WebITR developed by Uniong has a SQL Injection vulnerability, allowing authenticated remote attackers to inject arbitrary SQL commands to read database contents. More information : https://www.twcert.org.tw/en/cp-139-10539-21f45-2.html
WebITR developed by Uniong has an Authentication Bypass vulnerability, allowing authenticated remote attackers to log into the system as any user by modifying a specific parameter. Attackers must first obtain a user ID to...
app/Controller/EventsController.php in MISP before 2.5.24 has invalid logic in checking for uploaded file validity, related to tmp_name. More information : https://github.com/MISP/MISP/compare/v2.5.23…v2.5.24
UsersController::edit in Cerebrate before 1.30 allows an authenticated non-privileged user to escalate their privileges (e.g., obtain a higher role such as admin) via the user-edit endpoint by supplying or modifying role_id or organisation_id fields...
app/Model/EventReport.php in MISP before 2.5.27 allows path traversal in view picture for a site-admin. More information : https://github.com/MISP/MISP/commit/7f4a0386d38672eddc139f5735d71c3b749623ce
In libexpat through 2.7.3, a crafted file with an approximate size of 2 MiB can lead to dozens of seconds of processing time. More information : https://github.com/libexpat/libexpat/issues/1076
Kivitendo before 3.9.2 allows XXE injection. By uploading an electronic invoice in the ZUGFeRD format, it is possible to read and exfiltrate files from the server’s filesystem. More information : https://blog.kivitendo.de/?p=1415
Peppol-py before 1.1.1 allows XXE attacks because of the Saxon configuration. When validating XML-based invoices, the XML parser could read files from the filesystem and expose their content to a remote host. More information...
Mustang before 2.16.3 allows exfiltrating files via XXE attacks. More information : https://github.com/ZUGFeRD/mustangproject/issues/685
Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. More information : https://consumer.huawei.com/en/support/bulletin/2025/11/
Permission control vulnerability in the file management module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. More information : https://consumer.huawei.com/en/support/bulletin/2025/11/
Identity authentication bypass vulnerability in the Gallery app. Impact: Successful exploitation of this vulnerability may affect service confidentiality. More information : https://consumer.huawei.com/en/support/bulletin/2025/11/
Vulnerability of improper criterion security check in the call module. Impact: Successful exploitation of this vulnerability may cause features to perform abnormally. More information : https://consumer.huawei.com/en/support/bulletin/2025/11/
UAF vulnerability in the USB driver module. Impact: Successful exploitation of this vulnerability will affect availability and confidentiality. More information : https://consumer.huawei.com/en/support/bulletin/2025/11/