CVE-2025-8617

The YITH WooCommerce Quick View plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's yithquickview shortcode in all versions up to, and including, 2.7.0 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for...

CVE-2025-14567

A weakness has been identified in haxxorsid Stock-Management-System up to fbbbf213e9c93b87183a3891f77e3cc7095f22b0. This affects an unknown function of the file /api/employees. Executing manipulation can lead to missing authentication. It is possible to launch the attack remotely. The exploit has...

EUVD-2025-197734

A vulnerability was found in shsuishang ShopSuite ModulithShop up to 45a99398cec3b7ad7ff9383694f0b53339f2d35a. Affected by this issue is some unknown functionality of the component RSA/OAuth2/Database. The manipulation results in hard-coded credentials. The attack can be executed remotely. The...

EUVD-2025-175369

A stack buffer overflow vulnerability exists in the D-Link DIR-816A2 router firmware DIR-816A2FWv1.10CNB05R1B011D88210.img in the upload.cgi module, which handles firmware version information. The vulnerability occurs because /proc/version is read into a 512-byte buffer and then concatenated usin...

CVE-2025-60679

CVE-2025-60679: A stack buffer overflow in the D-Link DIR-816A2 router, in the upload.cgi module that processes firmware version information, occurs when /proc/version is read into a 512-byte buffer and concatenated with a 29-byte constant via sprintf() into another 512-byte buffer. Input exceedi...

Malicious code in married_lamprey_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 5ee9ead058072b2997a3b3f8f13d9f48fd055a24c32b8d8811c8d4b349ee844b This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

EUVD-2025-36740

Prior to September 19, 2025, the Hospital Manager Backend Services returned verbose ASP.NET error pages for invalid WebResource.axd requests, disclosing framework and ASP.NET version information, stack traces, internal paths, and the insecure configuration 'customErrors mode="Off"', which could...

PT-2025-44316

Name of the Vulnerable Software and Affected Versions BLU-IC2 versions through 1.19.5 BLU-IC4 versions through 1.19.5 Description The software reveals its version information. This could potentially allow attackers to gather information about the system to target it with specific exploits...

Azure Access Technology BLU-IC2和Azure Access Technology BLU-IC4 安全漏洞

The Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4 are both networked access controllers from Azure Access Technology, USA. An information disclosure vulnerability exists in Azure Access Technology BLU-IC2 and Azure Access Technology BLU-IC4, which is caused by incorrect...

CVE-2025-12276

CVE-2025-12276 affects LearnHouse, specifically the Image Handler component. Public descriptions indicate remote exploitation leading to information disclosure; rolling-release delivery means exact affected versions are not disclosed. Connected sources (Red Hat, CVE lists, and enrichment entries)...

CVE-2025-54966

An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job Status Service may return sensitive information in certain situations, including local file paths and SOCET GXP version information...

EUVD-2025-35710

An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job Status Service may return sensitive information in certain situations, including local file paths and SOCET GXP version information...

CVE-2025-54966

An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job Status Service may return sensitive information in certain situations, including local file paths and SOCET GXP version information...

CVE-2025-54966

An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job Status Service may return sensitive information in certain situations, including local file paths and SOCET GXP version information...

CVE-2025-34156

Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...

CVE-2025-34156 Tibbo AggreGate Network Manager < 6.40.05 System Information Exposure

Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...

CVE-2025-34156 Tibbo AggreGate Network Manager < 6.40.05 System Information Exposure

Tibbo AggreGate Network Manager 6.40.05 exposes sensitive system information through an unauthenticated endpoint at /cwmp/happyaxis.jsp. The page discloses Java system properties, server path details, and version information to unauthorized users, resulting in information disclosure that could ai...

BAE Systems SOCET GXP 安全漏洞

BAE Systems SOCET GXP is a high-end geographic information image analysis and mapping software from BAE Systems. A security vulnerability exists in BAE Systems SOCET GXP versions prior to 4.6.0.2, which stems from the possibility that certain endpoints may return sensitive information, including...

CVE-2025-54966

CVE-2025-54966 affects BAE Systems SOCET GXP prior to 4.6.0.2. The SOCET GXP Job Status Service endpoints may disclose sensitive information in certain situations, including local file paths and SOCET GXP version information. This is documented across NVD, Red Hat, EUVD/ENISA, and other feeds. No...

CVE-2025-54966

An issue was discovered in BAE SOCET GXP before 4.6.0.2. Some endpoints on the SOCET GXP Job Status Service may return sensitive information in certain situations, including local file paths and SOCET GXP version information...