6.9
CVE-2025-15432 - yeqifu carRental com.yeqifu.sys.controller.FileController downloadShowFile.action downloadShowFile β¦
A vulnerability has been found in yeqifu carRental up to 3fabb7eae93d209426638863980301d6f99866b3. This vulnerability affects the function downloadShowFile of the file /file/downloadShowFile.action of the component com.yeqifu.sys.controller.FileController. The manipulation of the argument path leadβ¦
8.7
CVE-2025-15431 - UTT θΏε 512W formFtpServerDirConfig strcpy buffer overflow
A flaw has been found in UTT θΏε 512W 1.7.7-171114. This affects the function strcpy of the file /goform/formFtpServerDirConfig. Executing a manipulation of the argument filename can lead to buffer overflow. The attack can be launched remotely. The exploit has been published and may be used. The venβ¦
5.3
CVE-2025-14072 - Ninja Forms < 3.13.3 - Unauthenticated Token Generation and Submission Disclosure
The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid access tokens via the REST API which can then be used to read form submissions.
6.1
CVE-2025-13456 - Shopbuilder < 3.2.2 - Reflected XSS
The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin.
6.1
CVE-2025-13153 - Logo Slider < 4.9.0 - Contributor+ Stored XSS
The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider options before outputting them back in the dashboard, which could allow users with the contributor role and above to perform Stored Cross-Site Scripting attacks.
6.5
CVE-2025-12685 - WPBookit <= 1.0.7 - Customer Deletion via CSRF
The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could allow an unauthenticated attacker to delete any customer through a CSRF attack.
8.7
CVE-2025-15430 - UTT θΏε 512W formFtpServerShareDirSelcet strcpy buffer overflow
A vulnerability was detected in UTT θΏε 512W 1.7.7-171114. Affected by this issue is the function strcpy of the file /goform/formFtpServerShareDirSelcet. Performing a manipulation of the argument oldfilename results in buffer overflow. The attack can be initiated remotely. The exploit is now public β¦
8.7
CVE-2025-15429 - UTT θΏε 512W formConfigCliForEngineerOnly strcpy buffer overflow
A security vulnerability has been detected in UTT θΏε 512W 1.7.7-171114. Affected by this vulnerability is the function strcpy of the file /goform/formConfigCliForEngineerOnly. Such manipulation of the argument addCommand leads to buffer overflow. It is possible to launch the attack remotely. The exβ¦
8.7
CVE-2025-15428 - UTT θΏε 512W formRemoteControl strcpy buffer overflow
A weakness has been identified in UTT θΏε 512W 1.7.7-171114. Affected is the function strcpy of the file /goform/formRemoteControl. This manipulation of the argument Profile causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to the public and β¦
6.9
CVE-2025-15427 - Seeyon Zhiyuan OA Web Application System carUseDetailList.j%73p sql injection
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: The vendor mentioned in the original disclosure filed a report that this issue affects a different vendor. The reseβ¦