Aggregator

A vulnerability has been found in MediaWiki up to 1.35.9/1.38.5/1.39.2 and classified as problematic. This vulnerability affects unknown code of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to denial of service. This vulnerability was named CVE-2023-29141. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in Oracle FLEXCUBE Universal Banking 14.5/14.6/14.7. It has been rated as critical. Affected by this issue is some unknown functionality of the component Infrastructure. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-20861. The attack may be launched remotely. There is no exploit available.

A vulnerability, which was classified as critical, has been found in Oracle Enterprise Data Quality 12.2.1.4.0. This issue affects some unknown processing of the component General. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2023-20861. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in Oracle Middleware Common Libraries and Tools 12.2.1.4.0 and classified as critical. Affected by this issue is some unknown functionality of the component Third Party. The manipulation leads to denial of service. This vulnerability is handled as CVE-2023-20861. The attack may be launched remotely. There is no exploit available.

A vulnerability was found in Oracle BI Publisher 6.4.0.0.0/7.0.0.0.0. It has been rated as critical. This issue affects some unknown processing of the component Web Server. The manipulation leads to denial of service. The identification of this vulnerability is CVE-2023-20861. The attack may be initiated remotely. There is no exploit available.

A vulnerability classified as problematic has been found in keycloak-connect. This affects an unknown part of the component Node.js Adapter. The manipulation leads to open redirect. This vulnerability is uniquely identified as CVE-2022-2237. Access to the local network is required for this attack. There is no exploit available. It is recommended to upgrade the affected component.

一个黑客社区欢迎新手加入并提供学习资源和问答功能，帮助成员从新手成长为资深人士，并邀请访问其Discord服务器进行交流。

Syd 是一款专为渗透测试人员、红队成员及网络安全研究人员设计的完全离线 AI 助手，基于 Mistral 7B 和 llama.cpp 运行，支持本地数据处理、生成自定义 payload、模拟复杂攻击，并允许用户嵌入自定义内容。

A vulnerability was found in rowboatlabs rowboat up to 8096eaf63b5a0732edd8f812bee05b78e214ee97. It has been rated as critical. Affected by this issue is the function PUT of the file apps/rowboat/app/api/uploads/[fileId]/route.ts of the component Session Handler. The manipulation of the argument params leads to missing authentication. This vulnerability is handled as CVE-2025-7115. The attack may be launched remotely. There is no exploit available. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available. It is expected that this issue will be fixed in the near future.

A vulnerability was found in SimStudioAI sim up to 37786d371e17d35e0764e1b5cd519d873d90d97b. It has been declared as critical. Affected by this vulnerability is the function POST of the file apps/sim/app/api/files/upload/route.ts of the component Session Handler. The manipulation of the argument Request leads to missing authentication. This vulnerability is known as CVE-2025-7114. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #604899 / VDB-315026

Submit #604898 / VDB-315025

A vulnerability was found in Portabilis i-Educar 2.9.0. It has been classified as problematic. Affected is an unknown function of the file /module/ComponenteCurricular/edit?id=ID of the component Curricular Components Module. The manipulation of the argument Nome leads to cross site scripting. This vulnerability is traded as CVE-2025-7113. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Portabilis i-Educar 2.9.0 and classified as problematic. This issue affects some unknown processing of the file /intranet/educar_funcao_det.php?cod_funcao=COD&ref_cod_instituicao=COD of the component Function Management Module. The manipulation of the argument Função leads to cross site scripting. The identification of this vulnerability is CVE-2025-7112. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability has been found in Portabilis i-Educar 2.9.0 and classified as problematic. This vulnerability affects unknown code of the file /intranet/educar_curso_det.php?cod_curso=ID of the component Course Module. The manipulation of the argument Curso leads to cross site scripting. This vulnerability was named CVE-2025-7111. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, was found in Portabilis i-Educar 2.9.0. This affects an unknown part of the file /intranet/educar_escola_lst.php of the component School Module. The manipulation of the argument Escola leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-7110. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability, which was classified as problematic, has been found in Portabilis i-Educar 2.9.0. Affected by this issue is some unknown functionality of the file /intranet/educar_aluno_beneficio_lst.php of the component Student Benefits Registration. The manipulation of the argument Benefício leads to cross site scripting. This vulnerability is handled as CVE-2025-7109. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

Submit #604879 / VDB-315024

Submit #604824 / VDB-315023

Submit #604822 / VDB-315022