Security Vulnerabilities
Open5GS v2.7.5, prior to commit 67ba7f92bbd7a378954895d96d9d7b05d5b64615, is vulnerable to a NULL pointer dereference when a multipart/related HTTP POST request with an empty HTTP body is sent to the SBI of either AMF, AUSF, BSF, NRF, NSSF, PCF, SMF, UDM, or UDR, resulting in a denial of service. This occurs in the parse_multipart function in lib/sbi/message.c.
CVSS Score
4.0
EPSS Score
0.0
Published
2025-09-17
A vulnerability was detected in SourceCodester Online Student File Management System 1.0. Affected is an unknown function of the file /admin/update_student.php. Performing manipulation of the argument stud_id results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-09-17
A flaw has been found in SourceCodester Online Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/delete_student.php. Executing manipulation of the argument stud_id can lead to sql injection. It is possible to launch the attack remotely. The exploit has been published and may be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-09-17
A security vulnerability has been detected in itsourcecode Online Public Access Catalog OPAC 1.0. This impacts an unknown function of the file mysearch.php of the component POST Parameter Handler. Such manipulation of the argument search_field/search_text leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-09-17
A security flaw has been discovered in Portabilis i-Educar up to 2.10. The impacted element is an unknown function of the file /intranet/educar_usuario_det.php. The manipulation of the argument ref_pessoa results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited.
CVSS Score
4.3
EPSS Score
0.0
Published
2025-09-17
A weakness has been identified in Portabilis i-Educar up to 2.10. This affects an unknown function of the file /intranet/educar_funcao_cad.php of the component Editar Função Page. This manipulation of the argument abreviatura/tipoacao causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-09-17
In JetBrains TeamCity before 2025.07.2 missing Git URL validation allowed credential leakage on Windows
CVSS Score
7.7
EPSS Score
0.0
Published
2025-09-17
In JetBrains TeamCity before 2025.07.2 project isolation bypass was possible due to race condition
CVSS Score
4.2
EPSS Score
0.0
Published
2025-09-17
In JetBrains TeamCity before 2025.07.2 path traversal was possible during project archive upload
CVSS Score
5.5
EPSS Score
0.0
Published
2025-09-17
A vulnerability was identified in Portabilis i-Educar up to 2.10. Impacted is an unknown function of the file /intranet/educar_calendario_anotacao_cad.php. Such manipulation of the argument nm_anotacao/descricao leads to cross site scripting. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
CVSS Score
3.5
EPSS Score
0.0
Published
2025-09-17