IBM Lakehouse (watsonx.data 2.2) could allow an authenticated privileged user to execute arbitrary commands on the system due to improper validation of user supplied input. More information : https://www.ibm.com/support/pages/node/7245379
IBM Lakehouse (watsonx.data 2.2) could allow an authenticated user to obtain sensitive server component version information which could aid in further attacks against the system. More information : https://www.ibm.com/support/pages/node/7245384
Cross Site Request Forgery (CSRF) vulnerability in Smartvista BackOffice SmartVista Suite 2.2.22 via crafted GET request. More information : https://gitlab.com/c2at3/cve-2025-50255/-/blob/main/Bypassing_CSRF_Protection_in_Smartvista-BackOffice.pdf
A vulnerability was identified in fuyang_lipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit is publicly available...
A security flaw has been discovered in fuyang_lipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit...
An issue Clip Bucket v.5.5.2 Build#90 allows a remote attacker to execute arbitrary codes via the file_downloader.php and the file parameter More information : https://medium.com/@mukund.s1337/cve-2025-55911-clipbucket-5-5-2-build-90-ssrf-via-upload-actions-file-downloader-php-eb49dc02bd6f
In realme BackupRestore app v15.1.12_2810c08_250314, improper URI scheme handling in com.coloros.pc.PcToolMainActivity allows local attackers to cause a crash and potential XSS via crafted ADB intents. More information : http://realme.com/
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Backlog item representations do not verify the permissions of the child trackers. Users might see tracker names they should not...
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site scripting (XSS) vulnerability when handling chat message in lobe-chat that can be escalated to remote code...
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). A bad actor can flood the inbox of a user by repeatedly sending invites (duplicate). The issue is...
A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-masterexam-apisrcmainjavacomyfexamabilityshirojwtJwtUtils.java of the component JWT Token Handler. The manipulation leads to insufficiently random values. The attack can...
A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBatteryHelper. The manipulation results in missing authentication. The attack requires...
A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/class/index.php. This manipulation of the argument classId causes sql injection. The attack may...
A flaw has been found in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /check_profile.php. Executing manipulation of the argument profile_id can lead to...