6.9
CVE-2025-15422 - EmpireSoft EmpireCMS IP Address connect.php egetip protection mechanism
A flaw has been found in EmpireSoft EmpireCMS up to 8.0. This issue affects the function egetip of the file e/class/connect.php of the component IP Address Handler. This manipulation causes protection mechanism failure. The attack may be initiated remotely. The exploit has been published and may beβ¦
6.9
CVE-2025-15421 - Yonyou KSOA HTTP GET Parameter agent_worksadd.jsp sql injection
A vulnerability was detected in Yonyou KSOA 9.0. This vulnerability affects unknown code of the file /worksheet/agent_worksadd.jsp of the component HTTP GET Parameter Handler. The manipulation of the argument ID results in sql injection. The attack can be launched remotely. The exploit is now publiβ¦
6.9
CVE-2025-15420 - Yonyou KSOA agent_work_report.jsp sql injection
A security vulnerability has been detected in Yonyou KSOA 9.0. This affects an unknown part of the file /worksheet/agent_work_report.jsp. The manipulation of the argument ID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed publicly and may be used. The veβ¦
4.8
CVE-2025-15419 - Open5GS GTPv2-C Flow s5c-handler.c sgwc_s5c_handle_create_session_response denial of service
A weakness has been identified in Open5GS up to 2.7.6. Affected by this issue is the function sgwc_s5c_handle_create_session_response of the file src/sgwc/s5c-handler.c of the component GTPv2-C Flow Handler. Executing a manipulation can lead to denial of service. The attack needs to be launched locβ¦
6.1
CVE-2025-45286 -
A cross-site scripting (XSS) vulnerability in mccutchen httpbin v2.17.1 allows attackers to execute arbitrary web scripts or HTML via a crafted payload.
5.3
CVE-2024-55374 -
REDCap 14.3.13 allows an attacker to enumerate usernames due to an observable discrepancy between login attempts.
7.5
CVE-2025-67269 - gpsd: gpsd: Denial of Service due to malformed NAVCOM packet parsing
An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `lexer->length = (size_t)c - 4` without checking if the input β¦
9.8
CVE-2025-67268 - gpsd: gpsd: Arbitrary code execution via heap-based out-of-bounds write in NMEA2000 packet handling
gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the user-supplied satellite count against the size of the skyviewβ¦
7.5
CVE-2025-67160 -
An issue in Vatilon v1.12.37-20240124 allows attackers to access sensitive directories and files via a directory traversal.
7.5
CVE-2025-67158 -
An authentication bypass in the /cgi-bin/jvsweb.cgi endpoint of Revotech I6032W-FHW v1.0.0014 - 20210517 allows attackers to access sensitive information and escalate privileges via a crafted HTTP request.