Aggregator

CVE-2025-2702 | Softwin WMX3 3.1 /ImageAdd.ashx ImageAdd File unrestricted upload

3 months 1 week ago

A vulnerability, which was classified as critical, has been found in Softwin WMX3 3.1. This issue affects the function ImageAdd of the file /ImageAdd.ashx. The manipulation of the argument File leads to unrestricted upload. The identification of this vulnerability is CVE-2025-2702. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

Submit #516289: www.softwin.cc automatic control system v3.1 RCE [Accepted]

Vuldb Submit

3 months 1 week ago

Submit #516289 / VDB-300719

XU NIE

CVE-2025-2701 | AMTT Hotel Broadband Operation System 1.0 port_setup.php popen os command injection

VulDB Recent Entries

3 months 1 week ago

A vulnerability classified as critical was found in AMTT Hotel Broadband Operation System 1.0. This vulnerability affects the function popen of the file /manager/network/port_setup.php. The manipulation of the argument SwitchVersion/SwitchWrite/SwitchIP/SwitchIndex/SwitchState leads to os command injection. This vulnerability was named CVE-2025-2701. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

Submit #516089: Anmei Century (Beijing) Technology Co., Ltd. Anmei Digital Hotel Broadband Operation System v1.0 Command Execution [Accepted]

Vuldb Submit

3 months 1 week ago

Submit #516089 / VDB-300718

zianA

CVE-2025-2700 | michelson Dante Editor up to 0.4.4 Insert Link cross site scripting

VulDB Recent Entries

3 months 1 week ago

A vulnerability classified as problematic has been found in michelson Dante Editor up to 0.4.4. This affects an unknown part of the component Insert Link Handler. The manipulation leads to cross site scripting. This vulnerability is uniquely identified as CVE-2025-2700. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com

Submit #515870: https://www.npmjs.com/package/jodit jodit 4.5.17 Cross Site Scripting [Duplicate]

Vuldb Submit

3 months 1 week ago

Submit #515870 / VDB-239922

masamune

Submit #515869: https://www.npmjs.com/package/dante3 dante3 * Cross Site Scripting [Accepted]

Vuldb Submit

3 months 1 week ago

Submit #515869 / VDB-300717

masamune

CVE-2025-2699 | GetmeUK ContentTools up to 1.6.16 Image onload cross site scripting

VulDB Recent Entries

3 months 1 week ago

A vulnerability was found in GetmeUK ContentTools up to 1.6.16. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Image Handler. The manipulation of the argument onload leads to cross site scripting. This vulnerability is handled as CVE-2025-2699. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.

vuldb.com