Development

CVE ID : CVE-2012-10051

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : Photodex ProShow Producer version 5.0.3256 contains a stack-based buffer overflow vulnerability in the handling of plugin load list files. When a specially crafted load file is placed in the installation directory, the application fails to properly validate its contents, leading to a buffer overflow when the file is parsed during startup. Exploitation requires local access to place the file and user interaction to launch the application.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2012-10052

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : EGallery version 1.2 contains an unauthenticated arbitrary file upload vulnerability in the uploadify.php script. The application fails to validate file types or enforce authentication, allowing remote attackers to upload malicious PHP files directly into the web-accessible egallery/ directory. This results in full remote code execution under the web server context.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2012-10053

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : Simple Web Server 2.2 rc2 contains a stack-based buffer overflow vulnerability in its handling of the Connection HTTP header. When a remote attacker sends an overly long string in this header, the server uses vsprintf() without proper bounds checking, leading to a buffer overflow on the stack. This flaw allows remote attackers to execute arbitrary code with the privileges of the web server process. The vulnerability is triggered before authentication.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-4796

Published : Aug. 8, 2025, 7:15 p.m. | 4 hours, 44 minutes ago

Description : The Eventin plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 4.0.34. This is due to the plugin not properly validating a user’s identity or capability prior to updating their details like email in the ‘EventinSpeakerApiSpeakerController::update_item’ function. This makes it possible for unauthenticated attackers with contributor-level and above permissions to change arbitrary user’s email addresses, including administrators, and leverage that to reset the user’s password and gain access to their account.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8736

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : A vulnerability, which was classified as critical, has been found in GNU cflow up to 1.8. Affected by this issue is the function yylex of the file c.c of the component Lexer. The manipulation leads to buffer overflow. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8735

Published : Aug. 8, 2025, 7:15 p.m. | 6 hours, 9 minutes ago

Description : A vulnerability classified as problematic was found in GNU cflow up to 1.8. Affected by this vulnerability is the function yylex of the file c.c of the component Lexer. The manipulation leads to null pointer dereference. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8737

Published : Aug. 8, 2025, 8:15 p.m. | 5 hours, 9 minutes ago

Description : A vulnerability, which was classified as problematic, was found in zlt2000 microservices-platform up to 6.0.0. This affects the function onLogoutSuccess of the file src/main/java/com/central/oauth/handler/OauthLogoutSuccessHandler.java. The manipulation of the argument redirect_url leads to open redirect. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8738

Published : Aug. 8, 2025, 8:15 p.m. | 5 hours, 9 minutes ago

Description : A vulnerability has been found in zlt2000 microservices-platform up to 6.0.0 and classified as problematic. This vulnerability affects unknown code of the file /actuator of the component Spring Actuator Interface. The manipulation leads to information disclosure. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 5.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-55188

Published : Aug. 8, 2025, 9:15 p.m. | 4 hours, 9 minutes ago

Description : 7-Zip before 25.01 does not always properly handle symbolic links during extraction.

Severity: 2.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8739

Published : Aug. 8, 2025, 9:15 p.m. | 4 hours, 9 minutes ago

Description : A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0 and classified as problematic. This issue affects some unknown processing of the file /admin/tags/save. The manipulation of the argument tagName leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.

Severity: 4.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8740

Published : Aug. 8, 2025, 9:15 p.m. | 4 hours, 9 minutes ago

Description : A vulnerability was found in zhenfeng13 My-Blog up to 1.0.0. It has been classified as problematic. Affected is an unknown function of the file /admin/categories/save of the component Category Handler. The manipulation of the argument categoryName leads to cross site scripting. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 2.4 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8741

Published : Aug. 8, 2025, 10:16 p.m. | 3 hours, 8 minutes ago

Description : A vulnerability was found in macrozheng mall up to 1.0.3. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/login. The manipulation leads to cleartext transmission of sensitive information. The attack can be launched remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8742

Published : Aug. 8, 2025, 10:16 p.m. | 3 hours, 8 minutes ago

Description : A vulnerability was found in macrozheng mall 1.0.3. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Admin Login. The manipulation leads to improper restriction of excessive authentication attempts. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 3.7 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8743

Published : Aug. 8, 2025, 11:15 p.m. | 2 hours, 9 minutes ago

Description : A vulnerability classified as problematic has been found in Scada-LTS up to 2.7.8.1. This affects an unknown part of the file /data_source_edit.shtm of the component Virtual Data Source Property Handler. The manipulation of the argument Name leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used.

Severity: 3.5 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-46709

Published : Aug. 9, 2025, 12:15 a.m. | 1 hour, 9 minutes ago

Description : Possible memory leak or kernel exceptions caused by reading kernel heap data after free or NULL pointer dereference kernel exception.

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-6573

Published : Aug. 9, 2025, 12:15 a.m. | 1 hour, 9 minutes ago

Description : Kernel software installed and running inside an untrusted/rich execution environment (REE) could leak information from the trusted execution environment (TEE).

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CVE ID : CVE-2025-8744

Published : Aug. 9, 2025, 12:15 a.m. | 1 hour, 9 minutes ago

Description : A vulnerability classified as critical was found in CesiumLab Web up to 4.0. This vulnerability affects unknown code of the file /lodmodels/. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Severity: 7.3 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Master Laravel’s dependency injection through advanced service container patterns that enable flexible application architecture. These powerful binding mechanisms support contextual…

The Laravel MultiPersona package is a lightweight context-layer system for Laravel users. It allows a single user to switch between…

Any motorist who has ever waited through multiple cycles for a traffic light to turn green knows how annoying signalized…