6.9
CVE-2025-14546 -
Versions of the package fastapi-sso before 0.19.0 are vulnerable to Cross-site Request Forgery (CSRF) due to the improper validation of the OAuth state parameter during the authentication callback. While the get_login_url method allows for state generation, it does not persist the state or bind it β¦
6.9
CVE-2025-14940 - code-projects Scholars Tracking System delete_user.php sql injection
A vulnerability was determined in code-projects Scholars Tracking System 1.0. The affected element is an unknown function of the file /admin/delete_user.php. This manipulation of the argument ID causes sql injection. It is possible to initiate the attack remotely. The exploit has been publicly discβ¦
5.1
CVE-2025-14939 - code-projects Online Appointment Booking System deletemanager.php sql injection
A vulnerability was found in code-projects Online Appointment Booking System 1.0. Impacted is an unknown function of the file /admin/deletemanager.php. The manipulation of the argument managername results in sql injection. The attack may be performed from remote. The exploit has been made public anβ¦
8.8
CVE-2025-13941 - Foxit PDF Reader Update Service Incorrect Permission Assignment Local Privilege Escalation Vulnerabβ¦
A local privilege escalation vulnerability exists in the Foxit PDF Reader/Editor Update Service. During plugin installation, incorrect file system permissions are assigned to resources used by the update service. A local attacker with low privileges could modify or replace these resources, which arβ¦
8.8
CVE-2025-52692 - Bypass Authentication
Successful exploitation of the vulnerability could allow an attacker with local network access to send a specially crafted URL to access certain administration functions without login credentials.
5.3
CVE-2025-14910 - Edimax BR-6208AC FTP Daemon Service handle_retr path traversal
A vulnerability was detected in Edimax BR-6208AC 1.02. This impacts the function handle_retr of the component FTP Daemon Service. The manipulation results in path traversal. The attack may be launched remotely. The exploit is now public and may be used. Edimax confirms this issue: "This product is β¦
5.3
CVE-2025-14909 - JeecgBoot SysUserOnlineController.java SysUserOnlineController user session
A weakness has been identified in JeecgBoot up to 3.9.0. The impacted element is the function SysUserOnlineController of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysUserOnlineController.java. Executing manipulation can lead to manageβ¦
5.3
CVE-2025-14908 - JeecgBoot Multi-Tenant Management SysTenantController.java improper authentication
A security flaw has been discovered in JeecgBoot up to 3.9.0. The affected element is an unknown function of the file jeecg-boot/jeecg-module-system/jeecg-system-biz/src/main/java/org/jeecg/modules/system/controller/SysTenantController.java of the component Multi-Tenant Management Module. Performinβ¦
8.2
CVE-2025-11774 - Malicious Code Execution Vulnerability in the Software Keyboard Function of GENESIS64, ICONICS Suitβ¦
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in the software keyboard function (hereinafter referred to as "keypad function") of Mitsubishi Electric GENESIS64 versions 10.97.2 CFR3 and prior, Mitsubishi Electric Iconics Digital Solutions Gβ¦
0.0
CVE-2025-68490 -
Not used