4.8
CVE-2025-15416 - xnx3 wangmarket Add Global Variable save.do cross site scripting
A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation of the argument Remark/Variable Value results in cross site scripting. The attack can be executed remotely. The exploiβ¦
5.1
CVE-2025-15415 - xnx3 wangmarket XML File uploadImage.do uploadImage unrestricted upload
A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The eβ¦
5.1
CVE-2025-15414 - go-sonic Theme Fetching API git_fetcher.go FetchTheme server-side request forgery
A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/git_fetcher.go of the component Theme Fetching API. Executing a manipulation of the argument uri can lead to server-side request forgery. The attack may be launched remotelβ¦
4.8
CVE-2025-15413 - wasm3 m3_exec.h op_CallIndirect memory corruption
A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. Performing a manipulation results in memory corruption. The attack needs to be approached locally. The exploit is now public and may be used. Unfortunately, the project β¦
4.8
CVE-2025-15412 - WebAssembly wabt wasm-decompile VarName out-of-bounds
A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach β¦
4.8
CVE-2025-15411 - WebAssembly wabt wasm-decompile InsertNode memory corruption
A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the localβ¦
6.9
CVE-2025-15410 - code-projects Online Guitar Store login.php sql injection
A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument L_email leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available anβ¦
6.3
CVE-2025-69203 - Signal K Server Vulnerable to Access Request Spoofing
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable convincing social engineering attacks against adminiβ¦
7.3
CVE-2025-68619 - Signal K Server Vulnerable to Remote Code Execution via Malicious npm Package
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the appstore interface allow administrators to install npm packages through a REST API endpoint. While the endpoint validates that the package name exists in the npm registry as a known plugin β¦
6.9
CVE-2025-15409 - code-projects Online Guitar Store Delete_product.php sql injection
A vulnerability was determined in code-projects Online Guitar Store 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/Delete_product.php. Executing a manipulation of the argument del_pro can lead to sql injection. The attack may be performed from remote. The exploitβ¦