Security Vulnerabilities
dingfanzu CMS V1.0 was discovered to contain a Cross-Site Request Forgery (CSRF) via the component /admin/doAdminAction.php?act=addShop
CVSS Score
3.7
EPSS Score
0.0
Published
2025-09-08
A CSV injection vulnerability in the /id_profiles endpoint of Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via suuplying a crafted Excel file.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-09-08
codeceptjs 3.7.3 contains a command injection vulnerability in the emptyFolder function (lib/utils.js). The execSync command directly concatenates the user-controlled directoryPath parameter without sanitization or escaping, allowing attackers to execute arbitrary commands.
CVSS Score
9.8
EPSS Score
0.01
Published
2025-09-08
An arbitrary file upload vulnerability in the Chat Trigger component of N8N v1.95.3, v1.100.1, and v1.101.1 allows attackers to execute arbitrary code via uploading a crafted HTML file.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-09-08
A Host Header Injection vulnerability in Avigilon ACM v7.10.0.20 allows attackers to execute arbitrary code via supplying a crafted URL.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-09-08
A weakness has been identified in Portabilis i-Educar up to 2.10. Affected by this vulnerability is an unknown functionality of the file /intranet/educar_usuario_cad.php of the component Editar usuário Page. This manipulation of the argument email/data_inicial/data_expiracao causes cross site scripting. It is possible to initiate the attack remotely. The exploit has been made available to the public and could be exploited.
CVSS Score
2.4
EPSS Score
0.0
Published
2025-09-08
A vulnerability was detected in SourceCodester Simple Forum Discussion System 1.0. This impacts an unknown function of the file /admin_class.php?action=login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit is now public and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-09-08
A security flaw has been discovered in PHPGurukul User Management System 1.0. Affected is an unknown function of the file /admin/edit-user-profile.php. The manipulation of the argument uid results in sql injection. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-09-08
An issue was discoverd in file controllers/admin/AdminLoginController.php in PrestaShop before 8.2.1 allowing attackers to gain sensitive information via the reset password feature.
CVSS Score
3.7
EPSS Score
0.0
Published
2025-09-08
A vulnerability was identified in SimStudioAI sim up to 1.0.0. This impacts an unknown function of the file apps/sim/app/api/function/execute/route.ts. The manipulation of the argument code leads to code injection. The attack is possible to be carried out remotely.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-09-08