9.9
CVE-2025-68562 - WordPress MapSVG plugin <= 8.7.3 - Arbitrary File Upload vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG mapsvg-lite-interactive-vector-maps allows Upload a Web Shell to a Web Server.This issue affects MapSVG: from n/a through <= 8.7.3.
6.5
CVE-2025-68607 - WordPress Custom Field Template plugin <= 2.7.7 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Hiroaki Miyashita Custom Field Template custom-field-template allows Stored XSS.This issue affects Custom Field Template: from n/a through <= 2.7.7.
9.8
CVE-2025-68860 - WordPress Mobile builder plugin <= 1.4.2 - Broken Authentication vulnerability
Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile builder mobile-builder allows Authentication Abuse.This issue affects Mobile builder: from n/a through <= 1.4.2.
5.3
CVE-2025-15205 - code-projects Student File Management System download.php sql injection
A vulnerability was identified in code-projects Student File Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /download.php. The manipulation of the argument istore_id leads to sql injection. The attack can be initiated remotely. The exploit is publicly โฆ
6.3
CVE-2025-69205 - In ยตURU, a Specially Crafted Federation Name Allows Dialplan Injection
Micro Registration Utility (ยตURU) is a telephone self registration utility based on asterisk. In versions up to and including commit 88db9a953f38a3026bcd6816d51c7f3b93c55893, an attacker can crafts a special federation name and characters treated special by asterisk can be injected into the `Dial( โฆ
4.8
CVE-2025-15204 - SohuTV CacheCloud QuartzManageController.java doQuartzList cross site scripting
A vulnerability was determined in SohuTV CacheCloud up to 3.2.0. Affected is the function doQuartzList of the file src/main/java/com/sohu/cache/web/controller/QuartzManageController.java. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The explโฆ
4.8
CVE-2025-15203 - SohuTV CacheCloud ResourceController.java index cross site scripting
A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been โฆ
4.8
CVE-2025-15202 - SohuTV CacheCloud TaskController.java taskQueueList cross site scripting
A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been discloโฆ
6
CVE-2025-14175 - Weak Algorithm Support in SSH Server on TL-WR820N
A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic.ย Exploitation may expose sensitive information and compromise confidentiality.
6
CVE-2025-69202 - axios-cache-interceptor Vulnerable to Cache Poisoning via Ignored HTTP Vary Header
Axios Cache Interceptor is a cache interceptor for axios. Prior to version 1.11.1, when a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. The cache key is generated only from the URL, ignoringโฆ