5.3
CVE-2025-9801 - SimStudioAI sim path traversal
A security vulnerability has been detected in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. This affects an unknown part. The manipulation of the argument filePath leads to path traversal. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and mβ¦
5.3
CVE-2025-9800 - SimStudioAI sim HTML File route.ts import unrestricted upload
A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can lead to unrestricted β¦
2.3
CVE-2025-9799 - Langfuse Webhook promptRouter.ts promptChangeEventSourcing server-side request forgery
A security flaw has been discovered in Langfuse up to 3.88.0. Affected by this vulnerability is the function promptChangeEventSourcing of the file web/src/features/prompts/server/routers/promptRouter.ts of the component Webhook Handler. Performing manipulation results in server-side request forgeryβ¦
4.8
CVE-2025-9797 - mrvautin expressCart Edit Product edit injection
A vulnerability was determined in mrvautin expressCart up to b31302f4e99c3293bd742c6d076a721e168118b0. This impacts an unknown function of the file /admin/product/edit/ of the component Edit Product Page. This manipulation causes injection. The attack can be initiated remotely. The exploit has beenβ¦
5.1
CVE-2025-9796 - thinkgem JeeSite EncodeUtils.java decodeUrl2 cross site scripting
A vulnerability was found in thinkgem JeeSite up to 5.12.1. This affects the function decodeUrl2 of the file common/src/main/java/com/jeesite/common/codec/EncodeUtils.java. The manipulation results in cross site scripting. It is possible to launch the attack remotely. The exploit has been made publβ¦
9.8
CVE-2024-28988 - SolarWinds Web Help Desk Java Deserialization Remote Code Execution Vulnerability
SolarWinds Web Help Desk was found to be susceptible to a Java Deserialization Remote Code Execution vulnerability that, if exploited, would allow an attacker to run commands on the host machine. This vulnerability was found by the ZDI team after researching a previous vulnerability and providing tβ¦
5.3
CVE-2025-9795 - xujeff tianti 倩撯 UploadController.java ajaxUploadFile unrestricted upload
A vulnerability has been found in xujeff tianti 倩撯 up to 2.3. The impacted element is the function ajaxUploadFile of the file src/main/java/com/jeff/tianti/controller/UploadController.java. The manipulation of the argument upfile leads to unrestricted upload. It is possible to initiate the attack rβ¦
6.9
CVE-2025-9794 - Campcodes Computer Sales and Inventory System pos_transac.php sql injection
A flaw has been found in Campcodes Computer Sales and Inventory System 1.0. The affected element is an unknown function of the file /pages/pos_transac.php?action=add. Executing manipulation of the argument cash/firstname can lead to sql injection. The attack may be performed from remote. The exploiβ¦
0.0
CVE-2025-58440 -
The unisharp/laravel-filemanager is a separate project, unrelated to laravel-filemanager.
6.9
CVE-2025-9793 - itsourcecode Apartment Management System Setting admin.php sql injection
A vulnerability was detected in itsourcecode Apartment Management System 1.0. Impacted is an unknown function of the file /setting/admin.php of the component Setting Handler. Performing manipulation of the argument ddlBranch results in sql injection. The attack is possible to be carried out remotelβ¦