Aggregator

Currently trending CVE - Hype Score: 1 - Deserialization of untrusted data in Web Deploy allows an authorized attacker to execute code over a network.

OpenxAI在Base平台上线,允许任何人快速启动AI业务,无需中间商。

A vulnerability classified as problematic was found in itsourcecode POS Point of Sale System 1.0. This affects an unknown part of the file /inventory/main/vendors/datatables/unit_testing/templates/6776.php. Such manipulation of the argument scripts leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-10028. The attack can be launched remotely. Moreover, an exploit is present.

Давление на энциклопедию становится глобальным.

A vulnerability identified as problematic has been detected in itsourcecode POS Point of Sale System 1.0. The impacted element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/empty_table.php. Performing manipulation of the argument scripts results in cross site scripting. This vulnerability is cataloged as CVE-2025-10067. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability categorized as problematic has been discovered in itsourcecode POS Point of Sale System 1.0. The affected element is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dymanic_table.php. Such manipulation of the argument scripts leads to cross site scripting. This vulnerability is listed as CVE-2025-10066. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability was found in itsourcecode POS Point of Sale System 1.0. It has been rated as problematic. Impacted is an unknown function of the file /inventory/main/vendors/datatables/unit_testing/templates/dom_data_th.php. This manipulation of the argument scripts causes cross site scripting. This vulnerability is tracked as CVE-2025-10065. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability was found in itsourcecode POS Point of Sale System 1.0. It has been declared as problematic. This issue affects some unknown processing of the file /inventory/main/vendors/datatables/unit_testing/templates/dom_data_two_headers.php. The manipulation of the argument scripts results in cross site scripting. This vulnerability is identified as CVE-2025-10064. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability was found in itsourcecode POS Point of Sale System 1.0. It has been classified as problematic. This vulnerability affects unknown code of the file /inventory/main/vendors/datatables/unit_testing/templates/deferred_table.php. The manipulation of the argument scripts leads to cross site scripting. This vulnerability is referenced as CVE-2025-10063. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

Submit #643955 / VDB-322990

Submit #643948 / VDB-322989

Submit #643947 / VDB-322988

Submit #643946 / VDB-322987

Submit #643945 / VDB-322986

A vulnerability was found in itsourcecode Student Information Management System 1.0 and classified as critical. This affects an unknown part of the file /admin/login.php. Executing manipulation of the argument uname can lead to sql injection. The identification of this vulnerability is CVE-2025-10062. The attack may be launched remotely. Furthermore, there is an exploit available.

Submit #641752 / VDB-322985

A vulnerability has been found in internetarchive up to 5.5.0 and classified as critical. Affected by this issue is the function File.download. Performing manipulation results in path traversal. This vulnerability was named CVE-2025-58438. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability, which was classified as problematic, was found in runatlantis atlantis up to 0.35.1. Affected by this vulnerability is an unknown functionality of the file /status of the component API. Such manipulation leads to information disclosure. This vulnerability is uniquely identified as CVE-2025-58445. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability, which was classified as critical, has been found in SQLite. Affected is an unknown function of the component FTS5 Extension. This manipulation causes integer overflow. This vulnerability is handled as CVE-2025-7709. The attack can be initiated remotely. Additionally, an exploit exists. Applying a patch is the recommended action to fix this issue.

A vulnerability classified as critical was found in Apache Hertzbeat up to 1.7.1. This impacts an unknown function of the component JNDI Handler. The manipulation results in ldap injection. This vulnerability is known as CVE-2025-48208. It is possible to launch the attack remotely. No exploit is available. Upgrading the affected component is advised.