CVAT.ai CVAT 路径遍历漏洞

CVAT.ai CVAT is an open source data processing tool from CVAT.ai. A path traversal vulnerability exists in CVAT.ai CVAT versions 2.4.0 through 2.48.1, which originates from a malicious user being able to create or overwrite files in the root directory of a mounted file share, potentially leading ...

achoz (>=0.3.0 <=0.3.42), aclpubcheck (>=0.1.0 <=0.2.0) +314 more potentially affected by CVE-2025-70559 via pdfminer-six (>=20140915.0.0 <=20251107.0.0)

pdfminer-six PYPI version =20140915.0.0, =0.3.0, =0.1.0, =0.8.1, =0.2.0, =1.1.74b0, =0.1.11, =0.1.0, =1.0.0, =1.0.0, =1.0.29, =0.3.3, =0.3.6, =0.0.8, =0.1.5, =0.2.44 and more Source cves: CVE-2025-70559 Source advisory: OSV:GHSA-F83H-GHPP-7WCC...

CVE-2025-36131

IBM Db2 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server clpplus command exposes user credentials to the terminal which could be obtained by a third party with physical access to the system...

CVE-2025-36186

CVE-2025-36186 affects IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows (includes Db2 Connect Server). In specific configurations, a local user could execute malicious code and escalate privileges to root due to unnecessary privileges running at a higher-than-minimum level. IBM and conne...

CVE-2025-36186 IBM Db2 privilege escalation

IBM Db2 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server under specific configurations could allow a local user to execute malicious code that escalate their privileges to root due to execution of unnecessary privileges operated at a higher than minimum level...

CVE-2024-47118 IBM Db2 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query

IBM Db2 10.5.0 through 10.5.11, 11.1.0 through 11.1.4.7, 11.5.0 through 11.5.9, and 12.1.0 through 12.1.3 for Linux, UNIX and Windows includes Db2 Connect Server is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query...

0xble (>=22.0.0 <=23.2.2), @53able/conflux (>=0.1.0 <=0.4.6) +1912 more potentially affected by CVE-2025-48985 via ai (>=5.0.0-alpha.1 <=5.0.51)

ai NPM version =5.0.0-alpha.1, =22.0.0, =0.1.0, =0.0.1, =0.2.5, =0.0.4, =0.3.0, =0.0.1, =0.0.4, =0.0.5, =0.4.22, =0.0.4, =0.1.1 and more Source cves: CVE-2025-48985 Source advisory: SNYK:JS-AI-13863465...

CVE-2025-5483 LC Wizard 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wpuser.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO...

CVE-2025-5483 LC Wizard 1.2.10 - 1.3.0 - Missing Authorization to Unauthenticated Privilege Escalation

The LC Wizard plugin for WordPress is vulnerable to Privilege Escalation due to a missing capability check in the ghl-wizard/inc/wpuser.php file in versions 1.2.10 to 1.3.0. This makes it possible for unauthenticated attackers to create new user accounts with the administrator role when the PRO...

PT-2025-45488

Name of the Vulnerable Software and Affected Versions IBM Db2 versions 12.1.0 through 12.1.2 Description The software may allow a local user to cause a denial of service due to improper neutralization of special elements in data query logic. Recommendations Update to a version later than 12.1.2...

FreePBX Endpoint Manager 操作系统命令注入漏洞

FreePBX Endpoint Manager is a centralized IP phone endpoint configuration module from the FreePBX open source. An operating system command injection vulnerability exists in FreePBX Endpoint Manager version 17.0.2.36 through prior to 17.0.3, which stems from a command injection in the testconnecti...

CVE-2025-60541

A Server-Side Request Forgery SSRF in the /api/proxy/ component of linshenkx prompt-optimizer v1.3.0 to v1.4.2 allows attackers to scan internal resources via a crafted request...

a-mailx (=0.1.0), a2a-client-handler (=0.1.0) +265 more potentially affected by CVE-2025-64439 via langgraph-checkpoint (>=1.0.12 <=2.1.2)

langgraph-checkpoint PYPI version =1.0.12, =0.1.5, =0.1.0, =0.1.1, =0.1.1, =0.2.0a1, =0.2.5a2, =0.0.3rc0, =0.8.0, =0.1.0, =0.1.37 and more Source cves: CVE-2025-64439 Source advisory: OSV:GHSA-WWQV-P2PP-99H5...

a3m (=0.1.0), aa-charlink (>=0.1.1 <=1.0.0) +2522 more potentially affected by CVE-2025-64459 via django (>=1.10.0 <=4.2.25)

django PYPI version =1.10.0, =0.1.1, =1.0.0, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =1.4.0, =1.4.2 - adede =4.1.0 and more Source cves: CVE-2025-64459 Source advisory: OSV:GHSA-FRMV-PR5F-9MCR...

Liferay Portal 7.4.0 < 7.4.3.120 Password Enumeration

Password enumeration vulnerability in Liferay Portal allows remote attackers to determine a user's password even if account lockout is enabled via brute force attack. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number...

CVE-2025-0987

Authorization Bypass Through User-Controlled Key vulnerability in CB Project Ltd. Co. CVLand allows Parameter Injection.This issue affects CVLand: from 2.1.0 through 20251103...

CVE-2025-29270

Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0 to v1.1.26 allows attackers to gain access to the admin panel and complete control of the device...

EUVD-2025-37306

The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it...

article-extract (>=0.1.2 <=0.1.3), athlinks-races (>=0.0.4 <=0.0.7) +53 more potentially affected by CVE-2025-6176 via scrapy (>=1.3.3 <=2.13.3)

scrapy PYPI version =1.3.3, =0.1.2, =0.0.4, =3.4.0, =2.8.3, =0.0.1.dev1, =1.3.0, =1.2.1.20160901, =0.2.0, =0.0.5, =0.2.4, =0.0.2, =0.3.0a0, =0.0.20, =0.0.34 and more Source cves: CVE-2025-6176 Source advisory: OSV:GHSA-2QFP-Q593-8484...

Apache Kylin Information Disclosure Vulnerability (CNVD-2025-30840)

Apache Kylin is the United States Apache Apache Foundation of an open source distributed analytical data warehouse . The product mainly provides Hadoop/Spark on top of the SQL query interface and multidimensional analysis OLAP and other functions. An information disclosure vulnerability exists in...