Latest CVE Feed
-
6.5
MEDIUMCVE-2025-9412
A vulnerability was detected in lostvip-com ruoyi-go up to 2.1. This affects the function SelectListByPage of the file modules/system/dao/DictDataDao.go. The manipulation of the argument orderByColumn/isAsc results in sql injection. The attack can be laun... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Injection
-
5.8
MEDIUMCVE-2025-9402
A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request f... Read more
Affected Products : usualtoolcms- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Server-Side Request Forgery
-
9.8
CRITICALCVE-2025-53118
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Authentication
-
6.7
MEDIUMCVE-2025-55301
The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1.... Read more
Affected Products :- Published: Aug. 25, 2025
- Modified: Aug. 25, 2025
- Vuln Type: Authentication