5.3

CVSS4.0

CVE-2025-14522 - baowzh hfly upload_json.php unrestricted upload

A vulnerability was detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The impacted element is an unknown function of the file /Public/Kindeditor/php/upload_json.php. Performing manipulation of the argument imgFile results in unrestricted upload. It is possible to initiate the …

πŸ“… Published: Dec. 11, 2025, 4:02 p.m. πŸ”„ Last Modified: Jan. 9, 2026, 1:50 a.m.

5.3

CVSS4.0

CVE-2025-14521 - baowzh hfly download path traversal

A security vulnerability has been detected in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. The affected element is an unknown function of the file /admin/index.php/datafile/download. Such manipulation of the argument filename leads to path traversal. The attack may be performed from …

πŸ“… Published: Dec. 11, 2025, 4:02 p.m. πŸ”„ Last Modified: Jan. 9, 2026, 1:54 a.m.

5.3

CVSS4.0

CVE-2025-14520 - baowzh hfly delfile path traversal

A weakness has been identified in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. Impacted is an unknown function of the file /admin/index.php/datafile/delfile. This manipulation of the argument filename causes path traversal. The attack is possible to be carried out remotely. The explo…

πŸ“… Published: Dec. 11, 2025, 3:32 p.m. πŸ”„ Last Modified: Jan. 9, 2026, 1:58 a.m.

3.8

CVSS3.1

CVE-2025-67742 -

In JetBrains TeamCity before 2025.11 path traversal was possible via file upload

πŸ“… Published: Dec. 11, 2025, 3:19 p.m. πŸ”„ Last Modified: Dec. 15, 2025, 8:06 p.m.

4.8

CVSS3.1

CVE-2025-67741 -

In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute

πŸ“… Published: Dec. 11, 2025, 3:19 p.m. πŸ”„ Last Modified: Dec. 15, 2025, 8:06 p.m.

2.7

CVSS3.1

CVE-2025-67740 -

In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata

πŸ“… Published: Dec. 11, 2025, 3:19 p.m. πŸ”„ Last Modified: Dec. 15, 2025, 8:07 p.m.

3.1

CVSS3.1

CVE-2025-67739 -

In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure

πŸ“… Published: Dec. 11, 2025, 3:19 p.m. πŸ”„ Last Modified: Dec. 23, 2025, 9:10 p.m.

5.1

CVSS4.0

CVE-2025-14519 - baowzh hfly advtext add cross site scripting

A security flaw has been discovered in baowzh hfly up to 638ff9abe9078bc977c132b37acbe1900b63491c. This issue affects some unknown processing of the file /admin/index.php/advtext/add of the component advtext Module. The manipulation results in cross site scripting. The attack can be executed remote…

πŸ“… Published: Dec. 11, 2025, 3:02 p.m. πŸ”„ Last Modified: Jan. 6, 2026, 2:36 p.m.

5.3

CVSS4.0

CVE-2025-14518 - PowerJob Network Request PingPongUtils.java checkConnectivity server-side request forgery

A vulnerability was identified in PowerJob up to 5.1.2. This vulnerability affects the function checkConnectivity of the file src/main/java/tech/powerjob/common/utils/net/PingPongUtils.java of the component Network Request Handler. The manipulation of the argument targetIp/targetPort leads to serve…

πŸ“… Published: Dec. 11, 2025, 3:02 p.m. πŸ”„ Last Modified: Feb. 24, 2026, 6:16 a.m.

7.6

CVSS3.1

CVE-2025-13124 - IDOR in Netiket''s ApplyLogic

Authorization Bypass Through User-Controlled Key vulnerability in Netiket Information Technologies Ltd. Co. ApplyLogic allows Exploitation of Trusted Identifiers.This issue affects ApplyLogic: through 01.12.2025.

πŸ“… Published: Dec. 11, 2025, 2:30 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.
Total resulsts: 346565
Page 2399 of 34,657
Β« previous page Β» next page
Filters