Aggregator

ChatGPT's Codex, which is an AI agent that lets you code and delegate programming tasks, is now testing a new feature that lets you choose the best solution. [...]

A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. This vulnerability is traded as CVE-2025-6167. The attack can only be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. The identification of this vulnerability is CVE-2025-6166. The attack needs to be approached within the local network. There is no exploit available. It is recommended to upgrade the affected component.

Submit #593613 / VDB-312642

Submit #593611 / VDB-312641

A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability was named CVE-2025-6165. The attack can be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is uniquely identified as CVE-2025-6164. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is handled as CVE-2025-6163. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is known as CVE-2025-6162. The attack can be launched remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. This vulnerability is traded as CVE-2025-6161. It is possible to launch the attack remotely. Furthermore, there is an exploit available.

Submit #593603 / VDB-312640

Submit #593602 / VDB-312639

Submit #593601 / VDB-312638

A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /user_customer_create_order.php. The manipulation of the argument user_id leads to sql injection. The identification of this vulnerability is CVE-2025-6160. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability classified as critical was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /allocate_room.php. The manipulation of the argument search_box leads to sql injection. This vulnerability was named CVE-2025-6159. The attack can be initiated remotely. Furthermore, there is an exploit available.

Submit #593600 / VDB-312637

A vulnerability classified as critical has been found in D-Link DIR-665 1.00. This affects the function sub_AC78 of the component HTTP POST Request Handler. The manipulation leads to stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is uniquely identified as CVE-2025-6158. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

Submit #593237 / VDB-312636

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /registered-user-testing.php. The manipulation of the argument testtype leads to sql injection. This vulnerability is handled as CVE-2025-6157. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in PHPGurukul Nipah Virus Testing Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /bwdates-report-ds.php. The manipulation of the argument testtype leads to sql injection. This vulnerability is known as CVE-2025-6156. The attack can be launched remotely. Furthermore, there is an exploit available.