5.3
CVE-2025-15144 - dayrui XunRuiCMS JSONP Callback Init.php dr_exit_msg cross site scripting
A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function dr_show_error/dr_exit_msg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiatโฆ
7.8
CVE-2025-68973 -
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)
5.1
CVE-2025-15143 - EyouCMS Backend Template Management FilemanagerLogic.php sql injection
A security flaw has been discovered in EyouCMS up to 1.7.6. The affected element is an unknown function of the file /application/admin/logic/FilemanagerLogic.php of the component Backend Template Management. The manipulation of the argument content results in sql injection. It is possible to launchโฆ
6.9
CVE-2025-15142 - 9786 phpok3w show.php sql injection
A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and mighโฆ
2.3
CVE-2025-15141 - Halo Configuration actuator information disclosure
A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high cโฆ
6.9
CVE-2025-15140 - saiftheboss7 onlinemcqexam quesadd.php sql injection
A vulnerability was found in saiftheboss7 onlinemcqexam up to 0e56806132971e49721db3ef01868098c7b42ada. This vulnerability affects unknown code of the file /admin/quesadd.php. Performing manipulation of the argument ans1/ans2 results in sql injection. The attack is possible to be carried out remoteโฆ
5.3
CVE-2025-15139 - TRENDnet TEW-822DRE formWsc sub_43ACF4ย command injection
A vulnerability has been found in TRENDnet TEW-822DRE 1.00B21/1.01B06. This affects the function sub_43ACF4ย of the file /boafrm/formWsc. Such manipulation of the argument peerPin leads to command injection. The attack can be executed remotely. The exploit has been disclosed to the public and may bโฆ
5.1
CVE-2025-15138 - prasathmani TinyFileManager tinyfilemanager.php path traversal
A flaw has been found in prasathmani TinyFileManager up to 2.6. Affected by this issue is some unknown functionality of the file tinyfilemanager.php. This manipulation of the argument fullpath causes path traversal. Remote exploitation of the attack is possible. The exploit has been published and mโฆ
8.7
CVE-2025-15137 - TRENDnet TEW-800MB NTPSyncWithHost.cgi sub_F934ย command injection
A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934ย of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The exploit is now public and may be used. The vendor was contactโฆ
8.7
CVE-2025-15136 - TRENDnet TEW-800MB Management wizardset do_setWizard_asp command injection
A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads to command injection. The attack may be initiated remotelyโฆ