8.7
CVE-2023-53945 - BrainyCP 1.0 Remote Code Execution via Authenticated Crontab Manipulation
BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a specified IP andβ¦
5.9
CVE-2025-68481 - FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO
FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flow.β¦
4.7
CVE-2025-67712 - HTML injection issue in ArcGIS Web App Builder
There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript executioβ¦
6.9
CVE-2025-14968 - code-projects Simple Stock System update.php sql injection
A security flaw has been discovered in code-projects Simple Stock System 1.0. Affected by this issue is some unknown functionality of the file /market/update.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been released to tβ¦
6.3
CVE-2025-12874 - HTTP Request Smuggling in Quest Coexistence Manager for Notes
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Quest Coexistence Manager for Notes (Free/Busy Connector modules) allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding (CL.TE) attack vector. This could allow an attacker toΒ bypass acβ¦
6.9
CVE-2025-14967 - itsourcecode Student Management System candidates_report.php sql injection
A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /candidates_report.php. The manipulation of the argument school_year leads to sql injection. The attack can be initiated remotely. The exploit is publβ¦
5.1
CVE-2025-14966 - FastAdmin Backend Controller Backend.php selectpage sql injection
A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing a manipulation of the argument custom/searchField can lead to sql injection. It is possible to lβ¦
5.1
CVE-2025-14965 - 1541492390c yougou-mall ResourceController.java delete path traversal
A vulnerability was found in 1541492390c yougou-mall up to 0a771fa817c924efe52c8fe0a9a6658eee675f9f. This impacts the function upload/delete of the file src/main/java/per/ccm/ygmall/extra/controller/ResourceController.java. Performing manipulation results in path traversal. This product is using a β¦
9.3
CVE-2025-14964 - TOTOLINK T10 cstecgi.cgi sprintf stack-based overflow
A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote.
5.3
CVE-2025-14962 - code-projects Simple Stock System chatuser.php cross site scripting
A flaw has been found in code-projects Simple Stock System 1.0. The impacted element is an unknown function of the file /market/chatuser.php. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used.