Threat and Vulnerability Intelligence Database

Example Searches:

CVE-2025-3830	kuangstudy KuangSimpleBBS QuestionController.java fileUpload unrestricted upload Description: A vulnerability was found in kuangstudy KuangSimpleBBS 1.0. It has been declared as critical. Affected by this vulnerability is the function fileUpload of the file src/main/java/com/kuang/controller/QuestionController.java. The manipulation of the argument editormd-image-file leads to unrestricted upload. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In kuangstudy KuangSimpleBBS 1.0 wurde eine kritische Schwachstelle ausgemacht. Betroffen ist die Funktion fileUpload der Datei src/main/java/com/kuang/controller/QuestionController.java. Durch die Manipulation des Arguments editormd-image-file mit unbekannten Daten kann eine unrestricted upload-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (5.3) Source: CVE April 20th, 2025 (about 2 hours ago)
CVE-2025-3829	PHPGurukul Men Salon Management System sales-reports-detail.php sql injection Description: A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/sales-reports-detail.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine kritische Schwachstelle in PHPGurukul Men Salon Management System 1.0 ausgemacht. Hiervon betroffen ist ein unbekannter Codeblock der Datei /admin/sales-reports-detail.php. Mit der Manipulation des Arguments fromdate/todate mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (6.9) Source: CVE April 20th, 2025 (about 2 hours ago)
CVE-2025-3828	PHPGurukul Men Salon Management System view-appointment.php sql injection Description: A vulnerability was found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/view-appointment.php?viewid=11. The manipulation of the argument remark leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Other parameters might be affected as well. Eine kritische Schwachstelle wurde in PHPGurukul Men Salon Management System 1.0 gefunden. Davon betroffen ist unbekannter Code der Datei /admin/view-appointment.php?viewid=11. Dank Manipulation des Arguments remark mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (6.9) Source: CVE April 20th, 2025 (about 3 hours ago)
CVE-2025-3827	PHPGurukul Men Salon Management System forgot-password.php sql injection Description: A vulnerability has been found in PHPGurukul Men Salon Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/forgot-password.php. The manipulation of the argument email leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. In PHPGurukul Men Salon Management System 1.0 wurde eine kritische Schwachstelle gefunden. Hierbei betrifft es unbekannten Programmcode der Datei /admin/forgot-password.php. Dank der Manipulation des Arguments email mit unbekannten Daten kann eine sql injection-Schwachstelle ausgenutzt werden. Umgesetzt werden kann der Angriff über das Netzwerk. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (6.9) Source: CVE April 20th, 2025 (about 3 hours ago)
CVE-2025-27220	Azure Linux 3.0 Security Update: ruby (CVE-2025-27220) Description: Nessus Plugin ID 234638 with Medium Severity Synopsis The remote Azure Linux host is missing one or more security updates. Description The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27220 advisory. - In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method. (CVE-2025-27220)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234638 CVSS: MEDIUM (4.0) Source: Tenable Plugins April 20th, 2025 (about 3 hours ago)
CVE-2025-27219	Azure Linux 3.0 Security Update: ruby (CVE-2025-27219) Description: Nessus Plugin ID 234639 with Medium Severity Synopsis The remote Azure Linux host is missing one or more security updates. Description The version of ruby installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-27219 advisory. - In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies. (CVE-2025-27219)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234639 CVSS: MEDIUM (5.8) Source: Tenable Plugins April 20th, 2025 (about 3 hours ago)
CVE-2020-28493	Azure Linux 3.0 Security Update: nodejs / python-jinja2 (CVE-2020-28493) Description: Nessus Plugin ID 234641 with Critical Severity Synopsis The remote Azure Linux host is missing one or more security updates. Description The version of nodejs / python-jinja2 installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2020-28493 advisory. - This affects the package jinja2 from 0.0.0 and before 2.11.3. The ReDoS vulnerability is mainly due to the `_punctuation_re regex` operator and its use of multiple wildcards. The last wildcard is the most exploitable as it searches for trailing punctuation. This issue can be mitigated by Markdown to format user content instead of the urlize filter, or by implementing request timeouts and limiting process memory. (CVE-2020-28493)Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported version number. Solution Update the affected packages. Read more at https://www.tenable.com/plugins/nessus/234641 CVSS: MEDIUM (5.3) Source: Tenable Plugins April 20th, 2025 (about 3 hours ago)
CVE-2025-3826	SourceCodester Web-based Pharmacy Product Management System add-supplier.php cross site scripting Description: A vulnerability, which was classified as problematic, was found in SourceCodester Web-based Pharmacy Product Management System 1.0. This affects an unknown part of the file add-supplier.php. The manipulation of the argument txtsupplier_name/txtaddress leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. Es wurde eine problematische Schwachstelle in SourceCodester Web-based Pharmacy Product Management System 1.0 gefunden. Dabei betrifft es einen unbekannter Codeteil der Datei add-supplier.php. Durch Beeinflussen des Arguments txtsupplier_name/txtaddress mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Die Umsetzung des Angriffs kann dabei über das Netzwerk erfolgen. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (4.8) Source: CVE April 20th, 2025 (about 6 hours ago)
CVE-2025-3825	SourceCodester Web-based Pharmacy Product Management System add-category.php cross site scripting Description: A vulnerability, which was classified as problematic, has been found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this issue is some unknown functionality of the file add-category.php. The manipulation of the argument txtcategory_name leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Eine problematische Schwachstelle wurde in SourceCodester Web-based Pharmacy Product Management System 1.0 entdeckt. Dies betrifft einen unbekannten Teil der Datei add-category.php. Durch das Beeinflussen des Arguments txtcategory_name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk passieren. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (4.8) Source: CVE April 20th, 2025 (about 7 hours ago)
CVE-2025-3824	SourceCodester Web-based Pharmacy Product Management System add-product.php cross site scripting Description: A vulnerability classified as problematic was found in SourceCodester Web-based Pharmacy Product Management System 1.0. Affected by this vulnerability is an unknown functionality of the file add-product.php. The manipulation of the argument txtprice/txtproduct_name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. In SourceCodester Web-based Pharmacy Product Management System 1.0 wurde eine problematische Schwachstelle entdeckt. Das betrifft eine unbekannte Funktionalität der Datei add-product.php. Durch Manipulieren des Arguments txtprice/txtproduct_name mit unbekannten Daten kann eine cross site scripting-Schwachstelle ausgenutzt werden. Der Angriff kann über das Netzwerk angegangen werden. Der Exploit steht zur öffentlichen Verfügung. CVSS: MEDIUM (4.8) Source: CVE April 20th, 2025 (about 8 hours ago)