Vuldb Updates

A vulnerability was found in zhangyanbo2007 youkefu up to 4.2.0. It has been classified as critical. Affected is the function Upload of the file \youkefu-master\src\main\java\com\ukefu\webim\web\handler\resource\MediaController.java. The manipulation of the argument imgFile leads to unrestricted upload. This vulnerability is documented as CVE-2025-4258. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability categorized as critical has been discovered in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. This impacts the function addCrawlSource of the file novel-crawl/src/main/java/com/java2nb/novel/controller/CrawlController.java. Executing manipulation can lead to missing authentication. This vulnerability is registered as CVE-2025-4018. It is possible to launch the attack remotely. Furthermore, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability identified as critical has been detected in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. Affected is the function genCode of the file novel-admin/src/main/java/com/java2nb/common/controller/GeneratorController.java. The manipulation leads to missing authentication. This vulnerability is documented as CVE-2025-4019. The attack can be initiated remotely. Additionally, an exploit exists. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability labeled as problematic has been found in libzvbi up to 0.2.43. This issue affects the function vbi_capture_sim_load_caption of the file src/io-sim.c. Such manipulation leads to integer overflow. This vulnerability is traded as CVE-2025-2176. The attack may be launched remotely. Furthermore, there is an exploit available. The affected component should be upgraded. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

A vulnerability marked as problematic has been reported in libzvbi up to 0.2.43. Impacted is the function vbi_search_new of the file src/search.c. Performing manipulation of the argument pat_len results in integer overflow. This vulnerability is known as CVE-2025-2177. Remote exploitation of the attack is possible. Furthermore, an exploit is available. It is suggested to upgrade the affected component. The code maintainer was informed beforehand about the issues. She reacted very fast and highly professional.

A vulnerability was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0 and classified as problematic. This vulnerability affects unknown code of the component CORS Handler. The manipulation results in permissive cross-domain policy with untrusted domains. This vulnerability was named CVE-2025-1083. The attack may be performed from remote. In addition, an exploit is available. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability was found in Mindskip xzs-mysql 学之思开源考试系统 3.9.0. It has been classified as problematic. This issue affects some unknown processing. This manipulation causes cross-site request forgery. The identification of this vulnerability is CVE-2025-1084. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. Multiple endpoints are affected. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability marked as critical has been reported in SiAdmin 1.1. The affected element is an unknown function of the file /modul/mod_pass/aksi_pass.php. The manipulation of the argument nama_lengkap leads to sql injection. This vulnerability is documented as CVE-2024-4991. The attack can be initiated remotely. There is not any exploit available.

A vulnerability described as critical has been identified in SiAdmin 1.1. The impacted element is an unknown function of the file /modul/mod_kuliah/aksi_kuliah.php. The manipulation of the argument nim results in sql injection. This vulnerability is reported as CVE-2024-4992. The attack can be launched remotely. No exploit exists.

A vulnerability identified as critical has been detected in Mage AI. The impacted element is an unknown function. The manipulation leads to incorrect privilege assignment. This vulnerability is documented as CVE-2024-45187. The attack can be initiated remotely. There is not any exploit available.

A vulnerability was found in s-a-zhd Ecommerce-Website-using-PHP 1.0 and classified as critical. The impacted element is an unknown function of the file details.php. Such manipulation of the argument pro_id leads to sql injection. This vulnerability is listed as CVE-2025-2036. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability identified as critical has been detected in s-a-zhd Ecommerce-Website-using-PHP 1.0. Affected by this issue is some unknown functionality of the file /shop.php. This manipulation of the argument p_cat causes sql injection. This vulnerability appears as CVE-2025-2041. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability, which was classified as problematic, has been found in Intermesh groupoffice up to 6.8.99. The affected element is an unknown function. Performing manipulation of the argument Name results in cross site scripting. This vulnerability is reported as CVE-2025-25191. The attack is possible to be carried out remotely. No exploit exists. It is advisable to upgrade the affected component.

A vulnerability categorized as critical has been discovered in Datalust Seq. This affects an unknown function. Executing manipulation can lead to stack-based buffer overflow. This vulnerability is registered as CVE-2024-58102. The attack requires access to the local network. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability classified as problematic has been found in SiAdmin 1.1. This affects an unknown function of the file /show.php of the component URL Handler. This manipulation causes cross site scripting. This vulnerability appears as CVE-2024-4993. The attack may be initiated remotely. There is no available exploit.

A vulnerability identified as problematic has been detected in PhpMyBackupPro 2.3. Affected by this vulnerability is an unknown functionality of the file /phpmybackuppro/scheduled.php of the component URL Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-5413. The attack is possible to be carried out remotely. No exploit exists.

A vulnerability labeled as problematic has been found in PhpMyBackupPro 2.3. Affected by this issue is some unknown functionality of the file /phpmybackuppro/get_file.php of the component URL Handler. The manipulation of the argument view results in cross site scripting. This vulnerability was named CVE-2024-5414. The attack may be performed from remote. There is no available exploit.

A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been rated as critical. This affects the function Upload of the file /admin/upload/authorImg/. Performing manipulation of the argument File results in unrestricted upload. This vulnerability is reported as CVE-2025-3593. The attack is possible to be carried out remotely. Moreover, an exploit is present. The vendor was contacted early about this disclosure but did not respond in any way.

A vulnerability described as critical has been identified in PeerTube up to 7.1.0. Impacted is an unknown function of the component HLS Video Handler. Such manipulation leads to path traversal. This vulnerability is traded as CVE-2025-32943. The attack may be launched remotely. There is no exploit available. Upgrading the affected component is recommended.

A vulnerability was found in 20120630 Novel-Plus up to 0e156c04b4b7ce0563bef6c97af4476fcda8f160. It has been rated as critical. This affects the function list of the file nnovel-admin/src/main/java/com/java2nb/common/controller/LogController.java. Performing manipulation results in improper authorization. This vulnerability is cataloged as CVE-2025-4017. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.