4.8
CVE-2025-15418 - Open5GS Bearer QoS IE Length types.c ogs_gtp2_parse_bearer_qos denial of service
A security flaw has been discovered in Open5GS up to 2.7.6. Affected by this vulnerability is the function ogs_gtp2_parse_bearer_qos in the library lib/gtp/v2/types.c of the component Bearer QoS IE Length Handler. Performing a manipulation results in denial of service. The attack must be initiated β¦
4.8
CVE-2025-15417 - Open5GS GTPv2-C F-TEID s11-handler.c sgwc_s11_handle_create_session_request denial of service
A vulnerability was identified in Open5GS up to 2.7.6. Affected is the function sgwc_s11_handle_create_session_request of the file src/sgwc/s11-handler.c of the component GTPv2-C F-TEID Handler. Such manipulation leads to denial of service. The attack must be carried out locally. The exploit is pubβ¦
4.8
CVE-2025-15416 - xnx3 wangmarket Add Global Variable save.do cross site scripting
A vulnerability was found in xnx3 wangmarket up to 6.4. This affects an unknown function of the file /siteVar/save.do of the component Add Global Variable Handler. The manipulation of the argument Remark/Variable Value results in cross site scripting. The attack can be executed remotely. The exploiβ¦
5.1
CVE-2025-15415 - xnx3 wangmarket XML File uploadImage.do uploadImage unrestricted upload
A vulnerability has been found in xnx3 wangmarket up to 6.4. The impacted element is the function uploadImage of the file /sits/uploadImage.do of the component XML File Handler. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The eβ¦
5.1
CVE-2025-15414 - go-sonic Theme Fetching API git_fetcher.go FetchTheme server-side request forgery
A flaw has been found in go-sonic sonic up to 1.1.4. The affected element is the function FetchTheme of the file service/theme/git_fetcher.go of the component Theme Fetching API. Executing a manipulation of the argument uri can lead to server-side request forgery. The attack may be launched remotelβ¦
4.8
CVE-2025-15413 - wasm3 m3_exec.h op_CallIndirect memory corruption
A vulnerability was detected in wasm3 up to 0.5.0. Impacted is the function op_SetSlot_i32/op_CallIndirect of the file m3_exec.h. Performing a manipulation results in memory corruption. The attack needs to be approached locally. The exploit is now public and may be used. Unfortunately, the project β¦
4.8
CVE-2025-15412 - WebAssembly wabt wasm-decompile VarName out-of-bounds
A security vulnerability has been detected in WebAssembly wabt up to 1.0.39. This issue affects the function wabt::Decompiler::VarName of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. Such manipulation leads to out-of-bounds read. Local access is required to approach β¦
4.8
CVE-2025-15411 - WebAssembly wabt wasm-decompile InsertNode memory corruption
A weakness has been identified in WebAssembly wabt up to 1.0.39. This vulnerability affects the function wabt::AST::InsertNode of the file /src/repro/wabt/bin/wasm-decompile of the component wasm-decompile. This manipulation causes memory corruption. It is possible to launch the attack on the localβ¦
6.9
CVE-2025-15410 - code-projects Online Guitar Store login.php sql injection
A vulnerability was identified in code-projects Online Guitar Store 1.0. Affected by this issue is some unknown functionality of the file /login.php. The manipulation of the argument L_email leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available anβ¦
6.3
CVE-2025-69203 - Signal K Server Vulnerable to Access Request Spoofing
Signal K Server is a server application that runs on a central hub in a boat. Versions prior to 2.19.0 of the access request system have two related features that when combined by themselves and with an information disclosure vulnerability enable convincing social engineering attacks against adminiβ¦