Aggregator

CVE-2025-2364 | lenve VBlog up to 1.0.0 ArticleService.java addNewArticle mdContent/htmlContent cross site scripting

VulDB Recent Entries
9 months ago
A vulnerability classified as problematic was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function addNewArticle of the file blogserver/src/main/java/org/sang/service/ArticleService.java. The manipulation of the argument mdContent/htmlContent leads to cross site scripting. This vulnerability is known as CVE-2025-2364. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-2363 | lenve VBlog up to 1.0.0 ArticleController.java uploadImg filename path traversal

VulDB Recent Entries
9 months ago
A vulnerability classified as critical has been found in lenve VBlog up to 1.0.0. Affected is the function uploadImg of the file blogserver/src/main/java/org/sang/controller/ArticleController.java. The manipulation of the argument filename leads to path traversal. This vulnerability is traded as CVE-2025-2363. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-2362 | PHPGurukul Pre-School Enrollment System 1.0 /admin/contact-us.php mobnum sql injection

VulDB Recent Entries
9 months ago
A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The identification of this vulnerability is CVE-2025-2362. The attack may be initiated remotely. Furthermore, there is an exploit available. Other parameters might be affected as well.
vuldb.com

CVE-2025-2361 | Mercurial SCM 4.5.3/71.19.145.211 Web Interface cmd cross site scripting

VulDB Recent Entries
9 months ago
A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. This vulnerability was named CVE-2025-2361. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-26553 | Spring Devs Pre Order Addon for WooCommerce Plugin up to 2.2 on WordPress cross site scripting

VulDB Recent Entries
9 months ago
A vulnerability was found in Spring Devs Pre Order Addon for WooCommerce Plugin up to 2.2 on WordPress. It has been classified as problematic. This affects an unknown part. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-26553. It is possible to initiate the attack remotely. There is no exploit available.
vuldb.com

CVE-2025-30076 | Koha up to 22.11.23/23.11.11/24.05.06/24.11.01 tools/scheduler.pl report os command injection

VulDB Recent Entries
9 months ago
A vulnerability was found in Koha up to 22.11.23/23.11.11/24.05.06/24.11.01 and classified as problematic. Affected by this issue is some unknown functionality of the file tools/scheduler.pl. The manipulation of the argument report leads to os command injection. This vulnerability is handled as CVE-2025-30076. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2025-30077 | onosproject onos-lib-go 0.10.28 asn1/aper GetBitString zeronumBits array index (Issue 295)

VulDB Recent Entries
9 months ago
A vulnerability has been found in onosproject onos-lib-go 0.10.28 and classified as critical. Affected by this vulnerability is the function GetBitString of the component asn1/aper. The manipulation of the argument zeronumBits leads to improper validation of array index. This vulnerability is known as CVE-2025-30077. Local access is required to approach this attack. There is no exploit available.
vuldb.com

Managed ad