Security Vulnerabilities
A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_funcao_cad.php of the component Editar Função Page. This manipulation of the argument abreviatura/tipoacao causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-09-17
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
CVSS Score
7.7
EPSS Score
0.0
Published
2025-09-17
In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition
CVSS Score
4.2
EPSS Score
0.0
Published
2025-09-17
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-17
A vulnerability was identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /intranet/educar_calendario_anotacao_cad.php. Such manipulation of the argument nm_anotacao/descricao leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-09-17
A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=users. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-09-16
A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=delete_category. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-09-16
A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_receiving. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-09-16
The /api/comment endpoint in zhangyd-c OneBlog 2.3.9 contains a denial-of-service vulnerability.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-09-16
SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module
CVSS Score
9.8
EPSS Score
0.002
Published
2025-09-16