5.3
CVE-2025-9406 - xuhuisheng lemon CmsArticleController.java uploadImage unrestricted upload
A weakness has been identified in xuhuisheng lemon up to 1.13.0. This affects the function uploadImage of the file CmsArticleController.java of the component com.mossle.cms.web.CmsArticleController.uploadImage. This manipulation of the argument Upload causes unrestricted upload. The attack can be iβ¦
6.9
CVE-2025-9405 - Open5GS gmm-sm.c gmm_state_exception assertion
A security flaw has been discovered in Open5GS up to 2.7.5. The impacted element is the function gmm_state_exception of the file src/amf/gmm-sm.c. The manipulation results in reachable assertion. It is possible to launch the attack remotely. The exploit has been released to the public and may be exβ¦
4.8
CVE-2025-9404 - Scada-LTS Folder pointHierarchySLTS cross site scripting
A vulnerability was identified in Scada-LTS up to 2.7.8.1. The affected element is an unknown function of the file /pointHierarchySLTS of the component Folder Handler. The manipulation of the argument Title leads to cross site scripting. It is possible to initiate the attack remotely. The exploit iβ¦
4.8
CVE-2025-9403 - jqlang jq JSON jq_test.c run_jq_tests assertion
A vulnerability was determined in jqlang jq up to 1.6. Impacted is the function run_jq_tests of the file jq_test.c of the component JSON Parser. Executing manipulation can lead to reachable assertion. The attack requires local access. The exploit has been publicly disclosed and may be utilized. Othβ¦
5.1
CVE-2025-9402 - HuangDou UTCMS Config update.php server-side request forgery
A vulnerability was found in HuangDou UTCMS 9. This issue affects some unknown processing of the file app/modules/ut-frame/admin/update.php of the component Config Handler. Performing manipulation of the argument UPDATEURL results in server-side request forgery. The attack is possible to be carriedβ¦
6.3
CVE-2025-9401 - HuangDou UTCMS Login login.php comparison
A vulnerability has been found in HuangDou UTCMS 9. This vulnerability affects unknown code of the file app/modules/ut-frame/admin/login.php of the component Login. Such manipulation of the argument code leads to incorrect comparison. The attack can be executed remotely. The attack requires a high β¦
5.3
CVE-2025-9400 - YiFang CMS P_file.php mergeMultipartUpload unrestricted upload
A flaw has been found in YiFang CMS up to 2.0.5. This affects the function mergeMultipartUpload of the file app/utils/base/plugin/P_file.php. This manipulation of the argument File causes unrestricted upload. Remote exploitation of the attack is possible. The exploit has been published and may be uβ¦
5.3
CVE-2025-9399 - YiFang CMS L_tool.php sql injection
A vulnerability was detected in YiFang CMS up to 2.0.5. Affected by this issue is some unknown functionality of the file app/logic/L_tool.php. The manipulation of the argument new_url results in sql injection. The attack may be launched remotely. The exploit is now public and may be used. The vendoβ¦
6.9
CVE-2025-9398 - YiFang CMS Migrate.php exportInstallTable information disclosure
A security vulnerability has been detected in YiFang CMS up to 2.0.5. Affected by this vulnerability is the function exportInstallTable of the file app/utils/base/database/Migrate.php. The manipulation leads to information disclosure. The attack may be initiated remotely. The exploit has been disclβ¦
5.3
CVE-2025-9397 - givanz Vvveb media.php unrestricted upload
A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected is an unknown function of the file /system/traits/media.php. Executing manipulation of the argument files[] can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public β¦