LSC Smart Connect Indoor IP Camera 1.4.13 contains a RCE vulnerability in start_app.sh. More information : https://github.com/Istaarkk/CVE-2025-65817/blob/main/README.md

ClipBucket 5.5.2 is affected by an improper access control issue where the product is shipped or deployed with hardcoded default administrative credentials. An unauthenticated remote attacker can log in to the administrative panel using...

A stored cross-site scripting (XSS) vulnerability in the Media module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Name field. More information...

A stored cross-site scripting (XSS) vulnerability in the Page Settings module of Piranha CMS v12.1 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the Excerpt field. More...

PublicCMS V5.202506.b is vulnerable to Cross Site Scripting (XSS) in the Content Search module. More information : https://github.com/Hyperkopite/PublicCMS_Vulns/blob/main/XSS_1.md

A reflected cross-site scripting (XSS) vulnerability exists in FuguHub 8.1 when serving SVG files through the /fs/ file manager interface. FuguHub does not sanitize or restrict script execution inside SVG content. When a victim...

An arbitrary file upload vulnerability in Umbraco CMS v16.3.3 allows attackers to execute arbitrary code by uploading a crafted PDF file. NOTE: this is disputed by the Supplier because the responsibility for file validation...

Incorrect access control in the /api/v1/conversations/*/messages API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access other users’ message history with AI agents. More information : https://gist.github.com/p80n-sec/0a0a71a2190d5e6f8083bf6069e7b5f2

Incorrect access control in the /api/v1/conversations/*/files API of GT Edge AI Platform before v2.0.10 allows unauthorized attackers to access other users’ uploaded files. More information : https://gist.github.com/p80n-sec/f3ca933480157cb4e18c387d92f4d0c2

Insecure permissions in the /api/v1/agents API of GT Edge AI Platform before v2.0.10-dev allows unauthorized attackers to access sensitive information. More information : https://gist.github.com/p80n-sec/48ce34c929e8b946f0ad25f76e7b8cef

An error in the SignServer container startup logic was found in Keyfactor SignServer versions prior to 7.2. The Admin CLI command used to configure Certificate access to the initial startup of the container sets...

A vulnerability in WooCommerce 8.1 to 10.4.2 can allow logged-in customers to access order data of guest customers on sites with a certain configuration. This has been fixed in WooCommerce 10.4.3, as well as...

A Local File Inclusion (LFI) vulnerability exists in the Webmail Classic UI of Zimbra Collaboration (ZCS) 10.0 and 10.1 because of improper handling of user-supplied request parameters in the RestFilter servlet. An unauthenticated remote...

An arbitrary file upload vulnerability in the Attachments module of Frappe Framework v15.89.0 allows attackers to execute arbitrary code via uploading a crafted XML file. More information : http://erpnext.com