CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-11313 – Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findRolePage.do findRolePage sql injection
https://notcve.org/view.php?id=CVE-2025-11313
06 Oct 2025 — A flaw has been found in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. ... In Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0 wurde eine Schwachstelle gefunden. • https://github.com/FightingLzn9/vul/blob/main/%E5%A4%A9%E9%94%90%E6%95%B0%E6%8D%AE%E6%B3%84%E9%9C%B2%E9%98%B2%E6%8A%A4%E7%B3%BB%E7%BB%9F-5.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-11312 – Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findModulePage.do findModulePage sql injection
https://notcve.org/view.php?id=CVE-2025-11312
06 Oct 2025 — A vulnerability was detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. ... Es wurde eine Schwachstelle in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0 entdeckt. • https://github.com/FightingLzn9/vul/blob/main/%E5%A4%A9%E9%94%90%E6%95%B0%E6%8D%AE%E6%B3%84%E9%9C%B2%E9%98%B2%E6%8A%A4%E7%B3%BB%E7%BB%9F-4.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-11311 – Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findTenantPage.do findTenantPage sql injection
https://notcve.org/view.php?id=CVE-2025-11311
06 Oct 2025 — A security vulnerability has been detected in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. ... Eine Schwachstelle wurde in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0 gefunden. • https://github.com/FightingLzn9/vul/blob/main/%E5%A4%A9%E9%94%90%E6%95%B0%E6%8D%AE%E6%B3%84%E9%9C%B2%E9%98%B2%E6%8A%A4%E7%B3%BB%E7%BB%9F-3.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-11310 – Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findFileServerPage.do findFileServerPage sql injection
https://notcve.org/view.php?id=CVE-2025-11310
05 Oct 2025 — A weakness has been identified in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. ... In Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0 ist eine Schwachstelle entdeckt worden. • https://github.com/FightingLzn9/vul/blob/main/%E5%A4%A9%E9%94%90%E6%95%B0%E6%8D%AE%E6%B3%84%E9%9C%B2%E9%98%B2%E6%8A%A4%E7%B3%BB%E7%BB%9F-2.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 7.5EPSS: 0%CPEs: 1EXPL: 1CVE-2025-11309 – Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 findDeptPage.do doFilter sql injection
https://notcve.org/view.php?id=CVE-2025-11309
05 Oct 2025 — A security flaw has been discovered in Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0. ... In Tipray 厦门天锐科技股份有限公司 Data Leakage Prevention System 天锐数据泄露防护系统 1.0 wurde eine Schwachstelle gefunden. • https://github.com/FightingLzn9/vul/blob/main/%E5%A4%A9%E9%94%90%E6%95%B0%E6%8D%AE%E6%B3%84%E9%9C%B2%E9%98%B2%E6%8A%A4%E7%B3%BB%E7%BB%9F-1.md • CWE-74: Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection') CWE-89: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') •
CVSS: 6.5EPSS: 0%CPEs: 4EXPL: 0CVE-2025-27236 – User information disclosure via api_jsonrpc.php on method user.get with param search
https://notcve.org/view.php?id=CVE-2025-27236
03 Oct 2025 — A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to. • https://support.zabbix.com/browse/ZBX-27060 • CWE-863: Incorrect Authorization •
CVSS: 9.8EPSS: 0%CPEs: -EXPL: 0CVE-2025-57423
https://notcve.org/view.php?id=CVE-2025-57423
03 Oct 2025 — Due to insufficient input sanitisation, an unauthenticated remote attacker could inject arbitrary SQL commands via a crafted GET request, potentially leading to information disclosure or manipulation of the database. • https://aardwolfsecurity.com/cve-2025-57423-critical-sql-injection-in-myclub •
CVSS: 6.1EPSS: 0%CPEs: 1EXPL: 1CVE-2025-60449
https://notcve.org/view.php?id=CVE-2025-60449
03 Oct 2025 — An information disclosure vulnerability has been discovered in SeaCMS 13.1. • https://snowhy77.github.io/2025/08/21/Information-Disclosure-Vulnerability-in-SeaCMS • CWE-200: Exposure of Sensitive Information to an Unauthorized Actor •
CVSS: 3.5EPSS: 0%CPEs: -EXPL: 0CVE-2025-11203 – LiteLLM Information health API_KEY Information Disclosure Vulnerability
https://notcve.org/view.php?id=CVE-2025-11203
03 Oct 2025 — This vulnerability allows remote attackers to disclose sensitive information on affected installations of LiteLLM. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of the API_KEY parameter provided to the health endpoint. The issue results from exposing sensitive information to an unauthorized actor. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. •
CVSS: 6.9EPSS: 0%CPEs: 2EXPL: 0CVE-2025-54291 – Project existence disclosure in LXD images API
https://notcve.org/view.php?id=CVE-2025-54291
02 Oct 2025 — Information disclosure in images API in Canonical LXD before 6.5 and 5.21.4 on all platforms allows unauthenticated remote attackers to determine project existence via differing HTTP status code responses. • https://github.com/canonical/lxd/security/advisories/GHSA-xch9-h8qw-85c7 • CWE-209: Generation of Error Message Containing Sensitive Information •