Through layers of intermediaries, stablecoins can be moved, swapped and mixed into pools of other funds in ways that are
Vulnerabilities
CVE-2025-14204 | TykoDev cherry-studio-TykoFork 0.1 OAuth Server Discovery oauth-authorization-server redirectToAuthorization authorizationUrl os command injection
A vulnerability was found in TykoDev cherry-studio-TykoFork 0.1 and classified as critical. This issue affects the function redirectToAuthorization of the
CVE-2025-14205 | code-projects Chamber of Commerce Membership Management System 1.0 Your Info /membership_profile.php Full Name/Address/City/State cross site scripting
A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. It has been classified as problematic. Impacted
CVE-2025-14206 | SourceCodester Online Student Clearance System 1.0 Fee Table /Admin/delete-fee.php ID improper authorization
A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been declared as critical. The affected element
CVE-2025-14207 | tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15 /admin/invoiceprint.php ID sql injection
A vulnerability was found in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. It has been rated as critical. The impacted element is
CVE-2025-14208 | D-Link DIR-823X up to 20250416 /goform/set_wan_settings sub_415028 ppp_username command injection
A vulnerability categorized as critical has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of
CVE-2025-14209 | Campcodes School File Management System 1.0 /update_query.php stud_id sql injection
A vulnerability identified as critical has been detected in Campcodes School File Management System 1.0. This impacts an unknown function
CVE-2025-14210 | projectworlds Advanced Library Management System 1.0 /delete_member.php user_id sql injection
A vulnerability labeled as critical has been found in projectworlds Advanced Library Management System 1.0. Affected is an unknown function
CVE-2025-14211 | projectworlds Advanced Library Management System 1.0 /delete_book.php book_id sql injection
A vulnerability marked as critical has been reported in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is
CVE-2025-14212 | projectworlds Advanced Library Management System 1.0 /member_search.php roll_number sql injection
A vulnerability described as critical has been identified in projectworlds Advanced Library Management System 1.0. Affected by this issue is
Fedora 43: webkitgtk Critical Update for CVE-2025-13947, 43458, 66287
Fix seeking and looping of media elements that set the loop property. Fix several crashes and rendering issues. Fix CVE-2025-13947,
Fedora 43: TinyGLTF 2.9.7 Security Advisory FEDORA-2025-47bff6f74d
Update to 2.9.7LinuxSecurity – Security AdvisoriesRead More
CVE-2025-14192 | RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2 auth_login.php Username sql injection
A vulnerability marked as critical has been reported in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2. This affects an unknown part of
CVE-2025-14193 | code-projects Employee Profile Management System 1.0 /view_personnel.php per_id sql injection
A vulnerability described as critical has been identified in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code
CVE-2025-14194 | code-projects Employee Profile Management System 1.0 /view_personnel.php per_address/dr_school/other_school cross site scripting
A vulnerability classified as problematic has been found in code-projects Employee Profile Management System 1.0. This issue affects some unknown
CVE-2025-14195 | code-projects Employee Profile Management System 1.0 add_file_query.php per_file unrestricted upload
A vulnerability classified as critical was found in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of
CVE-2025-14196 | H3C Magic B1 up to 100R004 /goform/aspForm sub_44de0 param buffer overflow
A vulnerability, which was classified as critical, has been found in H3C Magic B1 up to 100R004. The affected element
CVE-2025-14197 | Verysync 微力同步 up to 2.21.3 Web Administration f96956469e7be39d information disclosure
A vulnerability, which was classified as problematic, was found in Verysync 微力同步 up to 2.21.3. The impacted element is an
CVE-2025-14198 | Verysync 微力同步 2.21.3 Web Administration download?key=dummytoken information disclosure
A vulnerability has been found in Verysync 微力同步 2.21.3 and classified as problematic. This affects an unknown function of the
CVE-2025-14199 | Verysync 微力同步 up to 2.21.3 Web Administration text.txt?override=false unrestricted upload
A vulnerability was found in Verysync 微力同步 up to 2.21.3 and classified as critical. This impacts an unknown function of
CVE-2025-14200 | alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f Request Pending Page /usersub.php cross site scripting
A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. It has been classified as problematic. Affected is an unknown
CVE-2025-14201 | alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f /dishsub.php item.name cross site scripting
A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. It has been declared as problematic. Affected by this vulnerability
CVE-2025-14191 | UTT 进取 512W up to 1.7.7-171114 formP2PLimitConfig strcpy except buffer overflow
A vulnerability labeled as critical has been found in UTT 进取 512W up to 1.7.7-171114. Affected by this issue is
CVE-2025-14185 | Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp AppServletService.class usercode sql injection
A vulnerability was found in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp and classified as critical. The affected element is an unknown function
CVE-2025-14186 | Grandstream GXP1625 1.0.7.4 Network Status Page /cgi-bin/api.values.post vpn_ip cross site scripting
A vulnerability was found in Grandstream GXP1625 1.0.7.4. It has been classified as problematic. The impacted element is an unknown
CVE-2025-14187 | UGREEN DH2100+ up to 5.3.0.251125 nas_svr /v1/file/backup/create handler_file_backup_create path buffer overflow
A vulnerability was found in UGREEN DH2100+ up to 5.3.0.251125. It has been declared as critical. This affects the function
CVE-2025-14188 | UGREEN DH2100+ up to 5.3.0.251125 nas_svr /v1/file/backup/create handler_file_backup_create path command injection
A vulnerability was found in UGREEN DH2100+ up to 5.3.0.251125. It has been rated as critical. This impacts the function
CVE-2025-14189 | Chanjet CRM up to 20251121 jxf_dump_table_demo.php gblOrgID sql injection
A vulnerability categorized as critical has been discovered in Chanjet CRM up to 20251121. Affected is an unknown function of
CVE-2025-14190 | Chanjet TPlus up to 20251121 currentAccId sql injection
A vulnerability identified as critical has been detected in Chanjet TPlus up to 20251121. Affected by this vulnerability is an
CVE-2025-13292 | Google Cloud Apigee-X up to 1-16-0-apigee-2 Analytics privileges management
A vulnerability classified as critical was found in Google Cloud Apigee-X up to 1-16-0-apigee-2. This affects an unknown part of
CVE-2025-14182 | Sobey Media Convergence System 2.0/2.1 upload File path traversal
A vulnerability, which was classified as critical, has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown
CVE-2025-14183 | SGAI Space1 NAS N1211DS up to 1.0.915 gsaiagent /cgi-bin/JSONAPI GET_FACTORY_INFO/GET_USER_INFO credentials storage
A vulnerability, which was classified as problematic, was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects
CVE-2025-14184 | SGAI Space1 NAS N1211DS up to 1.0.915 gsaiagent /cgi-bin/JSONAPI RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD command injection
A vulnerability has been found in SGAI Space1 NAS N1211DS up to 1.0.915 and classified as critical. Impacted is the
CVE-2025-66577 | yhirose cpp-httplib up to 0.26.x Header get_client_ip X-Forwarded-For neutralization for logs (GHSA-gfpf-r66f-5mh2)
A vulnerability was found in yhirose cpp-httplib up to 0.26.x. It has been declared as problematic. The impacted element is
CVE-2020-36878 | ReQuest Serious Play Media Player 1.5.1.820/1.5.2.821/1.5.2.822/2.1.0.831/3.0.0 File file inclusion (Exploit 48949 / EDB-48949)
A vulnerability was found in ReQuest Serious Play Media Player 1.5.1.820/1.5.2.821/1.5.2.822/2.1.0.831/3.0.0. It has been rated as problematic. This affects an
CVE-2025-66570 | yhirose cpp-httplib up to 0.26.x Request Header httplib.h read_headers authentication spoofing (GHSA-xm2j-vfr9-mg9m)
A vulnerability categorized as critical has been discovered in yhirose cpp-httplib up to 0.26.x. This impacts the function read_headers in
CVE-2025-66562 | AI-QL tuui up to 1.3.3 IPC Interface cross site scripting (GHSA-qjhq-rgmr-6c3g)
A vulnerability identified as problematic has been detected in AI-QL tuui up to 1.3.3. Affected is an unknown function of
CVE-2020-36881 | Flexsense DiskBoss 7.7.14 Directory Add Input Directory memory corruption (Exploit 48279 / EDB-48279)
A vulnerability labeled as critical has been found in Flexsense DiskBoss 7.7.14. Affected by this vulnerability is an unknown functionality
CVE-2025-66515 | Nextcloud Approval App up to 1.3.0/2.4.x improper authentication (GHSA-q26g-fmjq-x5g5)
A vulnerability marked as critical has been reported in Nextcloud Approval App up to 1.3.0/2.4.x. Affected by this issue is
CVE-2025-66514 | Nextcloud Mail up to 5.5.2 Message cross site scripting (GHSA-v394-8gpc-6fv5)
A vulnerability described as problematic has been identified in Nextcloud Mail up to 5.5.2. This affects an unknown part of
CVE-2025-66554 | Nextcloud Contacts App up to 5.5.3/6.0.5/7.2.4 CSS File Parser organisation/title cross site scripting (GHSA-9v78-cpfc-v6h2)
A vulnerability classified as problematic has been found in Nextcloud Contacts App up to 5.5.3/6.0.5/7.2.4. This vulnerability affects unknown code
CVE-2025-66553 | Nextcloud Tables up to 0.8.6/0.9.3 authorization (GHSA-p53h-6294-crjw)
A vulnerability classified as problematic was found in Nextcloud Tables up to 0.8.6/0.9.3. This issue affects some unknown processing. Executing
CVE-2025-66556 | Nextcloud Talk up to 20.1.7/21.1.1 Conversation authorization (GHSA-pr9f-vqgg-m2jh)
A vulnerability, which was classified as problematic, has been found in Nextcloud Talk up to 20.1.7/21.1.1. Impacted is an unknown
CVE-2025-66644 | Array ArrayOS AG up to 9.4.5.9 os command injection
A vulnerability, which was classified as critical, was found in Array ArrayOS AG up to 9.4.5.9. The affected element is
CVE-2025-34257 | Advantech WISE-DeviceOn Server up to 5.3 /rmm/v1/action/defined defined_name cross site scripting
A vulnerability has been found in Advantech WISE-DeviceOn Server up to 5.3 and classified as problematic. The impacted element is
CVE-2025-34258 | Advantech WISE-DeviceOn Server up to 5.3 /rmm/v1/devicemap/plan area name cross site scripting
A vulnerability was found in Advantech WISE-DeviceOn Server up to 5.3 and classified as problematic. This affects an unknown function
CVE-2025-34259 | Advantech WISE-DeviceOn Server up to 5.3 building Name cross site scripting
A vulnerability was found in Advantech WISE-DeviceOn Server up to 5.3. It has been classified as problematic. This impacts an
CVE-2025-34260 | Advantech WISE-DeviceOn Server up to 5.3 /rmm/v1/action/schedule cross site scripting
A vulnerability was found in Advantech WISE-DeviceOn Server up to 5.3. It has been declared as problematic. Affected is an
CVE-2025-34261 | Advantech WISE-DeviceOn Server up to 5.3 Device Group /rmm/v1/devicegroups/ name/description cross site scripting
A vulnerability was found in Advantech WISE-DeviceOn Server up to 5.3. It has been rated as problematic. Affected by this
CVE-2025-34262 | Advantech WISE-DeviceOn Server up to 5.3 /rmm/v1/devices/name/ new_name cross site scripting
A vulnerability categorized as problematic has been discovered in Advantech WISE-DeviceOn Server up to 5.3. Affected by this issue is
CVE-2025-34264 | Advantech WISE-DeviceOn Server up to 5.3 /rmm/v1/dog/ cross site scripting
A vulnerability identified as problematic has been detected in Advantech WISE-DeviceOn Server up to 5.3. This affects an unknown part
CVE-2025-34265 | Advantech WISE-DeviceOn Server up to 5.3 /rmm/v1/rule-engines min/max/unit cross site scripting
A vulnerability labeled as problematic has been found in Advantech WISE-DeviceOn Server up to 5.3. This vulnerability affects unknown code
CVE-2020-36880 | Flexsense DiskBoss 7.7.14 Reports/Data Directory memory corruption (Exploit 48689 / EDB-48689)
A vulnerability marked as critical has been reported in Flexsense DiskBoss 7.7.14. This issue affects some unknown processing. Performing manipulation
CVE-2025-34263 | Advantech WISE-DeviceOn Server up to 5.3 Configuration Data menus label/path cross site scripting
A vulnerability described as problematic has been identified in Advantech WISE-DeviceOn Server up to 5.3. Impacted is an unknown function
CVE-2025-34266 | Advantech WISE-DeviceOn Server up to 5.3 menus label/path cross site scripting
A vulnerability classified as problematic has been found in Advantech WISE-DeviceOn Server up to 5.3. The affected element is an
CVE-2025-12091 | Fast Simon Search, Filters & Merchandising for WooCommerce Plugin Deactivation wcis_save_email authorization
A vulnerability classified as problematic was found in Fast Simon Search, Filters & Merchandising for WooCommerce Plugin up to 3.0.63
CVE-2025-13626 | myLCO Plugin up to 0.8.1 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting
A vulnerability, which was classified as problematic, has been found in myLCO Plugin up to 0.8.1 on WordPress. This affects
CVE-2025-13894 | CSV Sumotto Plugin up to 1.0 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting
A vulnerability, which was classified as problematic, was found in CSV Sumotto Plugin up to 1.0 on WordPress. This impacts
CVE-2025-12673 | Flex QR Code Generator Plugin up to 1.2.6 on WordPress update_qr_code unrestricted upload
A vulnerability has been found in Flex QR Code Generator Plugin up to 1.2.6 on WordPress and classified as critical.
CVE-2025-12966 | All-in-One Video Gallery Plugin up to 4.5.4/4.5.7 on WordPress resolve_import_directory unrestricted upload
A vulnerability was found in All-in-One Video Gallery Plugin up to 4.5.4/4.5.7 on WordPress and classified as critical. Affected by
CVE-2025-13065 | Starter Templates Plugin up to 4.4.41 on WordPress WXR File unrestricted upload
A vulnerability was found in Starter Templates Plugin up to 4.4.41 on WordPress. It has been classified as critical. Affected
CVE-2025-13666 | Helloprint Plugin up to 2.1.2 on WordPress REST API Endpoint complete_order_from_helloprint_callback authorization
A vulnerability was found in Helloprint Plugin up to 2.1.2 on WordPress. It has been declared as problematic. This affects
CVE-2025-12574 | Directory Listing & Classifieds Plugin up to 3.0.0 on WordPress REST API Endpoint delete authorization
A vulnerability was found in Directory Listing & Classifieds Plugin and Listar – Directory Listing & Classifieds Plugin up to
CVE-2025-12577 | Directory Listing & Classifieds Plugin up to 3.0.0 on WordPress REST API Endpoint save authorization
A vulnerability categorized as problematic has been discovered in Directory Listing & Classifieds Plugin up to 3.0.0 on WordPress. This
CVE-2025-12721 | g-FFL Cockpit Plugin up to 1.7.1 on WordPress REST API Endpoint /server_status authorization
A vulnerability identified as problematic has been detected in g-FFL Cockpit Plugin up to 1.7.1 on WordPress. Impacted is an
CVE-2025-12720 | g-FFL Cockpit Plugin up to 1.7.1 on WordPress handle_enqueue_only improper authorization
A vulnerability labeled as critical has been found in g-FFL Cockpit Plugin up to 1.7.1 on WordPress. The affected element
CVE-2025-13748 | Fluent Forms Plugin up to 6.1.7 on WordPress confirmScaPayment submission_id resource injection
A vulnerability marked as problematic has been reported in Fluent Forms Plugin up to 6.1.7 on WordPress. The impacted element
CVE-2025-13309 | CodeConfig Accessiy Plugin up to 1.0.0 on WordPress Setting authorization
A vulnerability described as problematic has been identified in CodeConfig Accessiy Plugin up to 1.0.0 on WordPress. This affects an
CVE-2025-13358 | CodeConfig Accessiy Plugin up to 1.0.0 on WordPress Settings::createPage authorization
A vulnerability classified as critical has been found in CodeConfig Accessiy Plugin up to 1.0.0 on WordPress. This impacts the
CVE-2025-13377 | Booster Plugin up to 2.32.7 on WordPress get_cache_dir_for_page_from_url denial of service
A vulnerability classified as problematic was found in Booster Plugin up to 2.32.7 on WordPress. Affected is the function get_cache_dir_for_page_from_url.
CVE-2025-13137 | Live Sales Notification for Woocommerce Plugin up to 3.6.3 on WordPress woomotiv_limit cross site scripting
A vulnerability, which was classified as problematic, has been found in Live Sales Notification for Woocommerce Plugin up to 3.6.3
CVE-2025-12715 | Canadian Nutrition Facts Label Plugin up to 3.0 on WordPress percentage cross site scripting
A vulnerability, which was classified as problematic, was found in Canadian Nutrition Facts Label Plugin up to 3.0 on WordPress.
CVE-2025-13898 | Ultra Skype Button Plugin up to 1.0 on WordPress Shortcode ultra_skype btn_id cross site scripting
A vulnerability has been found in Ultra Skype Button Plugin up to 1.0 on WordPress and classified as problematic. This
CVE-2025-13899 | TR Timthumb Plugin up to 1.0.4 on WordPress Shortcode cross site scripting
A vulnerability was found in TR Timthumb Plugin up to 1.0.4 on WordPress and classified as problematic. This vulnerability affects
CVE-2025-12499 | Rich Shortcodes for Google Reviews Plugin up to 6.6.2/6.8 on WordPress Shortcode cross site scripting
A vulnerability was found in Rich Shortcodes for Google Reviews Plugin up to 6.6.2/6.8 on WordPress. It has been classified
CVE-2025-12717 | List Attachments Shortcode Plugin up to 0.4.1a on WordPress before_list cross site scripting
A vulnerability was found in List Attachments Shortcode Plugin up to 0.4.1a on WordPress. It has been declared as problematic.
CVE-2025-13907 | CSS3 Buttons Plugin up to 0.1 on WordPress Shortcode cross site scripting
A vulnerability was found in CSS3 Buttons Plugin up to 0.1 on WordPress. It has been rated as problematic. The
CVE-2025-13896 | Social Feed Gallery Portfolio Plugin up to 1.3 on WordPress Shortcode ID cross site scripting
A vulnerability categorized as problematic has been discovered in Social Feed Gallery Portfolio Plugin up to 1.3 on WordPress. The
CVE-2025-13308 | Application Passwords Plugin up to 0.1.3 on WordPress reject_url cross site scripting
A vulnerability identified as problematic has been detected in Application Passwords Plugin up to 0.1.3 on WordPress. This affects an
CVE-2025-13656 | Cute News Ticker Plugin up to 1.0 on WordPress Shortcode color cross site scripting
A vulnerability labeled as problematic has been found in Cute News Ticker Plugin up to 1.0 on WordPress. This impacts
CVE-2025-13863 | RevInsite Plugin up to 1.1.0 on WordPress Shortcode token cross site scripting
A vulnerability marked as problematic has been reported in RevInsite Plugin up to 1.1.0 on WordPress. Affected is an unknown
CVE-2025-13856 | Extra Post Images Plugin up to 1.0 on WordPress Shortcode ID cross site scripting
A vulnerability described as problematic has been identified in Extra Post Images Plugin up to 1.0 on WordPress. Affected by
CVE-2025-13629 | WP Landing Page Plugin up to 0.9.3 on WordPress wplp_api_update_text cross-site request forgery
A vulnerability classified as problematic has been found in WP Landing Page Plugin up to 0.9.3 on WordPress. Affected by
openSUSE: git-bug Important Update 2025-20143-1 CVE-2025-47911 DoS
An update that solves 7 vulnerabilities and has 7 bug fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE: libpng12-0 Moderate Security Update CVE-2025-64505 2025:15797-1
An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More
openSUSE Tumbleweed: go1.24 Moderate Issues Fix Advisory 2025:15796-1
An update that solves 2 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More
Remote Code Execution Vulnerability in React and Next.js Frameworks: December 2025
On December 3, 2025, the React team released a security advisory regarding a vulnerability, CVE-2025-55182, in the React server that
Oracle Linux 10 ELSA-2025-21485: Java Moderate Threat DoS
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 10 ELSA-2025-21463 Kernel Moderate Threat Update
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 10: Important Firefox Security Advisory ELSA-2025-21281
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 10: ELSA-2025-21248 Openssl Moderate Fix Advisory
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
Oracle Linux 10 – ELSA-2025-21816 Delve Golang Moderate Threat
The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More
CVE-2025-66550 | Nextcloud Calendar up to 4.7.16/5.2.3 Attachment unexpected data type
A vulnerability identified as problematic has been detected in Nextcloud Calendar up to 4.7.16/5.2.3. This issue affects some unknown processing
CVE-2025-14139 | UTT 进取 520W 1.7.7-180627 formConfigDnsFilterGlobal strcpy timeRangeName buffer overflow
A vulnerability labeled as critical has been found in UTT 进取 520W 1.7.7-180627. Impacted is the function strcpy of the
CVE-2025-14140 | UTT 进取 520W 1.7.7-180627 /goform/websHostFilter strcpy addHostFilter buffer overflow
A vulnerability marked as critical has been reported in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy
CVE-2025-14141 | UTT 进取 520W 1.7.7-180627 formArpBindConfig strcpy pools buffer overflow
A vulnerability described as critical has been identified in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy
CVE-2025-66471 | urllib3 up to 2.5.x Streaming API data amplification
A vulnerability categorized as critical has been discovered in urllib3 up to 2.5.x. This affects an unknown function of the
CVE-2025-66418 | urllib3 up to 2.5.x allocation of resources (GHSA-gm62-xv2j-4w53)
A vulnerability identified as problematic has been detected in urllib3 up to 2.5.x. This impacts an unknown function. Performing manipulation
CVE-2025-65897 | zdh_web up to 5.6.17 unrestricted upload (ID 40)
A vulnerability labeled as critical has been found in zdh_web up to 5.6.17. Affected is an unknown function. Executing manipulation
CVE-2025-65036 | xwikisas xwiki-pro-macros up to 1.27.0 authorization
A vulnerability marked as critical has been reported in xwikisas xwiki-pro-macros up to 1.27.0. Affected by this vulnerability is an
CVE-2025-64053 | Fanvil x210 2.12.20 HTTP POST Request webconfig?page=upload&action=submit buffer overflow
A vulnerability described as critical has been identified in Fanvil x210 2.12.20. Affected by this issue is some unknown functionality