8.7
CVE-2025-15217 - Tenda AC23 HTTP POST Request formSetPPTPUserList buffer overflow
A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely.
8.7
CVE-2025-15216 - Tenda AC23 SetIpMacBind fromSetIpMacBind stack-based overflow
A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and β¦
8.7
CVE-2025-15215 - Tenda AC10U HTTP POST Request setPptpUserList formSetPPTPUserList buffer overflow
A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack rβ¦
4.8
CVE-2025-15214 - Campcodes Park Ticketing System admin_class.php save_pricing cross site scripting
A vulnerability was found in Campcodes Park Ticketing System 1.0. The impacted element is the function save_pricing of the file admin_class.php. The manipulation of the argument name/ride results in cross site scripting. The attack may be performed from remote. The exploit has been made public and β¦
7.5
CVE-2025-69235 -
Whale browser before 4.35.351.12 allows an attacker to bypass the Same-Origin Policy in a sidebar environment.
9.1
CVE-2025-69234 -
Whale browser before 4.35.351.12 allows an attacker to escape the iframe sandbox in a sidebar environment.
5.3
CVE-2025-15213 - code-projects Student File Management System File Download download.php improper authorization
A vulnerability has been found in code-projects Student File Management System 1.0. The affected element is an unknown function of the file /download.php of the component File Download Handler. The manipulation of the argument store_id leads to improper authorization. The attack is possible to be cβ¦
7.7
CVE-2025-69217 - Coturn has unsafe nonce and relay port randomization due to weak random number generation.
coturn is a free open source implementation of TURN and STUN Server. Versions 4.6.2r5 through 4.7.0-r4 have a bad random number generator for nonces and port randomization after refactoring. Additionally, random numbers aren't generated with openssl's RAND_bytes but libc's random() (if it's not runβ¦
5.3
CVE-2025-15212 - code-projects Refugee Food Management System regfood.php sql injection
A vulnerability was detected in code-projects Refugee Food Management System 1.0. This issue affects some unknown processing of the file /home/regfood.php. Performing manipulation of the argument a results in sql injection. Remote exploitation of the attack is possible. The exploit is now public anβ¦
5.3
CVE-2025-15211 - code-projects Refugee Food Management System refugee.php sql injection
A flaw has been found in code-projects Refugee Food Management System 1.0. Impacted is an unknown function of the file /home/refugee.php. Executing manipulation of the argument refNo/Fname/Lname/sex/age/contact/nationality_nid can lead to sql injection. The attack can be executed remotely. The explβ¦