Aggregator

A vulnerability classified as problematic has been found in code-projects E-Commerce Website 1.0. This impacts an unknown function of the file /pages/supplier_add.php. The manipulation of the argument supp_name/supp_address leads to cross site scripting. This vulnerability is traded as CVE-2025-12333. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability classified as problematic was found in code-projects E-Commerce Website 1.0. Affected is an unknown function of the file /pages/product_add.php. The manipulation of the argument prod_name/prod_desc/prod_cost results in cross site scripting. This vulnerability is known as CVE-2025-12334. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability was found in Frappe LMS up to 2.39.1. It has been classified as problematic. Impacted is an unknown function of the component Quiz Form. This manipulation causes direct request. This vulnerability is handled as CVE-2025-62778. The attack can be initiated remotely. There is not any exploit available. Applying a patch is the recommended action to fix this issue.

A vulnerability classified as problematic was found in Frappe LMS up to 2.39.1. The affected element is an unknown function. The manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-62779. The attack may be launched remotely. There is no exploit available. It is advisable to implement a patch to correct this issue.

A vulnerability, which was classified as critical, has been found in MaxSite CMS up to 109. This vulnerability affects unknown code of the file application/maxsite/admin/plugins/auto_post/uploads-require-maxsite.php of the component HTTP Header Handler. Performing manipulation of the argument X-Requested-FileName/X-Requested-FileUpDir results in unrestricted upload. This vulnerability is known as CVE-2025-12346. Remote exploitation of the attack is possible. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as critical, was found in MaxSite CMS up to 109. This issue affects some unknown processing of the file application/maxsite/admin/plugins/editor_files/save-file-ajax.php. Executing manipulation of the argument file_path/content can lead to unrestricted upload. This vulnerability is handled as CVE-2025-12347. The attack can be executed remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Serdar Bayram Ghost Hot Spot up to 20251014. It has been rated as critical. The affected element is an unknown function of the file /Auth.php of the component Login. This manipulation causes sql injection. This vulnerability is tracked as CVE-2025-12342. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability categorized as critical has been discovered in Yonyou U8 Cloud up to 5.1sp. The impacted element is an unknown function of the file /service/NCloudGatewayServlet of the component Request Header Handler. Such manipulation of the argument ts/sign leads to unrestricted upload. This vulnerability is listed as CVE-2025-12344. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/admin_product.ph. Executing manipulation of the argument pid can lead to sql injection. The identification of this vulnerability is CVE-2025-12338. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in Campcodes Retro Basketball Shoes Online Store 1.0. It has been classified as critical. This issue affects some unknown processing of the file /admin/admin_football.php. The manipulation of the argument pid leads to sql injection. This vulnerability is referenced as CVE-2025-12339. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability was found in ermig1979 AntiDupl up to 2.3.12. It has been declared as critical. Impacted is an unknown function of the file AntiDupl.NET.WinForms.exe of the component Delete Duplicate Image Handler. The manipulation results in link following. This vulnerability is identified as CVE-2025-12341. The attack is only possible with local access. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

速修复

已修复

Уязвимость позволяет хакерам получить доступ к корпоративной сети через обновления.

DataCon 2025大数据安全分析竞赛火热报名中。LLM-RAG隐私安全比赛中，你关心的那些问题都在这里了！

Only 23% of ransomware victims paid in Q3 2025, the lowest ever, continuing a six-year decline in payment rates, Coveware reports. Cybersecurity firm Coveware reports that only 23% of ransomware victims paid attackers in Q3 2025, the lowest rate ever recorded. The researchers note this continues a six-year decline in payment rates. After 28% of […]

加强人工智能风险监测评估和安全监管

管理层被指以过度乐观的换代预期误导市场

Currently trending CVE - Hype Score: 26 - VMware Workstation (17.x) and VMware Fusion (13.x) contain a stack-based buffer-overflow vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.

Currently trending CVE - Hype Score: 26 - VMware Workstation and Fusion contain an out-of-bounds read vulnerability that exists in the functionality for sharing host Bluetooth devices with the virtual machine.