6.9
CVE-2025-10673 - itsourcecode Student Information Management System index.php sql injection
A vulnerability was determined in itsourcecode Student Information Management System 1.0. The impacted element is an unknown function of the file /admin/modules/class/index.php. This manipulation of the argument classId causes sql injection. The attack may be initiated remotely. The exploit has beeβ¦
2.7
CVE-2025-59421 - Press vulnerable to email flooding to users due to lack of validation and rate limits
Press, a Frappe custom app that runs Frappe Cloud, manages infrastructure, subscription, marketplace, and software-as-a-service (SaaS). A bad actor can flood the inbox of a user by repeatedly sending invites (duplicate). The issue is fixed in commit 83c3fc7676c5dbbe1fd5092d21d95a10c7b48615.
6.8
CVE-2025-59417 - Lobe Chat Desktop Vulnerable to Remote Code Execution via XSS in Chat Messages
Lobe Chat is an open-source artificial intelligence chat framework. Prior to version 1.129.4, there is a a cross-site scripting (XSS) vulnerability when handling chat message in lobe-chat that can be escalated to remote code execution on the userβs machine. In lobe-chat, when the response from the β¦
8.5
CVE-2025-10672 - whuan132 AIBattery com.collweb.AIBatteryHelper BatteryXPCService.swift missing authentication
A vulnerability was found in whuan132 AIBattery up to 1.0.9. The affected element is an unknown function of the file AIBatteryHelper/XPC/BatteryXPCService.swift of the component com.collweb.AIBatteryHelper. The manipulation results in missing authentication. The attack requires a local approach. Thβ¦
6.3
CVE-2025-10671 - youth-is-as-pale-as-poetry e-learning JWT Token JwtUtils.java encryptSecret random values
A vulnerability has been found in youth-is-as-pale-as-poetry e-learning 1.0. Impacted is the function encryptSecret of the file e-learning-master\exam-api\src\main\java\com\yf\exam\ability\shiro\jwt\JwtUtils.java of the component JWT Token Handler. The manipulation leads to insufficiently random vaβ¦
4.3
CVE-2025-59040 - Tuleap backlog item representations do not verify the permissions of the child trackers
Tuleap is an Open Source Suite to improve management of software developments and collaboration. Backlog item representations do not verify the permissions of the child trackers. Users might see tracker names they should not have access to. This vulnerability is fixed in Tuleap Community Edition 16β¦
6.9
CVE-2025-10670 - itsourcecode E-Logbook with Health Monitoring System for COVID-19 check_profile.php sql injection
A flaw has been found in itsourcecode E-Logbook with Health Monitoring System for COVID-19 1.0. This issue affects some unknown processing of the file /check_profile.php. Executing manipulation of the argument profile_id can lead to sql injection. It is possible to launch the attack remotely. The eβ¦
6.3
CVE-2025-4444 - Tor Onion Service Descriptor resource consumption
A security flaw has been discovered in Tor up to 0.4.7.16/0.4.8.17. Impacted is an unknown function of the component Onion Service Descriptor Handler. Performing manipulation results in resource consumption. The attack may be initiated remotely. The attack's complexity is rated as high. The exploitβ¦
0.0
CVE-2022-50377 - ext4: check and assert if marking an no_delete evicting inode dirty
In the Linux kernel, the following vulnerability has been resolved: ext4: check and assert if marking an no_delete evicting inode dirty In ext4_evict_inode(), if we evicting an inode in the 'no_delete' path, it cannot be raced by another mark_inode_dirty(). If it happens, someone else may accidenβ¦
5.3
CVE-2025-10669 - Airsonic-Advanced Playlist Upload unrestricted upload
A vulnerability was detected in Airsonic-Advanced up to 10.6.0. This vulnerability affects unknown code of the component Playlist Upload Handler. Performing manipulation results in unrestricted upload. It is possible to initiate the attack remotely. The exploit is now public and may be used.