Latest CVE Feed
-
7.3
CVSS31CVE-2025-7814
A vulnerability classified as critical was found in code-projects Food Ordering Review System 1.0. This vulnerability affects unknown code of the file /pages/signup_function.php. The manipulation of the argument fname leads to sql injection. The attack ca... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
8.8
CVSS31CVE-2025-7807
A vulnerability, which was classified as critical, has been found in Tenda FH451 1.0.0.9. This issue affects the function fromSafeUrlFilter of the file /goform/SafeUrlFilter. The manipulation of the argument Go/page leads to stack-based buffer overflow. T... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
8.8
CVSS31CVE-2025-7806
A vulnerability classified as critical was found in Tenda FH451 1.0.0.9. This vulnerability affects the function fromSafeClientFilter of the file /goform/SafeClientFilter. The manipulation of the argument Go/page leads to stack-based buffer overflow. The ... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
8.8
CVSS31CVE-2025-7805
A vulnerability classified as critical has been found in Tenda FH451 1.0.0.9. This affects the function fromPptpUserSetting of the file /goform/PPTPUserSetting. The manipulation of the argument delno leads to stack-based buffer overflow. It is possible to... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
3.5
CVSS31CVE-2025-7803
A vulnerability was found in descreekert wx-discuz up to 12bd4745c63ec203cb32119bf77ead4a923bf277. It has been classified as problematic. This affects the function validToken of the file /wx.php. The manipulation of the argument echostr leads to cross sit... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
4.0
CVSS31CVE-2025-54310
qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
3.5
CVSS31CVE-2025-7802
A vulnerability was found in PHPGurukul Complaint Management System 2.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/complaint-search.php. The manipulation of the argument Search leads to cross sit... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
7.3
CVSS31CVE-2025-7801
A vulnerability has been found in BossSoft CRM 6.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /crm/module/HNDCBas_customPrmSearchDtl.jsp. The manipulation of the argument cstid leads to sql injection... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
3.5
CVSS31CVE-2025-7800
A vulnerability classified as problematic was found in cgpandey hotelmis up to c572198e6c4780fccc63b1d3e8f3f72f825fc94e. This vulnerability affects unknown code of the file admin.php of the component HTTP GET Request Handler. The manipulation of the argum... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.3
CVSS31CVE-2025-7798
A vulnerability classified as critical has been found in Beijing Shenzhou Shihan Technology Multimedia Integrated Business Display System up to 8.2. This affects an unknown part of the file /admin/system/structure/getdirectorydata/web/baseinfo/companyMana... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
9.0
CVSS31CVE-2025-54309
CrushFTP 10 before 10.8.5 and 11 before 11.3.4_23, when the DMZ proxy feature is not used, mishandles AS2 validation and consequently allows remote attackers to obtain admin access via HTTPS, as exploited in the wild in July 2025.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
7.1
CVSS31CVE-2025-52169
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain a reflected cross-site scripting (XSS) vulnerability.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-52168
Incorrect access control in the dynawebservice component of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows unauthenticated attackers to access arbitrary files on the system.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-52166
Incorrect access control in Software GmbH Agorum core open v11.9.2 & v11.10.1 allows authenticated attackers to escalate privileges to Administrator and access sensitive components and information.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
8.2
CVSS31CVE-2025-52164
Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to store credentials in plaintext.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-52163
A Server-Side Request Forgery (SSRF) in the component TunnelServlet of agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 allows attackers to forcefully initiate connections to arbitrary internal and external resources via a crafted request. This ca... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-52162
agorum Software GmbH Agorum core open v11.9.2 & v11.10.1 was discovered to contain an XML External Entity (XXE) via the RSSReader endpoint. This vulnerability allows attackers to access sensitive data via providing a crafted XML input.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-50586
StudentManage v1.0 was discovered to contain Cross-Site Request Forgery (CSRF).... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-46002
An issue in Filemanager v2.5.0 and below allows attackers to execute a directory traversal via sending a crafted HTTP request to the filemanager.php endpoint.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025
-
6.5
CVSS31CVE-2025-46000
An arbitrary file upload vulnerability in the component /rsc/filemanager.rsc.class.php of Filemanager commit c75b914 v.2.5.0 allows attackers to execute arbitrary code via uploading a crafted SVG file.... Read more
Affected Products :- Published: Jul. 18, 2025
- Modified: Jul. 18, 2025