9.3
CVE-2025-15226 - Sunnetο½WMPro - Arbitrary File Upload
WMPro developed by Sunnet has a Arbitrary File Upload vulnerability, allowing unauthenticated remote attackers to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
6.9
CVE-2025-15176 - Open5GS PFCP Session Establishment Request rule-match.c ogs_pfcp_pdr_rule_find_by_packet assertion
A flaw has been found in Open5GS up to 2.7.5. This affects the function decode_ipv6_header/ogs_pfcp_pdr_rule_find_by_packet of the file lib/pfcp/rule-match.c of the component PFCP Session Establishment Request Handler. Executing a manipulation can lead to reachable assertion. It is possible to launβ¦
8.7
CVE-2025-15225 - Sunnetο½WMPro - Arbitrary File Read
WMPro developed by Sunnet has an Arbitrary File Read vulnerability, allowing unauthenticated remote attackers to exploit Relative Path Traversal to read arbitrary system files.
5.1
CVE-2025-15175 - SohuTV CacheCloud AppController.java appCommandAnalysis cross site scripting
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attaβ¦
5.9
CVE-2025-13958 - YaMaps < 0.6.40 - Contributor+ Stored XSS
The YaMaps for WordPress Plugin WordPress plugin before 0.6.40 does not validate and escape some of its shortcode attributes before outputting them back in a page/post where the shortcode is embed, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting atβ¦
8.6
CVE-2025-13417 - Plugin Organizer < 10.2.4 - Subscriber+ SQLi
The Plugin Organizer WordPress plugin before 10.2.4 does not sanitize and escape a parameter before using it in a SQL statement, allowing subscribers to perform SQL injection attacks.
5.1
CVE-2025-15174 - SohuTV CacheCloud AppManageController.java doAppAuditList cross site scripting
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross site scripting. The attack may be performed fβ¦
6.8
CVE-2025-15070 - Data Exposure in Gmission Web FAX
Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization vulnerability in Gmission Web Fax allows Authentication Abuse.This issue affects Web Fax: from 3.0 before 3.0.1
8.4
CVE-2025-15069 - Privilege Escalation in Gmission Web FAX
Improper Authentication vulnerability in Gmission Web Fax allows Privilege Escalation.This issue affects Web Fax: from 3.0 before 3.0.1
8.5
CVE-2025-15068 - Account Takeover in Gmission Web FAX
Missing Authorization vulnerability in Gmission Web Fax allows Authentication Abuse, Session Credential Falsification through Manipulation.This issue affects Web Fax: from 3.0 before 3.0.1