Total CVEs

143,226

Critical Severity

4,056

High Severity

14,605

Last 7 Days

1,273
Quick preset (or use dates below)
Clear Filters
Showing 14,921 - 14,940 of 15,052 CVEs
CVE-2025-15171 MEDIUM - 5.4

A vulnerability was identified in SohuTV CacheCloud up to 3.2.0. This affects the function index of the file src/main/java/com/sohu/cache/web/controller/ServerController.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly avail...

Vendor: sohu
Product: cachecloud
Published: Dec 29, 2025
Source: NVD
CVE-2025-15170 MEDIUM - 6.1

A security vulnerability has been detected in Advaya Softech GEMS ERP Portal up to 2.1. This affects an unknown part of the file /home.jsp?isError=true of the component Error Message Handler. The manipulation of the argument Message leads to cross site scripting. It is possible to initiate the attac...

Vendor: advayasoftech
Product: gems_erp_portal
Published: Dec 29, 2025
Source: NVD
CVE-2025-15066 MEDIUM - 6.2

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Missing Authorization vulnerability in Innorix WP allows Path Traversal.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the product is installe...

Published: Dec 29, 2025
Source: NVD
CVE-2025-15065 MEDIUM - 6.3

Exposure of Sensitive Information to an Unauthorized Actor, Missing Encryption of Sensitive Data, Files or Directories Accessible to External Parties vulnerability in Kings Information & Network Co. KESS Enterprise on Windows allows Privilege Escalation, Modify Existing Service, Modify Shared Fi...

Published: Dec 29, 2025
Source: NVD
CVE-2025-15156 MEDIUM - 4.3

A flaw has been found in omec-project UPF up to 2.1.3-dev. This affects the function handleSessionEstablishmentRequest of the file /pfcpiface/pfcpiface/messages_session.go of the component PFCP Session Establishment Request Handler. This manipulation causes null pointer dereference. The attack may b...

Published: Dec 28, 2025
Source: NVD
CVE-2025-15154 MEDIUM - 5.3

A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiate...

Vendor: pbootcms
Product: pbootcms
Published: Dec 28, 2025
Source: NVD
CVE-2025-15153 MEDIUM - 5.9

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are highly...

Vendor: pbootcms
Product: pbootcms
Published: Dec 28, 2025
Source: NVD
CVE-2025-15152 MEDIUM - 6.3

A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted upl...

Published: Dec 28, 2025
Source: NVD
CVE-2025-15146 MEDIUM - 4.8

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function doUserList of the file src/main/java/com/sohu/cache/web/controller/UserManageController.java. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit is now pub...

Vendor: sohu
Product: cachecloud
Published: Dec 28, 2025
Source: NVD
CVE-2025-15145 MEDIUM - 6.1

A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. This affects the function doTotalList of the file src/main/java/com/sohu/cache/web/controller/TotalManageController.java. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has...

Vendor: sohu
Product: cachecloud
Published: Dec 28, 2025
Source: NVD
CVE-2025-15144 MEDIUM - 6.1

A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function dr_show_error/dr_exit_msg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiate...

Vendor: xunruicms
Product: xunruicms
Published: Dec 28, 2025
Source: NVD
CVE-2025-15135 MEDIUM - 6.3

A weakness has been identified in joey-zhou xiaozhi-esp32-server-java up to 3.0.0. This impacts the function tryAuthenticateWithCookies of the file AuthenticationInterceptor.java of the component Cookie Handler. Executing manipulation can lead to improper authentication. The attack can be launched r...

Published: Dec 28, 2025
Source: NVD
CVE-2025-15130 MEDIUM - 4.7

A vulnerability has been found in shanyu SyCms up to a242ef2d194e8bb249dc175e7c49f2c1673ec921. This issue affects the function addPost of the file Application/Admin/Controller/FileManageController.class.php of the component Administrative Panel. The manipulation leads to code injection. The attack i...

Published: Dec 28, 2025
Source: NVD
CVE-2025-15129 MEDIUM - 6.3

A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the function Upload of the file application/lib/file/LocalUploader.php of the component File Upload Handler. Executing manipulation of the argument File can lead to code injection. The attack can be executed r...

Published: Dec 28, 2025
Source: NVD
CVE-2025-15128 MEDIUM - 5.3

A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown part of the file /base/safe_setting/ of the component Endpoint. Performing manipulation of the argument backup_encryption_password_decrypt/export_encryption_password_decrypt results in unprotected storage...

Published: Dec 28, 2025
Source: NVD
CVE-2025-15121 MEDIUM - 4.9

A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDeptRoleByUserId of the file /sys/sysDepartRole/getDeptRoleByUserId. Such manipulation of the argument departId leads to information disclosure. The vendor was contacted early about this disclosure but d...

Vendor: jeecg
Product: jeecg_boot
Published: Dec 28, 2025
Source: NVD
CVE-2025-15118 MEDIUM - 4.3

A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affects unknown code of the file /member/address/update/ of the component Member Endpoint. The manipulation leads to improper authorization. Remote exploitation of the attack is possible. The exploit has be...

Vendor: macrozheng
Product: mall
Published: Dec 28, 2025
Source: NVD
CVE-2025-15116 MEDIUM - 4.8

A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unknown functionality of the component Single-Use Coupon Handler. Performing manipulation results in race condition. The attack may be initiated remotely. The attack's complexity is rated as high. The ...

Vendor: opencart
Product: opencart
Published: Dec 28, 2025
Source: NVD
CVE-2025-68972 MEDIUM - 4.7

In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can construct a modified message that places additional text after the signed material, such that signature verification of the modified message succeeds (although an "invalid armor" message is ...

Vendor: gnupg
Product: gnupg
Published: Dec 27, 2025
Source: NVD
CVE-2025-15106 MEDIUM - 4.3

A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function router.get of the file server/src/routes/auth.ts of the component Authentication Endpoint. Executing manipulation can lead to improper authorization. The attack can be executed remotely. The exploit h...

Vendor: maxun
Product: maxun
Published: Dec 27, 2025
Source: NVD