the Cron Task Management module via /admin_cron.php, caused by manipulation of the resourcefrom/collectID parameter. The vulnerability can be triggered remotely and exploited after the public disclosure of the exploit. The provided documents ...

PT-2025-39736

Name of the Vulnerable Software and Affected Versions SeaCMS version 13.3.20250820 Description A security issue exists in SeaCMS 13.3.20250820 related to the Cron Task Management Module. The issue involves SQL injection triggered by manipulating the collectID argument within the /admin cron.php...

apache-airflow-core (=3.0.3), apache-airflow-task-sdk (=1.0.3) potentially affected by CVE-2025-54831 via apache-airflow (=3.0.3)

apache-airflow PYPI version =3.0.3 is affected by a known vulnerability. The following packages have a transitive dependency on apache-airflow and may be impacted: - apache-airflow-core =3.0.3 - apache-airflow-task-sdk =1.0.3 Source cves: CVE-2025-54831 Source advisory: OSV:GHSA-Q475-2PGM-7HVP...

CVE-2025-48867

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...

SUSE CVE-2023-53215

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Don't balance task to its current running CPU We've run into the case that the balancer tries to balance a migration disabled task and trigger the warning in settaskcpu like below: ------------ cut here ------------...

GO-2025-3963 Dragonfly incorrectly handles a task structure’s usedTrac field in d7y.io/dragonfly

Dragonfly incorrectly handles a task structure’s usedTrac field in d7y.io/dragonfly...

CVE-2025-48867

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...

CVE-2025-48867 Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...

CVE-2025-48867 Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...

CVE-2025-48867

CVE-2025-48867 describes a stored cross-site scripting (XSS) vulnerability in Horilla HRM 1.3.0. The issue allows authenticated admin/privileged users to inject malicious JavaScript into multiple fields in the Project and Task modules; payloads are stored in the database and execute when viewed b...

CVE-2025-48867 Horilla Stored Cross-Site Scripting (XSS) Vulnerability in Project and Task Modules

Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS vulnerability in Horilla HRM 1.3.0 allows authenticated admin or privileged users to inject malicious JavaScript payloads into multiple fields in the Project and Task modules. These payloads...

PT-2025-39309

Name of the Vulnerable Software and Affected Versions Horilla HRM version 1.3.0 Description Horilla is a free and open source Human Resource Management System HRMS. A stored cross-site scripting XSS issue in Horilla HRM version 1.3.0 allows authenticated admin or privileged users to inject...

Horilla 跨站脚本漏洞

Horilla is a free and open source human resources software from Horilla, Inc. A cross-site scripting vulnerability exists in Horilla version 1.3.0, which stems from multiple fields in the Project and Task modules not being properly cleared for user input, and could lead to a stored cross-site...

CVE-2025-10762

A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keysdepartment results in sql injection. The attack can be executed remotely. The exploi...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper permission checks in the import and export tasks. An attacker can gain unauthorized access to exported data by sending crafted requests to the REST APIs. Remediation Upgrade...

SUSE CVE-2021-47209

In the Linux kernel, the following vulnerability has been resolved: sched/fair: Prevent dead task groups from regaining cfsrq's Kevin is reporting crashes which point to a use-after-free of a cfsrq in updateblockedaverages. Initial debugging revealed that we've live cfsrq's onlist=1 in an about t...

ComicForm and SectorJ149 Hackers Deploy Formbook Malware in Eurasian Cyberattacks

Organizations in Belarus, Kazakhstan, and Russia have emerged as the target of a phishing campaign undertaken by a previously undocumented hacking group called ComicForm since at least April 2025. The activity primarily targeted industrial, financial, tourism, biotechnology, research, and trade...

CVE-2025-10764

A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery. The attack may b...