Aggregator

Currently trending CVE - Hype Score: 25 - GLPI is a free asset and IT management software package. An unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 10.0.18.

Currently trending CVE - Hype Score: 54 - A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

Currently trending CVE - Hype Score: 1 - There exists an auth bypass in Google Quickshare where an attacker can upload an unknown file type to a victim. The root cause of the vulnerability lies in the fact that when a Payload Transfer frame of type FILE is sent to Quick Share, the file that is contained in this frame ...

Currently trending CVE - Hype Score: 1 - React Router is a multi-strategy router for React bridging the gap from React 18 to React 19. There is a vulnerability in Remix/React Router that affects all Remix 2 and React Router 7 consumers using the Express adapter. Basically, this vulnerability allows anyone to spoof the ...

Currently trending CVE - Hype Score: 2 - Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is ...

Windows UAC 用于防止未经授权的程序获取管理员权限。一般情况下，标准用户运行需要管理员权限的程序时，系统会弹出 UAC 提示，要求用户手动确认。绕过 UAC 的方式有很多，其中利用 HKCU\Software\Classes 目录下的注册表劫持是一种常见的方法。

A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection. The identification of this vulnerability is CVE-2025-3316. The attack may be initiated remotely. Furthermore, there is an exploit available.

A vulnerability was found in ZendTo up to 5.04-6. It has been declared as problematic. This vulnerability affects unknown code in the library lib/NSSAuthenticator.php of the component MD5 Handler. The manipulation leads to type confusion. This vulnerability was named CVE-2025-32352. The attack can be initiated remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability was found in ZendTo up to 6.10-6. It has been classified as very critical. This affects an unknown part in the library lib/NSSDropoff.php. The manipulation of the argument tmp_name leads to os command injection. This vulnerability is uniquely identified as CVE-2021-47667. It is possible to initiate the attack remotely. There is no exploit available. It is recommended to upgrade the affected component.

重新回味一下当时做出的，品鉴当时没做出的

A vulnerability has been found in NVIDIA Graphics Driver up to 341/369.58/375.62 on Quadro/NVS/GeForce and classified as critical. Affected by this vulnerability is the function DxgDdiEscape in the library nvlddmkm.sys of the component Kernel Mode Layer. The manipulation leads to improper access controls. This vulnerability is known as CVE-2016-8808. An attack has to be approached locally. Furthermore, there is an exploit available. It is recommended to upgrade the affected component.

Port of Seattle is notifying 90,000 people of a data breach after personal data was stolen in a ransomware attack in August 2024. In August 2024, a cyber attack hit the Port of Seattle, which also operates the Seattle-Tacoma International Airport. The attack impacted websites and phone systems. According to The Seattle Times, the cyber […]

A vulnerability has been found in TIBCO JasperReports Server up to 8.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality. The manipulation leads to cross site scripting. This vulnerability is known as CVE-2024-3323. The attack can be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, has been found in excalidraw up to 0.16.3/0.17.5. Affected by this issue is some unknown functionality of the component Web Embeddable. The manipulation leads to cross site scripting. This vulnerability is handled as CVE-2024-32472. The attack may be launched remotely. There is no exploit available. It is recommended to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in WonderCMS 3.4.3. This affects an unknown part. The manipulation of the argument ADMIN LOGIN URL leads to cross site scripting. This vulnerability is uniquely identified as CVE-2024-32337. It is possible to initiate the attack remotely. There is no exploit available.

A vulnerability has been found in WonderCMS 3.4.3 and classified as problematic. This vulnerability affects unknown code of the component Current Page Module. The manipulation of the argument PAGE TITLE leads to cross site scripting. This vulnerability was named CVE-2024-32338. The attack can be initiated remotely. There is no exploit available.

A vulnerability was found in WonderCMS 3.4.3 and classified as problematic. This issue affects some unknown processing. The manipulation leads to cross site scripting. The identification of this vulnerability is CVE-2024-32339. The attack may be initiated remotely. There is no exploit available.

A vulnerability was found in WonderCMS 3.4.3. It has been classified as problematic. Affected is an unknown function of the component Menu Module. The manipulation of the argument WEBSITE TITLE leads to cross site scripting. This vulnerability is traded as CVE-2024-32340. It is possible to launch the attack remotely. There is no exploit available.