Vulnerabilities

  

CVE-2025-14204 | TykoDev cherry-studio-TykoFork 0.1 OAuth Server Discovery oauth-authorization-server redirectToAuthorization authorizationUrl os command injection

A vulnerability was found in TykoDev cherry-studio-TykoFork 0.1 and classified as critical. This issue affects the function redirectToAuthorization of the

  

CVE-2025-14205 | code-projects Chamber of Commerce Membership Management System 1.0 Your Info /membership_profile.php Full Name/Address/City/State cross site scripting

A vulnerability was found in code-projects Chamber of Commerce Membership Management System 1.0. It has been classified as problematic. Impacted

  

CVE-2025-14206 | SourceCodester Online Student Clearance System 1.0 Fee Table /Admin/delete-fee.php ID improper authorization

A vulnerability was found in SourceCodester Online Student Clearance System 1.0. It has been declared as critical. The affected element

  

CVE-2025-14207 | tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15 /admin/invoiceprint.php ID sql injection

A vulnerability was found in tushar-2223 Hotel-Management-System up to bb1f3b3666124b888f1e4bcf51b6fba9fbb01d15. It has been rated as critical. The impacted element is

  

CVE-2025-14208 | D-Link DIR-823X up to 20250416 /goform/set_wan_settings sub_415028 ppp_username command injection

A vulnerability categorized as critical has been discovered in D-Link DIR-823X up to 20250416. This affects the function sub_415028 of

  

CVE-2025-14209 | Campcodes School File Management System 1.0 /update_query.php stud_id sql injection

A vulnerability identified as critical has been detected in Campcodes School File Management System 1.0. This impacts an unknown function

  

CVE-2025-14210 | projectworlds Advanced Library Management System 1.0 /delete_member.php user_id sql injection

A vulnerability labeled as critical has been found in projectworlds Advanced Library Management System 1.0. Affected is an unknown function

  

CVE-2025-14211 | projectworlds Advanced Library Management System 1.0 /delete_book.php book_id sql injection

A vulnerability marked as critical has been reported in projectworlds Advanced Library Management System 1.0. Affected by this vulnerability is

  

CVE-2025-14212 | projectworlds Advanced Library Management System 1.0 /member_search.php roll_number sql injection

A vulnerability described as critical has been identified in projectworlds Advanced Library Management System 1.0. Affected by this issue is

Fedora 43: webkitgtk Critical Update for CVE-2025-13947, 43458, 66287
  

Fedora 43: webkitgtk Critical Update for CVE-2025-13947, 43458, 66287

Fix seeking and looping of media elements that set the loop property. Fix several crashes and rendering issues. Fix CVE-2025-13947,

Fedora 43: TinyGLTF 2.9.7 Security Advisory FEDORA-2025-47bff6f74d
  

Fedora 43: TinyGLTF 2.9.7 Security Advisory FEDORA-2025-47bff6f74d

Update to 2.9.7LinuxSecurity – Security AdvisoriesRead More

  

CVE-2025-14192 | RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2 auth_login.php Username sql injection

A vulnerability marked as critical has been reported in RashminDungrani online-banking up to 2337ad552ea9d385b4e07b90e6f32d011b7c68a2. This affects an unknown part of

  

CVE-2025-14193 | code-projects Employee Profile Management System 1.0 /view_personnel.php per_id sql injection

A vulnerability described as critical has been identified in code-projects Employee Profile Management System 1.0. This vulnerability affects unknown code

  

CVE-2025-14194 | code-projects Employee Profile Management System 1.0 /view_personnel.php per_address/dr_school/other_school cross site scripting

A vulnerability classified as problematic has been found in code-projects Employee Profile Management System 1.0. This issue affects some unknown

  

CVE-2025-14195 | code-projects Employee Profile Management System 1.0 add_file_query.php per_file unrestricted upload

A vulnerability classified as critical was found in code-projects Employee Profile Management System 1.0. Impacted is an unknown function of

  

CVE-2025-14196 | H3C Magic B1 up to 100R004 /goform/aspForm sub_44de0 param buffer overflow

A vulnerability, which was classified as critical, has been found in H3C Magic B1 up to 100R004. The affected element

  

CVE-2025-14197 | Verysync 微力同步 up to 2.21.3 Web Administration f96956469e7be39d information disclosure

A vulnerability, which was classified as problematic, was found in Verysync 微力同步 up to 2.21.3. The impacted element is an

  

CVE-2025-14198 | Verysync 微力同步 2.21.3 Web Administration download?key=dummytoken information disclosure

A vulnerability has been found in Verysync 微力同步 2.21.3 and classified as problematic. This affects an unknown function of the

  

CVE-2025-14199 | Verysync 微力同步 up to 2.21.3 Web Administration text.txt?override=false unrestricted upload

A vulnerability was found in Verysync 微力同步 up to 2.21.3 and classified as critical. This impacts an unknown function of

  

CVE-2025-14200 | alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f Request Pending Page /usersub.php cross site scripting

A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. It has been classified as problematic. Affected is an unknown

  

CVE-2025-14201 | alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f /dishsub.php item.name cross site scripting

A vulnerability was found in alokjaiswal Hotel-Management-services-using-MYSQL-and-php up to 5f8b60a7aa6c06a5632de569d4e3f6a8cd82f76f. It has been declared as problematic. Affected by this vulnerability

  

CVE-2025-14191 | UTT 进取 512W up to 1.7.7-171114 formP2PLimitConfig strcpy except buffer overflow

A vulnerability labeled as critical has been found in UTT 进取 512W up to 1.7.7-171114. Affected by this issue is

  

CVE-2025-14185 | Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp AppServletService.class usercode sql injection

A vulnerability was found in Yonyou U8 Cloud 5.0/5.0sp/5.1/5.1sp and classified as critical. The affected element is an unknown function

  

CVE-2025-14186 | Grandstream GXP1625 1.0.7.4 Network Status Page /cgi-bin/api.values.post vpn_ip cross site scripting

A vulnerability was found in Grandstream GXP1625 1.0.7.4. It has been classified as problematic. The impacted element is an unknown

  

CVE-2025-14187 | UGREEN DH2100+ up to 5.3.0.251125 nas_svr /v1/file/backup/create handler_file_backup_create path buffer overflow

A vulnerability was found in UGREEN DH2100+ up to 5.3.0.251125. It has been declared as critical. This affects the function

  

CVE-2025-14188 | UGREEN DH2100+ up to 5.3.0.251125 nas_svr /v1/file/backup/create handler_file_backup_create path command injection

A vulnerability was found in UGREEN DH2100+ up to 5.3.0.251125. It has been rated as critical. This impacts the function

  

CVE-2025-14189 | Chanjet CRM up to 20251121 jxf_dump_table_demo.php gblOrgID sql injection

A vulnerability categorized as critical has been discovered in Chanjet CRM up to 20251121. Affected is an unknown function of

  

CVE-2025-14190 | Chanjet TPlus up to 20251121 currentAccId sql injection

A vulnerability identified as critical has been detected in Chanjet TPlus up to 20251121. Affected by this vulnerability is an

  

CVE-2025-13292 | Google Cloud Apigee-X up to 1-16-0-apigee-2 Analytics privileges management

A vulnerability classified as critical was found in Google Cloud Apigee-X up to 1-16-0-apigee-2. This affects an unknown part of

  

CVE-2025-14182 | Sobey Media Convergence System 2.0/2.1 upload File path traversal

A vulnerability, which was classified as critical, has been found in Sobey Media Convergence System 2.0/2.1. This vulnerability affects unknown

  

CVE-2025-14183 | SGAI Space1 NAS N1211DS up to 1.0.915 gsaiagent /cgi-bin/JSONAPI GET_FACTORY_INFO/GET_USER_INFO credentials storage

A vulnerability, which was classified as problematic, was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects

  

CVE-2025-14184 | SGAI Space1 NAS N1211DS up to 1.0.915 gsaiagent /cgi-bin/JSONAPI RENAME_FILE/OPERATE_FILE/NGNIX_UPLOAD command injection

A vulnerability has been found in SGAI Space1 NAS N1211DS up to 1.0.915 and classified as critical. Impacted is the

  

CVE-2025-66577 | yhirose cpp-httplib up to 0.26.x Header get_client_ip X-Forwarded-For neutralization for logs (GHSA-gfpf-r66f-5mh2)

A vulnerability was found in yhirose cpp-httplib up to 0.26.x. It has been declared as problematic. The impacted element is

  

CVE-2020-36878 | ReQuest Serious Play Media Player 1.5.1.820/1.5.2.821/1.5.2.822/2.1.0.831/3.0.0 File file inclusion (Exploit 48949 / EDB-48949)

A vulnerability was found in ReQuest Serious Play Media Player 1.5.1.820/1.5.2.821/1.5.2.822/2.1.0.831/3.0.0. It has been rated as problematic. This affects an

  

CVE-2025-66570 | yhirose cpp-httplib up to 0.26.x Request Header httplib.h read_headers authentication spoofing (GHSA-xm2j-vfr9-mg9m)

A vulnerability categorized as critical has been discovered in yhirose cpp-httplib up to 0.26.x. This impacts the function read_headers in

  

CVE-2025-66562 | AI-QL tuui up to 1.3.3 IPC Interface cross site scripting (GHSA-qjhq-rgmr-6c3g)

A vulnerability identified as problematic has been detected in AI-QL tuui up to 1.3.3. Affected is an unknown function of

  

CVE-2020-36881 | Flexsense DiskBoss 7.7.14 Directory Add Input Directory memory corruption (Exploit 48279 / EDB-48279)

A vulnerability labeled as critical has been found in Flexsense DiskBoss 7.7.14. Affected by this vulnerability is an unknown functionality

  

CVE-2025-66515 | Nextcloud Approval App up to 1.3.0/2.4.x improper authentication (GHSA-q26g-fmjq-x5g5)

A vulnerability marked as critical has been reported in Nextcloud Approval App up to 1.3.0/2.4.x. Affected by this issue is

  

CVE-2025-66514 | Nextcloud Mail up to 5.5.2 Message cross site scripting (GHSA-v394-8gpc-6fv5)

A vulnerability described as problematic has been identified in Nextcloud Mail up to 5.5.2. This affects an unknown part of

  

CVE-2025-66554 | Nextcloud Contacts App up to 5.5.3/6.0.5/7.2.4 CSS File Parser organisation/title cross site scripting (GHSA-9v78-cpfc-v6h2)

A vulnerability classified as problematic has been found in Nextcloud Contacts App up to 5.5.3/6.0.5/7.2.4. This vulnerability affects unknown code

  

CVE-2025-66553 | Nextcloud Tables up to 0.8.6/0.9.3 authorization (GHSA-p53h-6294-crjw)

A vulnerability classified as problematic was found in Nextcloud Tables up to 0.8.6/0.9.3. This issue affects some unknown processing. Executing

  

CVE-2025-66556 | Nextcloud Talk up to 20.1.7/21.1.1 Conversation authorization (GHSA-pr9f-vqgg-m2jh)

A vulnerability, which was classified as problematic, has been found in Nextcloud Talk up to 20.1.7/21.1.1. Impacted is an unknown

  

CVE-2025-66644 | Array ArrayOS AG up to 9.4.5.9 os command injection

A vulnerability, which was classified as critical, was found in Array ArrayOS AG up to 9.4.5.9. The affected element is

  

CVE-2025-34257 | Advantech WISE-DeviceOn Server up to 5.3 /rmm/v1/action/defined defined_name cross site scripting

A vulnerability has been found in Advantech WISE-DeviceOn Server up to 5.3 and classified as problematic. The impacted element is

  

CVE-2025-34258 | Advantech WISE-DeviceOn Server up to 5.3 /rmm/v1/devicemap/plan area name cross site scripting

A vulnerability was found in Advantech WISE-DeviceOn Server up to 5.3 and classified as problematic. This affects an unknown function

  

CVE-2025-34259 | Advantech WISE-DeviceOn Server up to 5.3 building Name cross site scripting

A vulnerability was found in Advantech WISE-DeviceOn Server up to 5.3. It has been classified as problematic. This impacts an

  

CVE-2025-34260 | Advantech WISE-DeviceOn Server up to 5.3 /rmm/v1/action/schedule cross site scripting

A vulnerability was found in Advantech WISE-DeviceOn Server up to 5.3. It has been declared as problematic. Affected is an

  

CVE-2025-34261 | Advantech WISE-DeviceOn Server up to 5.3 Device Group /rmm/v1/devicegroups/ name/description cross site scripting

A vulnerability was found in Advantech WISE-DeviceOn Server up to 5.3. It has been rated as problematic. Affected by this

  

CVE-2025-34262 | Advantech WISE-DeviceOn Server up to 5.3 /rmm/v1/devices/name/ new_name cross site scripting

A vulnerability categorized as problematic has been discovered in Advantech WISE-DeviceOn Server up to 5.3. Affected by this issue is

  

CVE-2025-34264 | Advantech WISE-DeviceOn Server up to 5.3 /rmm/v1/dog/ cross site scripting

A vulnerability identified as problematic has been detected in Advantech WISE-DeviceOn Server up to 5.3. This affects an unknown part

  

CVE-2025-34265 | Advantech WISE-DeviceOn Server up to 5.3 /rmm/v1/rule-engines min/max/unit cross site scripting

A vulnerability labeled as problematic has been found in Advantech WISE-DeviceOn Server up to 5.3. This vulnerability affects unknown code

  

CVE-2020-36880 | Flexsense DiskBoss 7.7.14 Reports/Data Directory memory corruption (Exploit 48689 / EDB-48689)

A vulnerability marked as critical has been reported in Flexsense DiskBoss 7.7.14. This issue affects some unknown processing. Performing manipulation

  

CVE-2025-34263 | Advantech WISE-DeviceOn Server up to 5.3 Configuration Data menus label/path cross site scripting

A vulnerability described as problematic has been identified in Advantech WISE-DeviceOn Server up to 5.3. Impacted is an unknown function

  

CVE-2025-34266 | Advantech WISE-DeviceOn Server up to 5.3 menus label/path cross site scripting

A vulnerability classified as problematic has been found in Advantech WISE-DeviceOn Server up to 5.3. The affected element is an

  

CVE-2025-12091 | Fast Simon Search, Filters & Merchandising for WooCommerce Plugin Deactivation wcis_save_email authorization

A vulnerability classified as problematic was found in Fast Simon Search, Filters & Merchandising for WooCommerce Plugin up to 3.0.63

  

CVE-2025-13626 | myLCO Plugin up to 0.8.1 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting

A vulnerability, which was classified as problematic, has been found in myLCO Plugin up to 0.8.1 on WordPress. This affects

  

CVE-2025-13894 | CSV Sumotto Plugin up to 1.0 on WordPress $_SERVER[‘PHP_SELF’] cross site scripting

A vulnerability, which was classified as problematic, was found in CSV Sumotto Plugin up to 1.0 on WordPress. This impacts

  

CVE-2025-12673 | Flex QR Code Generator Plugin up to 1.2.6 on WordPress update_qr_code unrestricted upload

A vulnerability has been found in Flex QR Code Generator Plugin up to 1.2.6 on WordPress and classified as critical.

  

CVE-2025-12966 | All-in-One Video Gallery Plugin up to 4.5.4/4.5.7 on WordPress resolve_import_directory unrestricted upload

A vulnerability was found in All-in-One Video Gallery Plugin up to 4.5.4/4.5.7 on WordPress and classified as critical. Affected by

  

CVE-2025-13065 | Starter Templates Plugin up to 4.4.41 on WordPress WXR File unrestricted upload

A vulnerability was found in Starter Templates Plugin up to 4.4.41 on WordPress. It has been classified as critical. Affected

  

CVE-2025-13666 | Helloprint Plugin up to 2.1.2 on WordPress REST API Endpoint complete_order_from_helloprint_callback authorization

A vulnerability was found in Helloprint Plugin up to 2.1.2 on WordPress. It has been declared as problematic. This affects

  

CVE-2025-12574 | Directory Listing & Classifieds Plugin up to 3.0.0 on WordPress REST API Endpoint delete authorization

A vulnerability was found in Directory Listing & Classifieds Plugin and Listar – Directory Listing & Classifieds Plugin up to

  

CVE-2025-12577 | Directory Listing & Classifieds Plugin up to 3.0.0 on WordPress REST API Endpoint save authorization

A vulnerability categorized as problematic has been discovered in Directory Listing & Classifieds Plugin up to 3.0.0 on WordPress. This

  

CVE-2025-12721 | g-FFL Cockpit Plugin up to 1.7.1 on WordPress REST API Endpoint /server_status authorization

A vulnerability identified as problematic has been detected in g-FFL Cockpit Plugin up to 1.7.1 on WordPress. Impacted is an

  

CVE-2025-12720 | g-FFL Cockpit Plugin up to 1.7.1 on WordPress handle_enqueue_only improper authorization

A vulnerability labeled as critical has been found in g-FFL Cockpit Plugin up to 1.7.1 on WordPress. The affected element

  

CVE-2025-13748 | Fluent Forms Plugin up to 6.1.7 on WordPress confirmScaPayment submission_id resource injection

A vulnerability marked as problematic has been reported in Fluent Forms Plugin up to 6.1.7 on WordPress. The impacted element

  

CVE-2025-13309 | CodeConfig Accessiy Plugin up to 1.0.0 on WordPress Setting authorization

A vulnerability described as problematic has been identified in CodeConfig Accessiy Plugin up to 1.0.0 on WordPress. This affects an

  

CVE-2025-13358 | CodeConfig Accessiy Plugin up to 1.0.0 on WordPress Settings::createPage authorization

A vulnerability classified as critical has been found in CodeConfig Accessiy Plugin up to 1.0.0 on WordPress. This impacts the

  

CVE-2025-13377 | Booster Plugin up to 2.32.7 on WordPress get_cache_dir_for_page_from_url denial of service

A vulnerability classified as problematic was found in Booster Plugin up to 2.32.7 on WordPress. Affected is the function get_cache_dir_for_page_from_url.

  

CVE-2025-13137 | Live Sales Notification for Woocommerce Plugin up to 3.6.3 on WordPress woomotiv_limit cross site scripting

A vulnerability, which was classified as problematic, has been found in Live Sales Notification for Woocommerce Plugin up to 3.6.3

  

CVE-2025-12715 | Canadian Nutrition Facts Label Plugin up to 3.0 on WordPress percentage cross site scripting

A vulnerability, which was classified as problematic, was found in Canadian Nutrition Facts Label Plugin up to 3.0 on WordPress.

  

CVE-2025-13898 | Ultra Skype Button Plugin up to 1.0 on WordPress Shortcode ultra_skype btn_id cross site scripting

A vulnerability has been found in Ultra Skype Button Plugin up to 1.0 on WordPress and classified as problematic. This

  

CVE-2025-13899 | TR Timthumb Plugin up to 1.0.4 on WordPress Shortcode cross site scripting

A vulnerability was found in TR Timthumb Plugin up to 1.0.4 on WordPress and classified as problematic. This vulnerability affects

  

CVE-2025-12499 | Rich Shortcodes for Google Reviews Plugin up to 6.6.2/6.8 on WordPress Shortcode cross site scripting

A vulnerability was found in Rich Shortcodes for Google Reviews Plugin up to 6.6.2/6.8 on WordPress. It has been classified

  

CVE-2025-12717 | List Attachments Shortcode Plugin up to 0.4.1a on WordPress before_list cross site scripting

A vulnerability was found in List Attachments Shortcode Plugin up to 0.4.1a on WordPress. It has been declared as problematic.

  

CVE-2025-13907 | CSS3 Buttons Plugin up to 0.1 on WordPress Shortcode cross site scripting

A vulnerability was found in CSS3 Buttons Plugin up to 0.1 on WordPress. It has been rated as problematic. The

  

CVE-2025-13896 | Social Feed Gallery Portfolio Plugin up to 1.3 on WordPress Shortcode ID cross site scripting

A vulnerability categorized as problematic has been discovered in Social Feed Gallery Portfolio Plugin up to 1.3 on WordPress. The

  

CVE-2025-13308 | Application Passwords Plugin up to 0.1.3 on WordPress reject_url cross site scripting

A vulnerability identified as problematic has been detected in Application Passwords Plugin up to 0.1.3 on WordPress. This affects an

  

CVE-2025-13656 | Cute News Ticker Plugin up to 1.0 on WordPress Shortcode color cross site scripting

A vulnerability labeled as problematic has been found in Cute News Ticker Plugin up to 1.0 on WordPress. This impacts

  

CVE-2025-13863 | RevInsite Plugin up to 1.1.0 on WordPress Shortcode token cross site scripting

A vulnerability marked as problematic has been reported in RevInsite Plugin up to 1.1.0 on WordPress. Affected is an unknown

  

CVE-2025-13856 | Extra Post Images Plugin up to 1.0 on WordPress Shortcode ID cross site scripting

A vulnerability described as problematic has been identified in Extra Post Images Plugin up to 1.0 on WordPress. Affected by

  

CVE-2025-13629 | WP Landing Page Plugin up to 0.9.3 on WordPress wplp_api_update_text cross-site request forgery

A vulnerability classified as problematic has been found in WP Landing Page Plugin up to 0.9.3 on WordPress. Affected by

openSUSE: git-bug Important Update 2025-20143-1 CVE-2025-47911 DoS
  

openSUSE: git-bug Important Update 2025-20143-1 CVE-2025-47911 DoS

An update that solves 7 vulnerabilities and has 7 bug fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More

openSUSE: libpng12-0 Moderate Security Update CVE-2025-64505 2025:15797-1
  

openSUSE: libpng12-0 Moderate Security Update CVE-2025-64505 2025:15797-1

An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More

openSUSE Tumbleweed: go1.24 Moderate Issues Fix Advisory 2025:15796-1
  

openSUSE Tumbleweed: go1.24 Moderate Issues Fix Advisory 2025:15796-1

An update that solves 2 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More

  

Remote Code Execution Vulnerability in React and Next.js Frameworks: December 2025

On December 3, 2025, the React team released a security advisory regarding a vulnerability, CVE-2025-55182, in the React server that

Oracle Linux 10 ELSA-2025-21485: Java Moderate Threat DoS
  

Oracle Linux 10 ELSA-2025-21485: Java Moderate Threat DoS

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More

Oracle Linux 10 ELSA-2025-21463 Kernel Moderate Threat Update
  

Oracle Linux 10 ELSA-2025-21463 Kernel Moderate Threat Update

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More

Oracle Linux 10: Important Firefox Security Advisory ELSA-2025-21281
  

Oracle Linux 10: Important Firefox Security Advisory ELSA-2025-21281

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More

Oracle Linux 10: ELSA-2025-21248 Openssl Moderate Fix Advisory
  

Oracle Linux 10: ELSA-2025-21248 Openssl Moderate Fix Advisory

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More

Oracle Linux 10 – ELSA-2025-21816 Delve Golang Moderate Threat
  

Oracle Linux 10 – ELSA-2025-21816 Delve Golang Moderate Threat

The following updated rpms for Oracle Linux 10 have been uploaded to the Unbreakable Linux Network:LinuxSecurity – Security AdvisoriesRead More

  

CVE-2025-66550 | Nextcloud Calendar up to 4.7.16/5.2.3 Attachment unexpected data type

A vulnerability identified as problematic has been detected in Nextcloud Calendar up to 4.7.16/5.2.3. This issue affects some unknown processing

  

CVE-2025-14139 | UTT 进取 520W 1.7.7-180627 formConfigDnsFilterGlobal strcpy timeRangeName buffer overflow

A vulnerability labeled as critical has been found in UTT 进取 520W 1.7.7-180627. Impacted is the function strcpy of the

  

CVE-2025-14140 | UTT 进取 520W 1.7.7-180627 /goform/websHostFilter strcpy addHostFilter buffer overflow

A vulnerability marked as critical has been reported in UTT 进取 520W 1.7.7-180627. The affected element is the function strcpy

  

CVE-2025-14141 | UTT 进取 520W 1.7.7-180627 formArpBindConfig strcpy pools buffer overflow

A vulnerability described as critical has been identified in UTT 进取 520W 1.7.7-180627. The impacted element is the function strcpy

  

CVE-2025-66471 | urllib3 up to 2.5.x Streaming API data amplification

A vulnerability categorized as critical has been discovered in urllib3 up to 2.5.x. This affects an unknown function of the

  

CVE-2025-66418 | urllib3 up to 2.5.x allocation of resources (GHSA-gm62-xv2j-4w53)

A vulnerability identified as problematic has been detected in urllib3 up to 2.5.x. This impacts an unknown function. Performing manipulation

  

CVE-2025-65897 | zdh_web up to 5.6.17 unrestricted upload (ID 40)

A vulnerability labeled as critical has been found in zdh_web up to 5.6.17. Affected is an unknown function. Executing manipulation

  

CVE-2025-65036 | xwikisas xwiki-pro-macros up to 1.27.0 authorization

A vulnerability marked as critical has been reported in xwikisas xwiki-pro-macros up to 1.27.0. Affected by this vulnerability is an

  

CVE-2025-64053 | Fanvil x210 2.12.20 HTTP POST Request webconfig?page=upload&action=submit buffer overflow

A vulnerability described as critical has been identified in Fanvil x210 2.12.20. Affected by this issue is some unknown functionality