6.9
CVE-2025-15458 - bg5sbk MiniCMS Article post-edit.php improper authentication
A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been publiclβ¦
6.9
CVE-2025-15457 - bg5sbk MiniCMS Trash File Restore post.php improper authentication
A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exβ¦
6.9
CVE-2025-15456 - bg5sbk MiniCMS Publish page-edit.php improper authentication
A vulnerability has been found in bg5sbk MiniCMS up to 1.8. The affected element is an unknown function of the file /mc-admin/page-edit.php of the component Publish Page Handler. Such manipulation leads to improper authentication. The attack may be performed from remote. The exploit has been discloβ¦
6.9
CVE-2025-15455 - bg5sbk MiniCMS File Recovery Request page.php delete_page improper authentication
A flaw has been found in bg5sbk MiniCMS up to 1.8. Impacted is the function delete_page of the file /minicms/mc-admin/page.php of the component File Recovery Request Handler. This manipulation causes improper authentication. The attack is possible to be carried out remotely. The exploit has been puβ¦
2.3
CVE-2025-15454 - zhanglun lettura RSS ContentRender.tsx cross site scripting
A vulnerability was detected in zhanglun lettura up to 0.1.22. This issue affects some unknown processing of the file src/components/ArticleView/ContentRender.tsx of the component RSS Handler. The manipulation results in cross site scripting. The attack can be executed remotely. This attack is charβ¦
5.3
CVE-2025-15453 - milvus HTTP Endpoint expr.go expr.Exec deserialization
A security vulnerability has been detected in milvus up to 2.6.7. This vulnerability affects the function expr.Exec of the file pkg/util/expr/expr.go of the component HTTP Endpoint. The manipulation of the argument code leads to deserialization. Remote exploitation of the attack is possible. The exβ¦
4.8
CVE-2025-15452 - xnx3 wangmarket Backend Variable Search variableList.do variableList cross site scripting
A weakness has been identified in xnx3 wangmarket up to 4.9. This affects the function variableList of the file /admin/system/variableList.do of the component Backend Variable Search. Executing a manipulation of the argument Description can lead to cross site scripting. The attack may be launched rβ¦
4.8
CVE-2025-15451 - xnx3 wangmarket System Variables variableSave.do cross site scripting
A security flaw has been discovered in xnx3 wangmarket up to 4.9. Affected by this issue is some unknown functionality of the file /admin/system/variableSave.do of the component System Variables Page. Performing a manipulation of the argument Description results in cross site scripting. The attack β¦
5.3
CVE-2025-15450 - sfturing hosp_order orderHos findOrderHosNum sql injection
A vulnerability was identified in sfturing hosp_order up to 627f426331da8086ce8fff2017d65b1ddef384f8. Affected by this vulnerability is the function findOrderHosNum of the file /ssm_pro/orderHos/. Such manipulation of the argument hospitalAddress/hospitalName leads to sql injection. The attack can β¦
5.3
CVE-2025-15449 - cld378632668 JavaMall MinioController.java delete path traversal
A vulnerability was determined in cld378632668 JavaMall up to 994f1e2b019378ec9444cdf3fce2d5b5f72d28f0. Affected is the function delete of the file src/main/java/com/macro/mall/controller/MinioController.java. This manipulation of the argument objectName causes path traversal. The attack can be iniβ¦