F10Wers13Eicheng

#8777of 53,633
31.2Total CVSS
Vulnerabilities · 4
Medium
1
High
2
Critical
1
PT-2025-36720
8.8
2025-09-09
Apache · Apache Hertzbeat · CVE-2025-48208
Name of the Vulnerable Software and Affected Versions: Apache HertzBeat versions through 1.7.2 Description: This issue involves an improper neutralization of special elements used in an LDAP query, specifically an LDAP injection flaw, in Apache HertzBeat. An attacker requires an authenticated account with access to trigger the issue by crafting custom commands. A successful attack could lead to arbitrary script execution. Recommendations: Upgrade to version 1.7.3 to resolve the issue.
PT-2025-7670
5.3
2025-02-23
Unknown · Opensolon Solon · CVE-2025-1584
**Name of the Vulnerable Software and Affected Versions** opensolon Solon versions up to 3.0.8 **Description** A vulnerability was found in the Solon Web Static Files component, affecting the file `StaticMappings.java`. The manipulation leads to path traversal, allowing an attacker to access files outside the intended directory using '../filedir'. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. **Recommendations** For opensolon Solon versions up to 3.0.8, upgrade to version 3.0.9 to address this issue. As a temporary workaround, consider restricting access to the vulnerable `StaticMappings.java` file until the patch is applied.
PT-2022-19010
7.3
2022-08-22
Sourcecodester · Sourcecodester Gym Management System · CVE-2022-2842
**Name of the Vulnerable Software and Affected Versions** SourceCodester Gym Management System (affected versions not specified) **Description** A critical issue has been found in the SourceCodester Gym Management System, affecting the file login.php. The manipulation of the `user email` argument leads to SQL injection. This issue can be exploited remotely. **Recommendations** At the moment, there is no information about a newer version that contains a fix for this vulnerability.
PT-2022-19175
9.8
2022-08-17
Laravel · Laravel · CVE-2022-2870
**Name of the Vulnerable Software and Affected Versions** laravel version 5.1 **Description** A problematic issue was found, affecting some unknown processing, which leads to deserialization when manipulated. The attack can be initiated remotely. **Recommendations** For laravel version 5.1, at the moment, there is no information about a newer version that contains a fix for this vulnerability.