PT-2025-46685

Name of the Vulnerable Software and Affected Versions xxl-api version 1.3.0 Description A Cross-Site Request Forgery CSRF exists in xxl-api version 1.3.0. This allows attackers to add users to the management module by sending a specially crafted GET request. The attack leverages a lack of proper...

CVE-2025-48868 Horilla vulnerable to authenticated RCE via eval() in project_bulk_archive

Horilla is a free and open source Human Resource Management System HRMS. An authenticated Remote Code Execution RCE vulnerability exists in Horilla 1.3.0 due to the unsafe use of Python’s eval function on a user-controlled query parameter in the projectbulkarchive view. This allows privileged use...

CVE-2025-23552

CVE-2025-23552 affects the WordPress WordPress Texteller plugin (versions

yasm 资源管理错误漏洞

yasm is a completely rewritten Netwide assembler from the yasm open source. A resource management error vulnerability exists in yasm version v1.3.0, which stems from a post-release reuse issue in /nasm/nasm-pp.c. The vulnerability is caused by an error in /nasm/nasm-pp.c, which is not supported...

PT-2022-7868 · Nodepdf · Nodepdf

Name of the Vulnerable Software and Affected Versions: nodepdf version 1.3.0 Description: The issue arises from the input passed to the Pdf function being shell escaped and then passed to child process.exec during PDF rendering. However, the shell escape fails to properly encode special character...