7.5
CVE-2025-67014 -
Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-0078 H.01 allows unauthenticated attackers to access an administrative endpoint.
6.5
CVE-2025-67013 -
The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System v1.8 does not implement Cross-Site Request Forgery (CSRF) protection mechanisms (no tokens, no Origin/Referer validation) on critical configuration endpoints.
9.5
CVE-2025-68937 - forgejo: Forgejo: Server shell access via symlink mishandling in template repositories
Forgejo before 13.0.2 allows attackers to write to unintended files, and possibly obtain server shell access, because of mishandling of out-of-repository symlink destinations for template repositories. This is also fixed for 11 LTS in 11.0.7 and later.
8.7
CVE-2025-15091 - UTT θΏε 512W formPictureUrl strcpy buffer overflow
A vulnerability was determined in UTT θΏε 512W up to 1.7.7-171114. This issue affects the function strcpy of the file /goform/formPictureUrl. This manipulation of the argument importpictureurl causes buffer overflow. It is possible to initiate the attack remotely. The exploit has been publicly disclβ¦
5.3
CVE-2025-14913 - Frontend Post Submission Manager Lite <= 1.2.6 - Incorrect Authorization to Unauthenticated Arbitraβ¦
The Frontend Post Submission Manager Lite β Frontend Posting WordPress Plugin plugin for WordPress is vulnerable to unauthorized loss of data due to an incorrect authorization check on the 'media_delete_action' function in all versions up to, and including, 1.2.6. This makes it possible for unautheβ¦
8.7
CVE-2025-15090 - UTT θΏε 512W formConfigNoticeConfig strcpy buffer overflow
A vulnerability was found in UTT θΏε 512W up to 1.7.7-171114. This vulnerability affects the function strcpy of the file /goform/formConfigNoticeConfig. The manipulation of the argument timestart results in buffer overflow. The attack may be performed from remote. The exploit has been made public anβ¦
8.7
CVE-2025-15089 - UTT θΏε 512W APSecurity strcpy buffer overflow
A vulnerability has been found in UTT θΏε 512W up to 1.7.7-171114. This affects the function strcpy of the file /goform/APSecurity. The manipulation of the argument wepkey1 leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public and mβ¦
5.3
CVE-2025-15088 - ketr JEPaaS loadPostil postilService.loadPostils sql injection
A vulnerability was detected in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is the function postilService.loadPostils of the file /je/postil/postil/loadPostil. Performing a manipulation of the argument keyWord results in sql injection. Remote exploitation of the attack is possible. The β¦
5.3
CVE-2025-15087 - youlaitech youlai-mall OrderController.java submitOrderPayment improper authorization
A security vulnerability has been detected in youlaitech youlai-mall 1.0.0/2.0.0. Affected is the function submitOrderPayment of the file mall-oms/oms-boot/src/main/java/com/youlai/mall/oms/controller/app/OrderController.java. Such manipulation of the argument orderSn leads to improper authorizatioβ¦
5.3
CVE-2025-15086 - youlaitech youlai-mall MemberController.java getMemberByMobile access control
A weakness has been identified in youlaitech youlai-mall 1.0.0/2.0.0. This impacts the function getMemberByMobile of the file mall-ums/ums-boot/src/main/java/com/youlai/mall/ums/controller/app/MemberController.java. This manipulation causes improper access controls. The attack may be initiated remoβ¦