PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function. More information : https://github.com/147536951/Qiany1/blob/main/Perfreeblog_2.pdf

PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function. More information : https://github.com/147536951/Qiany1/blob/main/Perfreeblog_1.pdf

A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversal. It is possible...

SQL Injection vulnerability in SMM Panel 3.1 allowing remote attackers to gain sensitive information via a crafted HTTP request with action=service_detail. More information : https://github.com/Aether-0/CVE-2025-55575

Cross Site Scripting vulnerability in docmost v.0.21.0 and before allows an attacker to execute arbitrary code More information : https://github.com/docmost/docmost

FoxCMS 1.2.6, there is a Cross Site Scripting vulnerability in /index.php/article. This allows attackers to execute arbitrary code. More information : http://foxcms.com

The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account’s username locally. This issue has been patched...

An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server. More information : https://www.rapid7.com/blog/post/securden-unified-pam-multiple-critical-vulnerabilities-fixed/

An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM. More information : https://www.rapid7.com/blog/post/securden-unified-pam-multiple-critical-vulnerabilities-fixed/

A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited. More information : https://portal.microfocus.com/s/article/KM000042483

D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 was discovered to contain a command injection vulnerability via the ping6 function. More information : https://gist.github.com/stevenyu113228/6dbc5eb4311390e4e9a8f89fdb659406

A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead...

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter. More information : https://doc.clickup.com/3897127/p/h/3pxt7-11876/0a7da72fe66f76a

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter. More information : https://doc.clickup.com/3897127/p/h/3pxt7-11976/fdd8631102e9985