| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| iNiLabs School Express (SMS Express) 6.2 is affected by a Stored Cross-Site Scripting (XSS) vulnerability in the content-management features available to authenticated admin users. The vulnerability resides in POSTed editor parameters submitted to the /posts/edit/{id} endpoint (and similarly in Notice and Pages editors). Due to insufficient input sanitization and output encoding, attackers can inject HTML/JS payloads. The payload is saved and later rendered unsanitized, resulting in JavaScript execution in other users' browsers when they access the affected content. This issue allows an authenticated attacker to execute arbitrary JavaScript in the context of another user, potentially leading to session hijacking, privilege escalation, data exfiltration, or administrative account takeover. The application does not enforce a restrictive Content Security Policy (CSP) or adequate filtering to prevent such attacks. |
| A security flaw has been discovered in Jinher OA 2.0. This affects an unknown part of the file /c6/Jhsoft.Web.module/ToolBar/GetWordFileName.aspx/?text=GetUrl&style=add of the component XML Handler. Performing manipulation results in xml external entity reference. The attack may be initiated remotely. The exploit has been released to the public and may be exploited. |
| IBM Transformation Extender Advanced 10.0.1
could allow a local user to perform unauthorized actions due to improper access controls. |
| A security vulnerability has been detected in fuyang_lipengjun platform 1.0. This issue affects the function UserCouponController of the file /usercoupon/queryAll. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used. |
| IBM Transformation Extender Advanced 10.0.1
does not require that users should have strong passwords by default, which makes it easier for attackers to compromise user accounts. |
| A vulnerability was detected in fuyang_lipengjun platform 1.0. Impacted is the function TopicController of the file /topic/queryAll. The manipulation results in improper authorization. The attack can be executed remotely. The exploit is now public and may be used. |
| IBM Transformation Extender Advanced 10.0.1
does not invalidate session after logout which could allow an authenticated user to impersonate another user on the system. |
| IBM Transformation Extender Advanced 10.0.1 stores potentially sensitive information in log files that could be read by a local user. |
| A flaw has been found in fuyang_lipengjun platform 1.0. The affected element is the function TopicCategoryController of the file /topiccategory/queryAll. This manipulation causes improper authorization. The attack is possible to be carried out remotely. The exploit has been published and may be used. |
| Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the `main` branch. Users won't face this issue if they are using the latest main branch of the app. |
| Cross-site Scripting (XSS) - Generic in GitHub repository frappe/lms prior to 5614a6203fb7d438be8e2b1e3030e4528d170ec4. |
| A vulnerability has been found in fuyang_lipengjun platform 1.0. The impacted element is the function SysSmsLogController of the file /sys/smslog/queryAll. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. |
| A vulnerability was identified in fuyang_lipengjun platform 1.0. This affects the function AttributeCategoryController of the file /attributecategory/queryAll. Such manipulation leads to improper authorization. The attack may be launched remotely. The exploit is publicly available and might be used. |
| A security flaw has been discovered in fuyang_lipengjun platform 1.0. This impacts the function AttributeController of the file /attribute/queryAll. Performing manipulation results in improper authorization. Remote exploitation of the attack is possible. The exploit has been released to the public and may be exploited. |
| A weakness has been identified in fuyang_lipengjun platform 1.0. Affected is the function BrandController of the file /brand/queryAll. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit has been made available to the public and could be exploited. |
| Cursor is a code editor built for programming with AI. In versions 1.7 and below, a vulnerability in the way Cursor CLI Agent protects its sensitive files (i.e. */.cursor/cli.json) allows attackers to modify the content of the files through prompt injection, thus achieving remote code execution. A prompt injection can lead to full RCE through modifying sensitive files on case-insensitive filesystems. This issue is fixed in a commit, 25b418f, but has yet to be released as of October 3, 2025. |
| A vulnerability was identified in D-Link DIR-645 105B01. This issue affects the function soapcgi_main of the file /soap.cgi. Such manipulation of the argument service leads to command injection. The attack can be launched remotely. The exploit is publicly available and might be used. This vulnerability only affects products that are no longer supported by the maintainer. |
| A command injection vulnerability in COMFAST CF-XR11 (firmware V2.7.2) exists in the multi_pppoe API, processed by the sub_423930 function in /usr/bin/webmgnt. The phy_interface parameter is not sanitized, allowing attackers to inject arbitrary commands via a POST request to /cgi-bin/mbox-config?method=SET§ion=multi_pppoe. When the action parameter is set to "one_click_redial", the unsanitized phy_interface is used in a system() call, enabling execution of malicious commands. This can lead to unauthorized access to sensitive files, execution of arbitrary code, or full device compromise. |
| Cursor is a code editor built for programming with AI. In versions 1.7 and below, automatic loading of project-specific CLI configuration from the current working directory (<project>/.cursor/cli.json) could override certain global configurations in Cursor CLI. This allowed users running the CLI inside a malicious repository to be vulnerable to Remote Code Execution through a combination of permissive configuration (allowing shell commands) and prompt injection delivered via project-specific Rules (<project>/.cursor/rules/rule.mdc) or other mechanisms. The fix for this issue is currently available as a patch 2025.09.17-25b418f. As of October 3, 2025 there is no release version. |
| H3C devices running firmware version NX15V100R015 are vulnerable to unauthorized access due to insecure default credentials. The root user account has no password set, and the H3C user account uses the default password "admin," both stored in the /etc/shadow file. Attackers with network access can exploit these credentials to gain unauthorized root-level access to the device via the administrative interface or other network services, potentially leading to privilege escalation, information disclosure, or arbitrary code execution. |
