Huu1J

#9148of 53,634
29.9Total CVSS
Vulnerabilities · 5
Medium
4
High
1
PT-2025-45585
4.9
2025-11-10
Liweiyi · Chestnutcms · CVE-2025-12923
**Name of the Vulnerable Software and Affected Versions** liweiyi ChestnutCMS versions up to 1.5.8 **Description** A flaw exists in the `resourceDownload` function located in the `/dev-api/common/download` file. Manipulation of the `path` argument can result in path traversal, allowing for remote exploitation. The exploit for this issue has been made public. **Recommendations** versions prior to 1.5.9
PT-2025-44400
5.4
2025-10-30
Csz Cms · Csz Cms · CVE-2025-63608
**Name of the Vulnerable Software and Affected Versions** CSZ-CMS versions prior to 1.3.1 **Description** A SQL injection issue exists in the Form Builder view functionality. The vulnerability is located in the `field` parameter of the form viewing feature, allowing authenticated administrators to execute arbitrary SQL queries. **Recommendations** Update CSZ-CMS to a version newer than 1.3.0.
PT-2025-43861
6.3
2025-10-27
Unknown · Givanz Vvveb · CVE-2025-12203
**Name of the Vulnerable Software and Affected Versions** givanz Vvveb versions up to 1.0.7.3 **Description** A weakness exists in givanz Vvveb related to path traversal. This issue affects the `sanitizeFileName` function within the `system/functions.php` file of the Code Editor component. Manipulation of the `File` argument can lead to unauthorized access. The attack can be initiated remotely, and an exploit is publicly available. **Recommendations** Apply the patch b0fa7ff74a3539c6d37000db152caad572e4c39b to resolve this issue.
PT-2025-42723
7.2
2025-10-19
Unknown · Givanz Vvveb · CVE-2025-11944
**Name of the Vulnerable Software and Affected Versions** givanz Vvveb versions up to 1.0.7.3 **Description** A flaw exists in givanz Vvveb that allows for SQL injection. This issue is related to the `Import` function within the `admin/controller/tools/import.php` file of the Raw SQL Handler component. The attack can be initiated remotely. The exploit has been publicly disclosed. **Recommendations** Apply patch 52204b4a106b2fb02d16eee06a88a1f2697f9b35 to resolve this issue.
PT-2025-40911
6.1
2025-10-06
Emlog · Emlog · CVE-2025-61769
**Name of the Vulnerable Software and Affected Versions** Emlog versions up to and including 2.5.22 **Description** A cross-site scripting (XSS) issue exists in Emlog, potentially allowing authenticated remote attackers to inject arbitrary web script or HTML. This is possible through the file upload functionality, specifically by uploading malicious .svg files containing JavaScript code which is then executed. The issue is addressed by commit 052f9c4226b2c0014bcd857fec47677340b185b1. **Recommendations** Update to a version later than 2.5.22.