This vulnerability allows an attacker to inject malicious SQL code into the Online Exam Form Submission system by manipulating the ID argument in the /admin/delete_user.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access and manipulate sensitive data in the system's database, potentially leading to data breaches, unauthorized user deletion, or other malicious activities.
This vulnerability allows an attacker to manipulate the "credits" argument in the /admin/update_s3.php file of SourceCodester Online Exam Form Submission 1.0, leading to a SQL injection attack that can be exploited remotely.
This vulnerability is a problem because it enables attackers to inject malicious SQL code into the database, potentially allowing them to access, modify, or delete sensitive data, disrupt the application's functionality, or even gain unauthorized access to the system.
The NVIDIA HGX & DGX GB200, GB300, B300 devices have a vulnerability in their HGX Management Controller (HMC) that allows an attacker with administrative access to the BMC to gain administrative access to the HMC, potentially leading to code execution, denial of service, escalation of privileges, information disclosure, and data tampering.
This vulnerability is a problem because it can be exploited by malicious actors to gain unauthorized control over the device, disrupt its operation, steal sensitive information, or modify data, which can have serious consequences for the security and integrity of the system.
This vulnerability allows an attacker to inject malicious SQL code into the "phone" argument in the /user/dashboard.php?page=update_profile file of the SourceCodester Online Exam Form Submission 1.0 system, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data without needing physical access to the system, which could lead to data breaches, unauthorized modifications, or other malicious activities.
The CVE-2025-10624 vulnerability allows an attacker to perform SQL injection by manipulating the "emailid" argument in the login.php file of the PHPGurukul User Management System 1.0, which can be initiated remotely.
This vulnerability is a problem because it enables attackers to inject malicious SQL code into the system, potentially allowing them to access, modify, or extract sensitive data, disrupt the system's functionality, or gain unauthorized access to the system.
This vulnerability allows an attacker to manipulate the ID argument in the deleteuser.php file of the SourceCodester Hotel Reservation System 1.0, leading to a SQL injection attack that can be launched remotely.
This vulnerability is a problem because it enables attackers to inject malicious SQL code into the system, potentially allowing them to access, modify, or delete sensitive data, disrupt the system's functionality, or gain unauthorized access to the system.
The NVIDIA Triton Inference Server vulnerability allows an attacker to cause a denial of service by loading a misconfigured model, potentially disrupting the server's operation.
This vulnerability is a problem because it can be exploited to intentionally shut down or disrupt the NVIDIA Triton Inference Server, leading to a denial of service and potentially causing significant disruptions to critical systems or applications that rely on the server.
The NVIDIA Triton Inference Server vulnerability allows an attacker to cause memory corruption by accessing the shared memory region used by the Python backend, potentially leading to a denial of service.
This vulnerability is a problem because it could enable an attacker to disrupt the normal functioning of the NVIDIA Triton Inference Server, causing a denial of service that might impact critical systems or applications that rely on it.
The NVIDIA Triton Inference Server for Windows and Linux has a vulnerability that allows an attacker to cause an out-of-bounds write by sending a specially crafted input, potentially leading to a denial of service.
This vulnerability is a problem because it could allow an attacker to disrupt the service, making it unavailable to users, which can lead to downtime, loss of productivity, and potential financial losses.
The NVIDIA Triton Inference Server vulnerability allows an attacker to execute remote code by manipulating the model name parameter in the model control APIs, potentially leading to unauthorized access and control.
This vulnerability is a problem because it can be exploited to gain remote access, disrupt service, disclose sensitive information, and tamper with data, posing a significant threat to the security and integrity of systems using the NVIDIA Triton Inference Server.
The NVIDIA Triton Inference Server has a vulnerability in its DALI backend that allows an attacker to bypass proper input validation, potentially leading to code execution.
This vulnerability is a problem because it could enable an attacker to run malicious code on a system, giving them control over the system and potentially allowing them to steal sensitive data, disrupt operations, or cause other harm.
The CVE-2025-10621 vulnerability allows an attacker to manipulate the ID argument in the editroomimage.php file of the SourceCodester Hotel Reservation System 1.0, leading to a SQL injection attack that can be initiated remotely.
This vulnerability is a problem because it enables attackers to inject malicious SQL code into the system, potentially allowing them to access, modify, or delete sensitive data, disrupt the system's functionality, or even take control of the entire database.
The CVE-2025-10620 vulnerability allows an attacker to inject malicious SQL code into the Online Clinic Management System 1.0 by manipulating certain arguments, such as id, firstname, lastname, type, age, and address, in the /editp2.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access, modify, or extract sensitive data from the clinic's database, potentially leading to data breaches, unauthorized access, or disruption of healthcare services.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of XE files, which can occur when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a victim's system, potentially leading to data theft, system compromise, or other harmful activities, all by manipulating the target into performing a simple action like opening a file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting a type confusion condition in the parsing of XE files, which occurs when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all by simply tricking the user into interacting with a malicious file or webpage.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of XE files, which can be triggered when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all by simply tricking a user into opening a malicious file or visiting a malicious webpage.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of CO files, which can be triggered when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all because the software fails to properly validate user-supplied data.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting a type confusion condition in the parsing of CO files, which can be triggered when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a victim's system, potentially leading to unauthorized access, data theft, or other harmful activities, all because the software fails to properly validate user-supplied data.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting a memory corruption condition that occurs when parsing CO files, potentially due to visiting a malicious page or opening a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, which can lead to unauthorized access, data theft, or other harmful activities, all by manipulating the parsing of CO files due to a lack of proper validation of user-supplied data.
This vulnerability allows an attacker to execute arbitrary code on a computer by exploiting a flaw in how Ashlar-Vellum Cobalt handles certain file types (LI files), specifically due to a lack of validation of user-supplied data which leads to a type confusion condition.
This is a problem because it enables remote attackers to take control of affected systems, potentially leading to data breaches, malware installation, or other malicious activities, all of which can be initiated simply by tricking a user into visiting a malicious webpage or opening a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected Ashlar-Vellum Cobalt installations by exploiting a type confusion condition in the parsing of AR files, which can be triggered when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all because of a lack of proper validation of user-supplied data.
The CVE-2025-7998 vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting a flaw in the parsing of CO files, which can be triggered when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on the affected system, potentially leading to unauthorized access, data theft, or other harmful activities, all due to the lack of proper validation of user-supplied data.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of XE files, which can occur when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all of which can compromise the security and integrity of the system.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting a flaw in the parsing of AR files, which can be triggered when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all because of a lack of proper validation of user-supplied data.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting a type confusion condition in the parsing of CO files, which can be triggered when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all by simply tricking a user into interacting with a malicious file or webpage.
This vulnerability allows attackers to execute arbitrary code on systems running Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of AR files, which can be triggered by visiting a malicious page or opening a malicious file.
This vulnerability is a problem because it enables remote attackers to gain control over affected systems, potentially leading to unauthorized access, data theft, or other malicious activities, all by manipulating the lack of proper validation of user-supplied data.
This vulnerability, found in Ashlar-Vellum Cobalt, allows a remote attacker to execute arbitrary code on affected systems by exploiting a flaw in the parsing of LI files, specifically due to the lack of validation of an object's existence before performing operations on it.
This vulnerability is a problem because it enables attackers to run malicious code on a victim's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can be initiated simply by visiting a malicious webpage or opening a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of AR files, which can be triggered when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all by exploiting a lack of proper validation of user-supplied data in the AR file parsing process.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of VC6 files, which can be triggered by visiting a malicious page or opening a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all by simply tricking the user into interacting with a malicious file or webpage.
This vulnerability allows attackers to execute arbitrary code on affected Ashlar-Vellum Cobalt installations by exploiting an out-of-bounds write issue in the parsing of VC6 files, which can be triggered by visiting a malicious page or opening a malicious file.
This vulnerability is a problem because it enables remote attackers to run malicious code on the affected system, potentially leading to unauthorized access, data theft, or other harmful activities, all of which can be initiated simply by a user interacting with a malicious file or webpage.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of AR files, which can occur when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all by manipulating the user into interacting with a malicious file or webpage.
The CVE-2025-7988 vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite by exploiting an out-of-bounds write issue in the parsing of VC6 files, which can be triggered when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all because of a lack of proper validation of user-supplied data.
This vulnerability allows attackers to execute arbitrary code on systems running Ashlar-Vellum Graphite by exploiting an out-of-bounds write issue when parsing VC6 files, which can be triggered by visiting a malicious page or opening a malicious file.
This vulnerability is a problem because it enables remote attackers to gain control over affected systems, potentially leading to data theft, malware installation, or other malicious activities, all of which can compromise the security and integrity of the system.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite by exploiting an out-of-bounds write issue in the parsing of VC6 files, which can be triggered by visiting a malicious page or opening a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all by manipulating the user into interacting with a malicious file or webpage.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an integer overflow in the parsing of VC6 files, which occurs when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all by simply tricking the user into opening a malicious file or visiting a malicious website.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an uninitialized variable in the parsing of AR files, which can be triggered when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all of which can be initiated simply by a user interacting with a crafted file or webpage.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite by exploiting a heap-based buffer overflow in the parsing of VC6 files, which occurs when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all because the software fails to properly validate user-supplied data.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an integer overflow in the parsing of LI files, which can occur when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all due to the lack of proper validation of user-supplied data.
This vulnerability allows attackers to execute arbitrary code on computers running Ashlar-Vellum Graphite by exploiting an uninitialized variable when parsing VC6 files, which can happen if a user visits a malicious webpage or opens a malicious file.
This is a problem because it enables remote attackers to run malicious code on affected systems, potentially leading to data theft, system compromise, or other harmful activities, all of which can be initiated simply by a user interacting with malicious content.
This vulnerability allows a remote attacker to execute arbitrary code on affected installations of Ashlar-Vellum Graphite by exploiting an out-of-bounds write issue in the parsing of VC6 files, which occurs when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all due to the lack of proper validation of user-supplied data.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite by exploiting a stack-based buffer overflow in the parsing of VC6 files, which occurs when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all by tricking the user into interacting with a malicious file or webpage.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Graphite by exploiting an uninitialized variable in the parsing of VC6 files, which can be triggered when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to data theft, system compromise, or other harmful activities, all without the need for administrative privileges, but rather through user interaction such as opening a malicious file.
This vulnerability allows remote attackers to execute arbitrary code on affected installations of Ashlar-Vellum Cobalt by exploiting an out-of-bounds read in the parsing of LI files, which can be triggered when a user visits a malicious page or opens a malicious file.
This vulnerability is a problem because it enables attackers to run malicious code on a user's system, potentially leading to unauthorized access, data theft, or other harmful activities, all by manipulating the user into performing a simple action like opening a file.
The CVE-2025-59415 vulnerability in Frappe Learning versions 2.34.1 and below allows malicious users to upload SVG files to a profile bio that can execute arbitrary scripts, potentially affecting other users.
This vulnerability is a problem because it enables attackers to run unauthorized scripts in the context of other users, which could lead to data theft, session hijacking, or other malicious activities, compromising the security and privacy of users on the platform.
This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit, enabling them to execute arbitrary code on customers' endpoints without requiring any authentication.
This vulnerability is a problem because it allows unauthorized access to Wondershare Repairit, potentially leading to supply-chain attacks and the execution of malicious code on users' devices, which can result in data theft, system compromise, and other security breaches.
The CVE-2025-10643 vulnerability allows remote attackers to bypass authentication on Wondershare Repairit installations due to incorrect permission assignment, enabling unauthorized access without requiring any authentication.
This vulnerability is a problem because it allows unauthorized users to gain access to the system, potentially leading to data breaches, tampering, or other malicious activities, all without needing to provide any credentials.
The CVE-2025-10619 vulnerability allows an attacker to inject OS commands into the sequa-ai sequa-mcp OAuth Server Discovery component, which can be exploited remotely, potentially giving an attacker control over the affected system.
This vulnerability is a problem because it enables remote attackers to execute arbitrary commands on the vulnerable system, which could lead to data breaches, system compromise, or other malicious activities, especially if the attacker can manipulate the OAuth server discovery process.
The CVE-2025-10618 vulnerability allows an attacker to inject malicious SQL code into the itsourcecode Online Clinic Management System 1.0 by manipulating the "firstname" argument in the transact.php file, potentially leading to unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data without needing physical access to the system, which can lead to data breaches, tampering, and other malicious activities.
The CVE-2025-10617 vulnerability allows an attacker to manipulate the ID argument in the /admin/positions.php file of the SourceCodester Online Polling System 1.0, leading to a SQL injection attack that can be initiated remotely.
This vulnerability is a problem because it enables attackers to inject malicious SQL code into the system, potentially allowing them to access, modify, or delete sensitive data, disrupt system functionality, or gain unauthorized access to the system.
This vulnerability allows an attacker to upload files to the itsourcecode E-Commerce Website without any restrictions, which can be done remotely by exploiting a security flaw in the /admin/users.php file.
This is a problem because unrestricted file uploads can lead to the execution of malicious code, potentially allowing attackers to gain control of the website, steal sensitive data, or disrupt its operation, which can have serious consequences for the website's security and reputation.
The Dragonfly file distribution system has a vulnerability where it uses the HTTP protocol instead of HTTPS when downloading small files, allowing an attacker to intercept and alter the data being downloaded.
This vulnerability is a problem because it enables attackers to perform Man-in-the-Middle attacks, potentially replacing the intended file with malicious data, which could compromise the security and integrity of the system.
The Dragonfly system, prior to version 2.1.0, uses weak hash functions like MD5 to verify the integrity of downloaded files, allowing attackers to potentially replace files with malicious ones that have the same hash value.
This vulnerability is a problem because it enables attackers to substitute legitimate files with malicious ones without being detected, which could lead to the execution of harmful code, compromise of sensitive data, or disruption of service.
The Dragonfly system has a vulnerability that allows a peer to obtain a valid TLS certificate for any IP address, bypassing the mutual TLS (mTLS) authentication.
This vulnerability renders the mTLS authentication useless, allowing unauthorized access and potentially leading to malicious activities, as peers can impersonate legitimate IP addresses.
The Dragonfly file distribution system has a vulnerability that allows malicious peers to send requests that force other peers to create files in any location on their file system and read arbitrary files, potentially leading to remote code execution (RCE) and data theft.
This vulnerability is a problem because it allows attackers to steal sensitive data from other peers and gain control over their machines, potentially leading to further malicious activities.
The Dragonfly file distribution and image acceleration system has a vulnerability where it incorrectly handles the return value of a function, potentially leading to a nil dereference and causing the code to panic.
This vulnerability is a problem because it can cause the system to crash or become unstable, leading to disruptions in file distribution and image acceleration services, which can impact the availability and reliability of the system.
The Dragonfly file distribution system has a vulnerability in its access control mechanism for the Proxy feature, which uses simple string comparisons and is susceptible to timing attacks, allowing an attacker to guess passwords character by character by measuring the time it takes for the system to compare the input.
This vulnerability is a problem because it enables attackers to crack passwords more easily, potentially gaining unauthorized access to sensitive data and systems, which could lead to data breaches, unauthorized file distribution, and other security issues.
The Dragonfly system, specifically versions prior to 2.1.0, has a vulnerability where an attacker can create a directory with broad permissions that Dragonfly will later use, potentially allowing the attacker to modify files.
This vulnerability is a problem because it allows a local attacker to tamper with files that are meant to be used by the Dragonfly system, which could lead to unauthorized access or modification of sensitive data.
The Dragonfly file distribution system has a vulnerability where the usedTraffic field is not updated correctly when a task is processed by a peer, due to an uninitialized variable being used instead of the actual result size, leading to incorrect rate limiting.
This vulnerability can cause a denial-of-service condition for the peer, allowing an attacker to potentially overwhelm the system and disrupt its functionality.
The Dragonfly system, prior to version 2.1.0, has a vulnerability where its Manager component disables TLS certificate verification in HTTP clients, allowing an attacker to intercept and alter data through a Man-in-the-Middle attack, potentially causing the system to preheat with incorrect data.
This vulnerability is a problem because it enables an attacker to compromise the integrity of the data being distributed and accelerated by the Dragonfly system, leading to denial of service and file integrity issues, which can have significant consequences for the reliability and security of the system.
The CVE-2025-59346 vulnerability allows users to trick the Dragonfly system into making requests to internal services that are not normally accessible, by exploiting a server-side request forgery (SSRF) flaw in the Manager API. This can be done by creating a Preheat job with a specially crafted URL, which can then be used to redirect internal HTTP clients to access or probe internal HTTP endpoints.
This vulnerability is a problem because it enables unauthorized access to internal services and endpoints, which could lead to sensitive information disclosure, disruption of internal services, or potentially even more severe security breaches. It allows attackers to bypass normal access controls and potentially gain insight into or control over internal systems.
The CVE-2025-59340 vulnerability in the jinjava template engine allows an attacker to deserialize arbitrary classes, potentially creating instances of sensitive classes like java.net.URL, which can be used to access local files and URLs, and potentially lead to remote code execution (RCE) if further exploited.
This vulnerability is a problem because it enables an attacker to escape the sandbox and access sensitive information, potentially leading to unauthorized file access, data breaches, and even remote code execution, which could allow an attacker to take control of the affected system.
This vulnerability allows an unauthenticated remote attacker to conduct a Reflected Cross-Site Scripting (XSS) attack through the web-based management interface of network access control services, potentially executing arbitrary JavaScript code in a victim's browser.
This vulnerability is a problem because it enables attackers to execute malicious code in the context of the affected interface, potentially leading to unauthorized access, data theft, or other malicious activities, all without needing to authenticate themselves.
This vulnerability allows an attacker to upload files to the itsourcecode E-Commerce Website without any restrictions, which can be done remotely by exploiting a weakness in the /admin/products.php file.
This is a problem because it enables attackers to upload malicious files, such as backdoors, viruses, or other types of malware, which can lead to unauthorized access, data breaches, or disruption of the website's functionality, ultimately compromising the security and integrity of the e-commerce platform.
The CVE-2025-10614 vulnerability allows an attacker to manipulate the "profile_id" argument in the /print_reports_prev.php file of the E-Logbook with Health Monitoring System for COVID-19, leading to a cross-site scripting (XSS) attack, which can be launched remotely.
This vulnerability is a problem because it enables attackers to inject malicious code into the system, potentially allowing them to steal user data, take control of user sessions, or perform other unauthorized actions, which can compromise the security and integrity of the system and its users.
The Scratch Channel vulnerability allows a user to exploit the API by making a fork, which enables them to change administrators and create new articles, potentially leading to unauthorized content publication.
This vulnerability is a problem because it allows malicious users to gain administrative privileges and publish fake or harmful articles, compromising the integrity and trustworthiness of the news website.
This vulnerability allows attackers to manipulate client-side requests to different endpoints within the same application domain in Nuxt, a web development framework for Vue.js, by exploiting a client-side path traversal vulnerability in the Island payload revival mechanism.
This vulnerability is a problem because it enables attackers to potentially access sensitive data or perform unauthorized actions within the application by tricking the client into fetching malicious endpoints, which could lead to security breaches or data theft.
The CVE-2025-59345 vulnerability allows unauthorized access to the Dragonfly Manager web UI, specifically the /api/v1/jobs and /preheats endpoints, enabling anyone with network access to create, delete, and modify jobs without authentication, including creating useless jobs that can overwhelm the system.
This vulnerability is a problem because it can lead to a denial-of-service (DoS) state, where the Manager stops accepting requests from legitimate administrators, effectively shutting down the system and preventing authorized users from performing their tasks.
The CVE-2025-56648 vulnerability in npm parcel 2.0.0-alpha and earlier versions allows malicious websites to send requests to a development server and read the responses, potentially stealing source code when a developer visits the malicious site.
This vulnerability is a problem because it can lead to the unauthorized disclosure of sensitive source code, which could be used for malicious purposes, such as exploiting other vulnerabilities or stealing intellectual property.
This vulnerability allows an attacker to manipulate the "level_id" argument in the /leveledit1.php file of the itsourcecode Student Information System 1.0, leading to a SQL injection attack that can be performed remotely.
This vulnerability is a problem because it enables attackers to inject malicious SQL code, potentially allowing them to access, modify, or delete sensitive student information, disrupt system operations, or gain unauthorized access to the system.
The CVE-2025-10608 vulnerability allows an attacker to exploit an unknown function in the /enrollment-history/ file of Portabilis i-Educar versions up to 2.10, resulting in improper access controls and potentially allowing remote access to sensitive information.
This vulnerability is a problem because it enables remote attackers to bypass normal security controls, potentially leading to unauthorized access to sensitive data, disruption of services, or other malicious activities, which could compromise the confidentiality, integrity, and availability of the affected system.
The CVE-2025-59342 vulnerability allows an attacker to exploit a path-traversal flaw in the esm.sh content delivery network (CDN) by manipulating the X-Zone-Id HTTP header, causing the application to write files to arbitrary directories outside of its intended storage location.
This vulnerability is a problem because it enables attackers to potentially overwrite or create malicious files in sensitive areas of the system, leading to unauthorized access, data corruption, or execution of malicious code, which can compromise the security and integrity of the application and its data.
The CVE-2025-59341 vulnerability allows an attacker to exploit a Local File Inclusion (LFI) issue in the esm.sh content delivery network, enabling them to access and retrieve files from the host filesystem or other unintended sources by crafting a malicious request.
This vulnerability is a problem because it could lead to unauthorized access to sensitive files and data on the server, potentially exposing confidential information, disrupting service, or allowing further malicious activities.
The Bastion's osh-encrypt-rsync script, which is used to handle session-recording files, fails to digitally sign these files even when configured to do so, although it correctly rotates and encrypts them.
This vulnerability is a problem because the lack of digital signatures on these sensitive files means their integrity and authenticity cannot be guaranteed, potentially allowing tampering or alteration without detection, which compromises the security and trustworthiness of the recorded SSH sessions.
The REXML gem in Ruby has a vulnerability that can cause a Denial of Service (DoS) when it parses XML files containing multiple XML declarations, affecting versions 3.3.3 to 3.4.1.
This vulnerability is a problem because it can be exploited to disrupt the service of applications that rely on REXML to parse XML files, especially if they need to process untrusted XML inputs, leading to potential downtime and loss of functionality.
This vulnerability allows attackers to execute arbitrary code on users' systems by exploiting a flaw in the preview window functionality of Dyad, a local AI app builder, affecting versions v0.19.0 and earlier, enabling them to bypass Docker container protections and gain control of the system.
This is a significant issue because it enables attackers to gain unauthorized control over a user's system, potentially leading to data theft, malware installation, or other malicious activities, posing a substantial risk due to its high severity score of 9.0.
The ZimaOS operating system has a vulnerability that allows any user with access to localhost to upload files to the system using the /v2_1/files/file/uploadV2 endpoint, and these file uploads are performed with root privileges.
This vulnerability is a problem because it allows unauthorized users to upload malicious files to the system with elevated privileges, potentially leading to a takeover of the system, data theft, or other malicious activities.
The CVE-2025-58431 vulnerability in ZimaOS versions 1.4.1 and earlier allows any user with access to localhost to read files from the /v2_1/files/file/download endpoint, and these file reads are performed with root privileges.
This vulnerability is a problem because it grants unauthorized access to sensitive files, potentially exposing confidential data, as any user who can access the localhost can read files without restrictions, using the elevated privileges of the root user.
The CVE-2025-10607 vulnerability allows an attacker to disclose sensitive information in Portabilis i-Educar versions up to 2.10 by manipulating an unknown function in the /module/Avaliacao/diarioApi file, which can be executed remotely.
This vulnerability is a problem because it enables unauthorized access to sensitive information, potentially compromising the confidentiality and security of the affected system, and the fact that the exploit has been publicly disclosed increases the likelihood of it being used by malicious actors.
The CVE-2025-10606 vulnerability allows an attacker to perform a cross-site scripting (XSS) attack on Portabilis i-Educar versions up to 2.10 by manipulating the "tipoacao" argument in the /module/Configuracao/ConfiguracaoMovimentoGeral file, enabling the execution of malicious code on the victim's browser.
This vulnerability is a problem because it enables remote attackers to inject malicious code into the website, potentially leading to unauthorized access to sensitive information, session hijacking, or other malicious activities, which can compromise the security and integrity of the system and its users.
This vulnerability in Portabilis i-Educar allows an attacker to perform a cross-site scripting (XSS) attack by manipulating the "tipoacao" argument in the /agenda_preferencias.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to inject malicious code into the website, potentially allowing them to steal user data, take control of user sessions, or perform other malicious actions, which can compromise the security and integrity of the system and its users.
The CVE-2025-10604 vulnerability allows an attacker to inject malicious SQL code into the PHPGurukul Online Discussion Forum 1.0 by manipulating the "ID" argument in the /admin/edit_member.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access, modify, or extract sensitive data from the database, potentially leading to unauthorized access, data breaches, or disruption of the forum's functionality, and since an exploit is publicly available, attackers can easily use it to launch attacks.
This vulnerability allows a remote attacker to send a specially crafted HTTP request to the Swetrix Web Analytics API, which can lead to the execution of arbitrary code on the affected system due to a directory traversal issue.
This vulnerability is a problem because it enables unauthorized access and control of the system, potentially leading to data breaches, malware installation, or other malicious activities, compromising the security and integrity of the affected system.
This vulnerability allows an unauthenticated remote attacker to crash the CISA Thorium system by providing a specially crafted email address or response, due to the improper error handling of account verification email messages using '.unwrap()'.
This vulnerability is a problem because it enables attackers to disrupt the service, causing a denial-of-service (DoS) condition, which can lead to system unavailability and potentially allow for further exploitation.
The CISA Thorium service has a vulnerability that allows a remote, authenticated attacker to crash the service by setting a stream split size to zero, which causes a division by zero error.
This vulnerability is a problem because it can be exploited by an attacker to disrupt the service, causing denial of service and potentially leading to further malicious activities, which can impact the availability and reliability of the system.
The CISA Thorium system fails to verify the authenticity of TLS certificates when establishing connections to Elasticsearch, allowing an unauthenticated attacker with access to a Thorium cluster to potentially impersonate the Elasticsearch service.
This vulnerability is a problem because it enables an attacker to masquerade as a trusted Elasticsearch service, potentially leading to unauthorized access to sensitive data, eavesdropping, or manipulation of data within the Thorium cluster.
The CISA Thorium system fails to properly invalidate previously used login tokens when a user resets their password, allowing an attacker with a previously used token to still gain access to the account.
This vulnerability is a problem because it allows unauthorized access to accounts even after a password reset, which is typically considered a secure action to prevent further unauthorized access.
The CISA Thorium system allows a remote unauthenticated attacker to send an unlimited number of account verification email messages to a user who is pending verification, due to a lack of rate limiting on these requests.
This vulnerability is a problem because it enables attackers to flood users with verification emails, potentially leading to denial-of-service or spamming issues, and causing inconvenience or disruption to the users.
The CISA Thorium system fails to properly escape user-controlled strings used in LDAP queries, allowing an authenticated remote attacker to modify LDAP authorization data, such as group memberships.
This vulnerability is a problem because it enables attackers to alter sensitive authorization data, potentially granting themselves or others unauthorized access to resources, escalating privileges, and compromising the security of the system.
The CISA Thorium vulnerability allows a remote, authenticated attacker to access arbitrary files on the system by exploiting inadequate validation of downloaded file paths through the 'download_ephemeral' and 'download_children' functions.
This vulnerability is a problem because it enables an attacker to access sensitive files and data, potentially leading to unauthorized information disclosure, data theft, or further exploitation of the system, limited only by the file system permissions.
This vulnerability allows an attacker to inject malicious SQL code into the PHPGurukul Online Discussion Forum by manipulating the "Search" argument in the /admin/admin_forum/search_result.php file, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to exploit the forum's database, potentially leading to data breaches, unauthorized data modification, or even complete system takeover, which can have severe consequences for the forum's users and administrators.
This vulnerability allows an attacker to perform SQL injection by manipulating the ID argument in the /admin/delete_s1.php file of the SourceCodester Online Exam Form Submission 1.0 system, which can be done remotely.
This vulnerability is a problem because it enables attackers to inject malicious SQL code, potentially allowing them to access, modify, or delete sensitive data, disrupt system operations, or gain unauthorized access to the system.
This vulnerability allows an attacker to inject malicious SQL code into the Online Exam Form Submission system by manipulating the "email" argument in the /admin/index.php file, which can be done remotely.
This vulnerability is a problem because it enables attackers to access, modify, or extract sensitive data from the database, potentially leading to data breaches, unauthorized access, or disruption of the system.
The CVE-2025-10600 vulnerability allows an attacker to upload files without restrictions to the SourceCodester Online Exam Form Submission 1.0 system by manipulating the "img" argument in the /register.php file, and this can be done remotely.
This vulnerability is a problem because it enables attackers to upload malicious files, such as scripts or executables, which could lead to code execution, data breaches, or other types of cyber attacks, potentially compromising the security and integrity of the system.
The CVE-2025-10599 vulnerability allows an attacker to inject malicious SQL code into the itsourcecode Web-Based Internet Laboratory Management System by manipulating the "user_email" argument during the user authentication process, potentially leading to unauthorized access to sensitive data.
This vulnerability is a problem because it enables remote attackers to exploit the system, potentially allowing them to extract, modify, or delete sensitive data, disrupt system operations, or gain unauthorized access to the system, which could have serious security and privacy implications.
This vulnerability allows an attacker to inject malicious SQL code into the Pet Grooming Management Software through the /admin/search_product.php file by manipulating the "group_id" argument, potentially giving them unauthorized access to sensitive data.
This vulnerability is a problem because it can be exploited remotely, allowing attackers to access and manipulate sensitive data without needing physical access to the system, and since an exploit is publicly available, it's likely that malicious actors will attempt to use it.
The CVE-2025-10597 vulnerability allows for SQL injection in the kidaze CourseSelectionSystem, specifically in the COUNT2.php file, by manipulating the "cname" argument, which can be initiated remotely.
This vulnerability is a problem because it enables attackers to inject malicious SQL code, potentially allowing them to access, modify, or extract sensitive data from the database, which could lead to unauthorized access, data breaches, or disruption of service.
The CVE-2025-9862 vulnerability allows an attacker to exploit a Server-Side Request Forgery (SSRF) flaw in Ghost, enabling them to access internal resources that should be restricted.
This vulnerability is a problem because it can allow attackers to bypass security controls and access sensitive data or systems that are not intended to be publicly accessible, potentially leading to data breaches, unauthorized access, or other malicious activities.
The CVE-2025-57055 vulnerability allows an authenticated administrator to trick the WonderCMS server into making unauthorized internal or external HTTP requests by supplying a malicious URL through the pluginThemeUrl parameter during custom module installation.
This vulnerability is a problem because it enables an attacker to bypass security controls and potentially access sensitive data, disrupt services, or exploit other vulnerabilities within the internal network or external services, all under the guise of a legitimate administrator request.
This vulnerability allows an attacker to trick an authenticated user into resetting their password without their consent by sending a crafted request to the Zimbra Collaboration server, taking advantage of a lack of proper validation on the password reset endpoint.
This is a problem because it enables attackers to gain unauthorized access to user accounts by resetting passwords, potentially leading to data breaches, identity theft, and other malicious activities, all without the user's knowledge or permission.
The Apache::AuthAny::Cookie module for Perl generates session IDs using a predictable method, combining the epoch time with a call to the built-in rand function, which is hashed using MD5.
This vulnerability is a problem because it allows attackers to potentially guess or predict session IDs, which could enable them to gain unauthorized access to systems, compromising security and data integrity.