Aggregator

A vulnerability classified as problematic was found in GitLab Community Edition and Enterprise Edition up to 18.2.6/18.3.2/18.4.0. This issue affects some unknown processing. The manipulation results in business logic errors. This vulnerability was named CVE-2025-10868. The attack may be performed from remote. There is no available exploit. Upgrading the affected component is advised.

Submit #659442 / VDB-323087

A vulnerability classified as problematic has been found in SourceCodester Pet Grooming Management Software 1.0. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. This vulnerability is uniquely identified as CVE-2025-11051. The attack is possible to be carried out remotely. No exploit exists.

Submit #659440 / VDB-326094

Submit #659439 / VDB-326093

A vulnerability described as critical has been identified in Portabilis i-Educar up to 2.10. This affects an unknown part of the file /periodo-lancamento. Executing manipulation can lead to improper authorization. This vulnerability is handled as CVE-2025-11050. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability marked as critical has been reported in Portabilis i-Educar up to 2.10. Affected by this issue is some unknown functionality of the file /unificacao-aluno. Performing manipulation results in improper authorization. This vulnerability is known as CVE-2025-11049. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability labeled as critical has been found in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /consulta-dispensas. Such manipulation leads to improper authorization. This vulnerability is traded as CVE-2025-11048. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability identified as critical has been detected in Portabilis i-Educar up to 2.10. Affected is an unknown function of the file /module/Api/aluno. This manipulation of the argument aluno_id causes improper authorization. This vulnerability appears as CVE-2025-11047. The attack may be initiated remotely. In addition, an exploit is available.

Submit #659370 / VDB-326092

Submit #659305 / VDB-326088

Submit #659214 / VDB-326087

Submit #659203 / VDB-326086

Submit #659202 / VDB-326085

Submit #659201 / VDB-326084

A vulnerability categorized as critical has been discovered in Tencent WeKnora 0.1.0. This impacts the function testEmbeddingModel of the file /api/v1/initialization/embedding/test. The manipulation of the argument baseUrl results in server-side request forgery. This vulnerability is reported as CVE-2025-11046. The attack can be launched remotely. Moreover, an exploit is present. It is advisable to upgrade the affected component. The vendor responds: "We have confirmed that the issue mentioned in the report does not exist in the latest releases".

A vulnerability was found in WAYOS LQ_04, LQ_05, LQ_06, LQ_07 and LQ_09 22.03.17. It has been rated as critical. This affects an unknown function of the file /usb_paswd.asp. The manipulation of the argument Name leads to command injection. This vulnerability is documented as CVE-2025-11045. The attack can be initiated remotely. Additionally, an exploit exists.

当前环境异常，请完成验证以继续访问。

Submit #658926 / VDB-326083

美国特工发现一个由300多个服务器组成的“SIM农场”，可能用于攻击纽约的手机网络。这些服务器可发送大量信息，用于DDoS攻击、匿名浏览或支持犯罪活动。尽管具体用途尚不清楚，但特工们担心潜在的安全威胁。