Latest CVE Feed
-
8.1
HIGHCVE-2025-4839
A vulnerability has been found in itwanger paicoding 1.0.0/1.0.1/1.0.2/1.0.3 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /paicoding-core/src/main/java/com/github/paicoding/forum/core/util/CrossUtil... Read more
Affected Products : paicoding- Published: May. 17, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Misconfiguration
-
5.3
MEDIUMCVE-2025-4838
A vulnerability, which was classified as problematic, was found in kanwangzjm Funiture up to 71ca0fb0658b3d839d9e049ac36429207f05329b. Affected is the function doPost of the file /funiture-master/src/main/java/com/app/mvc/acl/servlet/LoginServlet.java of ... Read more
Affected Products :- Published: May. 17, 2025
- Modified: May. 19, 2025
- Vuln Type: Misconfiguration
-
9.8
CRITICALCVE-2025-4837
A vulnerability classified as critical has been found in projectworlds Student Project Allocation System 1.0. This affects an unknown part of the file /make_group_sql.php. The manipulation of the argument mem1/mem2/mem3 leads to sql injection. It is possi... Read more
Affected Products : student_project_allocation_system- Published: May. 17, 2025
- Modified: May. 28, 2025
- Vuln Type: Injection
-
9.8
CRITICALCVE-2025-4836
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file /deleteAgent.php. The manipulation of the argument agent_id leads to sql injec... Read more
Affected Products : life_insurance_management_system- Published: May. 17, 2025
- Modified: May. 28, 2025
- Vuln Type: Injection
-
9.0
HIGHCVE-2025-4835
A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formWlanRedirect of the component HTTP POST Request Hand... Read more
- Published: May. 17, 2025
- Modified: May. 23, 2025
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2025-4834
A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. It has been classified as critical. Affected is an unknown function of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the arg... Read more
- Published: May. 17, 2025
- Modified: May. 23, 2025
- Vuln Type: Memory Corruption
-
7.2
HIGHCVE-2025-47948
Cocotais Bot is a QQ official robot framework based on qq-bot-sdk. Starting in version 1.5.0-test2-hotfix and prior to version 1.6.2, command echoing feature in the framework allows users to indirectly trigger privileged behavior by injecting special plat... Read more
Affected Products :- Published: May. 17, 2025
- Modified: May. 19, 2025
- Vuln Type: Denial of Service
-
9.8
CRITICALCVE-2025-47945
Donetick an open-source app for managing tasks and chores. Prior to version 0.1.44, the application uses JSON Web Tokens (JWT) for authentication, but the signing secret has a weak default value. While the responsibility is left to the system administrato... Read more
Affected Products : donetick- Published: May. 17, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Authentication
-
9.0
HIGHCVE-2025-4833
A vulnerability was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 and classified as critical. This issue affects some unknown processing of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the arg... Read more
- Published: May. 17, 2025
- Modified: May. 23, 2025
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2025-4832
A vulnerability has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of th... Read more
- Published: May. 17, 2025
- Modified: May. 23, 2025
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2025-4831
A vulnerability, which was classified as critical, was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. This affects an unknown part of the file /boafrm/formSiteSurveyProfile of the component HTTP POST Request Handler. The manipulation of... Read more
- Published: May. 17, 2025
- Modified: May. 23, 2025
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2025-4830
A vulnerability, which was classified as critical, has been found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected by this issue is some unknown functionality of the file /boafrm/formSysCmd of the component HTTP POST Request Handler. T... Read more
- Published: May. 17, 2025
- Modified: May. 23, 2025
- Vuln Type: Memory Corruption
-
6.1
MEDIUMCVE-2025-47931
LibreNMS is PHP/MySQL/SNMP based network monitoring software. LibreNMS v25.4.0 and prior suffers from a Stored Cross-Site Scripting (XSS) Vulnerability in the `group name` parameter of the `http://localhost/poller/groups` form. This vulnerability allows a... Read more
Affected Products : librenms- Published: May. 17, 2025
- Modified: May. 28, 2025
- Vuln Type: Cross-Site Scripting
-
8.8
HIGHCVE-2025-47273
setuptools is a package that allows users to download, build, install, upgrade, and uninstall Python packages. A path traversal vulnerability in `PackageIndex` is present in setuptools prior to version 78.1.1. An attacker would be allowed to write files t... Read more
- Published: May. 17, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Path Traversal
-
8.8
HIGHCVE-2025-33103
IBM i 7.2, 7.3, 7.4, 7.5, and 7.6 product IBM TCP/IP Connectivity Utilities for i contains a privilege escalation vulnerability. A malicious actor with command line access to the host operating system can elevate privileges to gain root access to the host... Read more
- Published: May. 17, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Authorization
-
9.0
HIGHCVE-2025-4829
A vulnerability classified as critical was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected by this vulnerability is the function sub_40BE30 of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulati... Read more
- Published: May. 17, 2025
- Modified: May. 23, 2025
- Vuln Type: Memory Corruption
-
9.0
HIGHCVE-2025-4827
A vulnerability, which was classified as critical, was found in TOTOLINK A702R, A3002R and A3002RU 3.0.0-B20230809.1615. Affected is an unknown function of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the... Read more
- Published: May. 17, 2025
- Modified: May. 23, 2025
- Vuln Type: Memory Corruption
-
4.3
MEDIUMCVE-2025-4101
The MultiVendorX – WooCommerce Multivendor Marketplace Solutions plugin for WordPress is vulnerable to unauthorized loss of data due to a misconfigured capability check on the 'delete_fpm_product' function in all versions up to, and including, 4.2.22. Thi... Read more
Affected Products : multivendorx- Published: May. 17, 2025
- Modified: May. 28, 2025
- Vuln Type: Authorization
-
9.8
CRITICALCVE-2025-48187
RAGFlow through 0.18.1 allows account takeover because it is possible to conduct successful brute-force attacks against email verification codes to perform arbitrary account registration, login, and password reset. Codes are six digits and there is no rat... Read more
Affected Products : ragflow- Published: May. 17, 2025
- Modified: Jun. 12, 2025
- Vuln Type: Authentication
-
6.4
MEDIUMCVE-2025-4669
The WP Booking Calendar plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpbc shortcode in all versions up to, and including, 10.11.1 due to insufficient input sanitization and output escaping on user supplied attributes.... Read more
Affected Products : wp_booking_calendar- Published: May. 17, 2025
- Modified: Jun. 04, 2025
- Vuln Type: Cross-Site Scripting