8.5
CVE-2023-53946 - Arcsoft PhotoStudio 6.0.0.172 Unquoted Service Path Privilege Escalation
Arcsoft PhotoStudio 6.0.0.172 contains an unquoted service path vulnerability in the ArcSoft Exchange Service that allows local attackers to escalate privileges. Attackers can place a malicious executable in the unquoted path and trigger the service to execute arbitrary code with system-level permiβ¦
8.7
CVE-2023-53945 - BrainyCP 1.0 Remote Code Execution via Authenticated Crontab Manipulation
BrainyCP 1.0 contains an authenticated remote code execution vulnerability that allows logged-in users to inject arbitrary commands through the crontab configuration interface. Attackers can exploit the crontab endpoint by adding a malicious command that spawns a reverse shell to a specified IP andβ¦
5.9
CVE-2025-68481 - FastAPI Users Vulnerable to 1-click Account Takeover in Apps Using FastAPI SSO
FastAPI Users allows users to quickly add a registration and authentication system to their FastAPI project. Prior to version 15.0.2, the OAuth login state tokens are completely stateless and carry no per-request entropy or any data that could link them to the session that initiated the OAuth flow.β¦
4.7
CVE-2025-67712 - HTML injection issue in ArcGIS Web App Builder
There is an HTML injection issue in Esri ArcGIS Web AppBuilder developer edition versions prior to 2.30 that allows a remote, unauthenticated attacker to potentially entice a user to click a link that causes arbitrary HTML to render in a victim's browser. There is no evidence of JavaScript executioβ¦
6.9
CVE-2025-14968 - code-projects Simple Stock System update.php sql injection
A security flaw has been discovered in code-projects Simple Stock System 1.0. Affected by this issue is some unknown functionality of the file /market/update.php. The manipulation of the argument email results in sql injection. The attack can be launched remotely. The exploit has been released to tβ¦
6.3
CVE-2025-12874 - HTTP Request Smuggling in Quest Coexistence Manager for Notes
Inconsistent Interpretation of HTTP Requests ('HTTP Request/Response Smuggling') vulnerability in Quest Coexistence Manager for Notes (Free/Busy Connector modules) allows HTTP Request Smuggling via the Content-Length-Transfer-Encoding (CL.TE) attack vector. This could allow an attacker toΒ bypass acβ¦
6.9
CVE-2025-14967 - itsourcecode Student Management System candidates_report.php sql injection
A vulnerability was identified in itsourcecode Student Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /candidates_report.php. The manipulation of the argument school_year leads to sql injection. The attack can be initiated remotely. The exploit is publβ¦
5.1
CVE-2025-14966 - FastAdmin Backend Controller Backend.php selectpage sql injection
A vulnerability was determined in FastAdmin up to 1.7.0.20250506. Affected is the function selectpage of the file application/common/controller/Backend.php of the component Backend Controller. Executing a manipulation of the argument custom/searchField can lead to sql injection. It is possible to lβ¦
5.1
CVE-2025-14965 - 1541492390c yougou-mall ResourceController.java delete path traversal
A vulnerability was found in 1541492390c yougou-mall up to 0a771fa817c924efe52c8fe0a9a6658eee675f9f. This impacts the function upload/delete of the file src/main/java/per/ccm/ygmall/extra/controller/ResourceController.java. Performing manipulation results in path traversal. This product is using a β¦
9.3
CVE-2025-14964 - TOTOLINK T10 cstecgi.cgi sprintf stack-based overflow
A vulnerability has been found in TOTOLINK T10 4.1.8cu.5083_B20200521. This affects the function sprintf of the file /cgi-bin/cstecgi.cgi. Such manipulation of the argument loginAuthUrl leads to stack-based buffer overflow. The attack may be performed from remote.