Security Vulnerabilities
An arbitrary file upload vulnerability in the /admin/manager.php component of EasyImages 2.0 v2.8.6 and below allows attackers to execute arbitrary code via uploading a crafted PHP file.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-12-11
A Cross-Site Request Forgery (CSRF) in the /admin/admin.inc.php component of EasyImages 2.0 v2.8.6 and below allows attackers to escalate privileges to Administrator via user interaction with a malicious web page.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-12-11
An arbitrary file rename vulnerability in the /admin/filer.php component of EasyImages 2.0 v2.8.6 and below allows attackers with Administrator privileges to execute arbitrary code via injecting a crafted payload into an uploaded file name.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-12-11
A vulnerability was detected in D-Link DIR-803 up to 1.04. Impacted is an unknown function of the file /getcfg.php of the component Configuration Handler. The manipulation of the argument AUTHORIZED_GROUP results in information disclosure. The attack may be performed from remote. The exploit is now public and may be used. This vulnerability only affects products that are no longer supported by the maintainer.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-12-11
A security flaw has been discovered in Tenda CH22 1.0.0.1. This affects the function frmL7ImForm of the file /goform/L7Im. Performing manipulation of the argument page results in buffer overflow. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-12-11
A weakness has been identified in projectworlds Advanced Library Management System 1.0. This vulnerability affects unknown code of the file /view_book.php. Executing manipulation of the argument book_id can lead to sql injection. The attack can be executed remotely. The exploit has been made available to the public and could be exploited.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-12-11
In JetBrains TeamCity before 2025.11.2 improper repository URL validation could lead to local paths disclosure
CVSS Score
3.1
EPSS Score
0.0
Published
2025-12-11
In JetBrains TeamCity before 2025.11 improper access control could expose GitHub App token's metadata
CVSS Score
2.7
EPSS Score
0.0
Published
2025-12-11
In JetBrains TeamCity before 2025.11 stored XSS was possible via session attribute
CVSS Score
4.6
EPSS Score
0.001
Published
2025-12-11
In JetBrains TeamCity before 2025.11 path traversal was possible via file upload
CVSS Score
3.8
EPSS Score
0.0
Published
2025-12-11