6.9
CVE-2025-15425 - Yonyou KSOA HTTP GET Parameter del_user.jsp sql injection
A vulnerability was determined in Yonyou KSOA 9.0. The impacted element is an unknown function of the file /worksheet/del_user.jsp of the component HTTP GET Parameter Handler. Executing a manipulation of the argument ID can lead to sql injection. The attack can be executed remotely. The exploit hasβ¦
6.9
CVE-2025-15424 - Yonyou KSOA HTTP GET Parameter agent_worksdel.jsp sql injection
A vulnerability was found in Yonyou KSOA 9.0. The affected element is an unknown function of the file /worksheet/agent_worksdel.jsp of the component HTTP GET Parameter Handler. Performing a manipulation of the argument ID results in sql injection. Remote exploitation of the attack is possible. The β¦
5.3
CVE-2025-15423 - EmpireSoft EmpireCMS connect.php CheckSaveTranFiletype unrestricted upload
A vulnerability has been found in EmpireSoft EmpireCMS up to 8.0. Impacted is the function CheckSaveTranFiletype of the file e/class/connect.php. Such manipulation leads to unrestricted upload. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. The veβ¦
9.8
CVE-2025-14998 - Branda β White Label & Branding, Free Login Page Customizer <= 3.4.24 - Unauthenticated Privilege Eβ¦
The Branda plugin for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 3.4.24. This is due to the plugin not properly validating a user's identity prior to updating their password. This makes it possible for unauthenticated attackers to chanβ¦
5.3
CVE-2025-14047 - WP User Frontend <= 4.2.4 - Missing Authorization to Unauthenticated Arbitrary Attachment Deletion
The Registration, User Profile, Membership, Content Restriction, User Directory, and Frontend Post Submission β WP User Frontend plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'Frontend_Form_Ajax::submit_post' function in all versions up to,β¦
6.9
CVE-2025-15422 - EmpireSoft EmpireCMS IP Address connect.php egetip protection mechanism
A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may beβ¦
6.9
CVE-2025-15421 - Yonyou KSOA HTTP GET Parameter agent_worksadd.jsp sql injection
A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now publiβ¦
6.9
CVE-2025-15420 - Yonyou KSOA agent_work_report.jsp sql injection
A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The veβ¦
4.8
CVE-2025-15419 - Open5GS GTPv2-C Flow s5c-handler.c sgwc_s5c_handle_create_session_response denial of service
A weakness has been identified in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c of the component GTPv2-C Flow Handler. Executing a manipulation can lead to denial of service. The attack needs to be launched locβ¦
6.1
CVE-2025-45286 -
A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.