6.3
CVE-2025-15153 - PbootCMS SQLite Database pbootcms.db file access
A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are higβ¦
5.3
CVE-2025-15152 - h-moses moga-mall PmsProductController.java addProduct unrestricted upload
A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted upβ¦
6.3
CVE-2025-15151 - TaleLin Lin-CMS Tests Folder config.py password in configuration file
A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack is possible to be carried out remotely. The cβ¦
4.8
CVE-2025-15150 - PX4 PX4-Autopilot mavlink_log_handler.cpp log_entry_from_id stack-based overflow
A vulnerability was found in PX4 PX4-Autopilot up to 1.16.0. Affected by this issue is the function MavlinkLogHandler::state_listing/MavlinkLogHandler::log_entry_from_id of the file src/modules/mavlink/mavlink_log_handler.cpp. The manipulation results in stack-based buffer overflow. The attack is oβ¦
4.8
CVE-2025-15149 - rawchen ecms Add New Product updateProductServlet.java updateProductServlet cross site scripting
A vulnerability has been found in rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded. Affected by this vulnerability is the function updateProductServlet of the file src/servlet/product/updateProductServlet.java of the component Add New Product Page. The manipulation of the argument producβ¦
5.1
CVE-2025-15148 - CmsEasy Backend Template Management template_admin.php savetemp_action code injection
A flaw has been found in CmsEasy up to 7.7.7. Affected is the function savetemp_action in the library /lib/admin/template_admin.php of the component Backend Template Management Page. Executing a manipulation of the argument content/tempdata can lead to code injection. The attack may be launched remβ¦
4.8
CVE-2025-15146 - SohuTV CacheCloud UserManageController.java doUserList cross site scripting
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function doUserList of the file src/main/java/com/sohu/cache/web/controller/UserManageController.java. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit is now puβ¦
4.8
CVE-2025-15145 - SohuTV CacheCloud TotalManageController.java doTotalList cross site scripting
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. This affects the function doTotalList of the file src/main/java/com/sohu/cache/web/controller/TotalManageController.java. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit haβ¦
5.3
CVE-2025-15144 - dayrui XunRuiCMS JSONP Callback Init.php dr_exit_msg cross site scripting
A weakness has been identified in dayrui XunRuiCMS up to 4.7.1. The impacted element is the function dr_show_error/dr_exit_msg of the file /dayrui/Fcms/Init.php of the component JSONP Callback Handler. This manipulation of the argument callback causes cross site scripting. The attack can be initiatβ¦
7.8
CVE-2025-68973 -
In GnuPG before 2.4.9, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)