6.9
CVE-2025-13786 - taosir WTCMS index.php fetch code injection
A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public anβ¦
5.3
CVE-2025-13785 - yungifez Skuul School Management System Image profile information disclosure
A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The expβ¦
4.8
CVE-2025-13784 - yungifez Skuul School Management System SVG File edit cross site scripting
A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. Tβ¦
5.3
CVE-2025-13783 - taosir WTCMS CommentadminController CommentadminController.class.php delete sql injection
A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component CommentadminController. The manipulation of the argument idβ¦
6.9
CVE-2025-13782 - taosir WTCMS SlideController SlideController.class.php delete sql injection
A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by this issue is the function delete of the file application/Admin/Controller/SlideController.class.php of the component SlideController. The manipulation of the argument ids leads to sql injectiβ¦
9.8
CVE-2025-13615 - StreamTube Core <= 4.78 - Unauthenticated Arbitrary User Password Change
The StreamTube Core plugin for WordPress is vulnerable to Arbitrary User Password Change in versions up to, and including, 4.78. This is due to the plugin providing user-controlled access to objects, letting a user bypass authorization and access system resources. This makes it possible for unautheβ¦
5
CVE-2025-66432 -
In Oxide control plane 15 through 17 before 17.1, API tokens can be renewed past their expiration date.
6.5
CVE-2025-66424 -
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for data export. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
4.3
CVE-2025-66422 -
Tryton trytond before 7.6.11 allows remote attackers to obtain sensitive trace-back (server setup) information. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.
7.1
CVE-2025-66423 -
Tryton trytond 6.0 before 7.6.11 does not enforce access rights for the route of the HTML editor. This is fixed in 7.6.11, 7.4.21, 7.0.40, and 6.0.70.