Security Vulnerabilities
A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_funcao_cad.php of the component Editar Função Page. This manipulation of the argument abreviatura/tipoacao causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-09-17
An Improper Input Validation vulnerability in the scanning logic of mmaitre314 picklescan versions up to and including 0.0.30 allows a remote attacker to bypass pickle files security checks by supplying a standard pickle file with a PyTorch-related file extension. When the pickle file incorrectly considered safe is loaded, it can lead to the execution of malicious code.
CVSS Score
7.8
EPSS Score
0.002
Published
2025-09-17
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
CVSS Score
7.7
EPSS Score
0.0
Published
2025-09-17
In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition
CVSS Score
4.2
EPSS Score
0.0
Published
2025-09-17
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-17
A vulnerability was identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /intranet/educar_calendario_anotacao_cad.php. Such manipulation of the argument nm_anotacao/descricao leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-09-17
A vulnerability was identified in Campcodes Grocery Sales and Inventory System 1.0. Affected by this issue is some unknown functionality of the file /index.php?page=users. The manipulation of the argument page leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly available and might be used.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-09-16
A vulnerability was found in Campcodes Grocery Sales and Inventory System 1.0. Affected is an unknown function of the file /ajax.php?action=delete_category. Performing manipulation of the argument ID results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-09-16
A vulnerability was determined in Campcodes Grocery Sales and Inventory System 1.0. Affected by this vulnerability is an unknown functionality of the file /ajax.php?action=delete_receiving. Executing manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been publicly disclosed and may be utilized.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-09-16
by-night sms V1.0 has an Arbitrary File Upload vulnerability. The /api/sms/upload/headImg endpoint allows uploading arbitrary files. Users can upload files of any size and type.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-09-16