4.8
CVE-2025-15155 - floooh sokol sokol_gfx.h _sg_pipeline_desc_defaults stack-based overflow
A vulnerability was detected in floooh sokol up to 16cbcc864012898793cd2bc57f802499a264ea40. The impacted element is the function _sg_pipeline_desc_defaults in the library sokol_gfx.h. The manipulation results in stack-based buffer overflow. The attack requires a local approach. The exploit is now β¦
6.9
CVE-2025-15154 - PbootCMS Header handle.php get_user_ip less trusted source
A security vulnerability has been detected in PbootCMS up to 3.2.12. The affected element is the function get_user_ip of the file core/function/handle.php of the component Header Handler. The manipulation of the argument X-Forwarded-For leads to use of less trusted source. The attack can be initiatβ¦
6.3
CVE-2025-15153 - PbootCMS SQLite Database pbootcms.db file access
A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are higβ¦
5.3
CVE-2025-15152 - h-moses moga-mall PmsProductController.java addProduct unrestricted upload
A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted upβ¦
6.3
CVE-2025-15151 - TaleLin Lin-CMS Tests Folder config.py password in configuration file
A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack is possible to be carried out remotely. The cβ¦
4.8
CVE-2025-15150 - PX4 PX4-Autopilot mavlink_log_handler.cpp log_entry_from_id stack-based overflow
A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipulation results in stack-based buffer overflow. The attack is oβ¦
4.8
CVE-2025-15149 - rawchen ecms Add New Product updateProductServlet.java updateProductServlet cross site scripting
A vulnerability has been found in rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded. Affected by this vulnerability is the function updateProductServlet of the file src/servlet/product/updateProductServlet.java of the component Add New Product Page. The manipulation of the argument producβ¦
5.1
CVE-2025-15148 - CmsEasy Backend Template Management template_admin.php savetemp_action code injection
A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetemp_action in the library /lib/admin/template_admin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdata can lead to code injection. The attack may be launched remβ¦
4.8
CVE-2025-15146 - SohuTV CacheCloud UserManageController.java doUserList cross site scripting
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function doUserList of the file src/main/java/com/sohu/cache/web/controller/UserManageController.java. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit is now puβ¦
4.8
CVE-2025-15145 - SohuTV CacheCloud TotalManageController.java doTotalList cross site scripting
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. This affects the function doTotalList of the file src/main/java/com/sohu/cache/web/controller/TotalManageController.java. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit haβ¦