3.1
CVE-2025-68940 - gitea: Gitea: Unauthorized branch deletion due to inadequate permission enforcement
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
8.2
CVE-2025-68939 - gitea: attachments can be renamed to forbidden file extensions via the attachment API
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
5.1
CVE-2025-15095 - postmanlabs httpbin core.py cross site scripting
A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. β¦
5.3
CVE-2025-15094 - sunkaifei FlyCMS User Login UserController.java userLogin cross site scripting
A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing a manipulation of the argument redirectUrl can β¦
4.3
CVE-2025-68938 - gitea: incorrect authorization for deletion of releases
Gitea before 1.25.2 mishandles authorization for deletion of releases.
5.3
CVE-2025-15093 - sunkaifei FlyCMS Admin Login IndexAdminController.java cross site scripting
A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Performing a manipulation of the argument redirβ¦
8.7
CVE-2025-15092 - UTT θΏε 512W ConfigExceptMSN strcpy buffer overflow
A vulnerability was identified in UTT θΏε 512W up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/ConfigExceptMSN. Such manipulation of the argument remark leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
6.5
CVE-2024-42718 -
A path traversal vulnerability in Croogo CMS 4.0.7 allows remote attackers to read arbitrary files via a specially crafted path in the 'edit-file' parameter.
7.5
CVE-2025-25341 -
A vulnerability exists in the libxmljs 1.0.11 when parsing a specially crafted XML document. Accessing the internal _ref property on entity_ref and entity_decl nodes causes a segmentation fault, potentially leading to a denial-of-service (DoS).
6.1
CVE-2025-67349 -
A cross-site scripting (XSS) vulnerability was identified in FluentCMS 1.2.3. After logging in as an admin and navigating to the "Add Page" function, the application fails to properly sanitize input in the <head> section, allowing remote attackers to inject arbitrary script tags.