The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and...

CVE-79: Improper Neutralization of Input During Web Page Generation (‘Cross-site Scripting’) vulnerability in Payara Platform Payara Server allows : Remote Code Inclusion.This issue affects Payara Server: from 4.1.2.1919.1 before 4.1.2.191.51, from 5.20.0 before 5.68.0,...

Valmet DNA user passwords in plain text. This practice poses a security risk as attackers who gain access to local project data can read the passwords. Assigner : vulncoord@ncsc.fi More information : https://www.valmet.com/about-us/about/research-and-development/vulnerabilityadvisories/cve-2025-0418/

Lack of protection against brute force attacks in Valmet DNA visualization in DNA Operate. The possibility to make an arbitrary number of login attempts without any rate limit gives an attacker an increased chance of...

Local privilege escalation through insecure DCOM configuration in Valmet DNA versions prior to C2023. The DCOM object Valmet DNA Engineering has permissions that allow it to run commands as a user with the SeImpersonatePrivilege privilege....

Sub::HandlesVia for Perl before 0.050002 allows untrusted code from the current working directory (‘.’) to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may...

Linux::Statm::Tiny for Perl before 0.0701 allows untrusted code from the current working directory (‘.’) to be loaded similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it may...

Mite for Perl before 0.013000 generates code with the current working directory (‘.’) added to the @INC path similar to CVE-2016-1238. If an attacker can place a malicious file in current working directory, it...

A vulnerability, which was classified as critical, was found in oretnom23/SourceCodester Apartment Visitor Management System 1.0. Affected is an unknown function of the file /remove-apartment.php. The manipulation of the argument ID leads to sql...

A vulnerability, which was classified as critical, has been found in GuoMinJim PersonManage 1.0. This issue affects the function preHandle of the file /login/. The manipulation of the argument Request leads to path traversal....

A vulnerability classified as critical was found in Project Worlds Online Time Table Generator 1.0. This vulnerability affects unknown code of the file /student/updateprofile.php. The manipulation of the argument pic leads to unrestricted upload....

An authenticated attacker can exploit an Server-Side Request Forgery (SSRF) vulnerability in Microsoft Azure Health Bot to elevate privileges over a network. Assigner : secure@microsoft.com More information : https://msrc.microsoft.com/update-guide/vulnerability/CVE-2025-21384

A vulnerability classified as critical has been found in Project Worlds Online Time Table Generator 1.0. This affects an unknown part of the file /admin/updatestudent.php. The manipulation of the argument pic leads to unrestricted...

An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A Shortcut may run with admin privileges without authentication. Assigner :...