5.3
CVE-2025-12267 - abhicodebox ModernShop search cross site scripting
A flaw has been found in abhicodebox ModernShop 20250922. This issue affects some unknown processing of the file /search. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used.
5.3
CVE-2025-12266 - Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection
A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function _empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The atβ¦
8.7
CVE-2025-12265 - Tenda CH22 VirtualSer fromVirtualSer buffer overflow
A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVirtualSer of the file /goform/VirtualSer. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the publicβ¦
5.1
CVE-2025-12264 - Wisencode Create Support Ticket create cross site scripting
A security flaw has been discovered in Wisencode up to 20251012. Affected by this vulnerability is an unknown functionality of the file /support-ticket/create of the component Create Support Ticket Handler. The manipulation of the argument Message results in cross site scripting. The attack may be β¦
5.3
CVE-2025-12263 - code-projects Online Event Judging System edit_judge.php sql injection
A vulnerability was identified in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /edit_judge.php. The manipulation of the argument judge_id leads to sql injection. The attack may be initiated remotely. The exploit is publicly available and might be used.
5.3
CVE-2025-12262 - code-projects Online Event Judging System edit_criteria.php sql injection
A vulnerability was determined in code-projects Online Event Judging System 1.0. This impacts an unknown function of the file /edit_criteria.php. Executing manipulation of the argument crit_id can lead to sql injection. The attack can be launched remotely. The exploit has been publicly disclosed anβ¦
4.3
CVE-2025-59463 - Denial-of-service (DoS) via chunk size mismatch
An attacker may cause chunk-size mismatches that block file transfers and prevent subsequent transfers.
6.5
CVE-2025-59462 - Denial-of-service (DoS) via delayed or missing client response
An attacker who tampers with the C++ CLI client may crash the UpdateService during file transfers, disrupting updates and availability.
7.6
CVE-2025-59461 - API does not require authentication
A remote unauthenticated attacker may use the unauthenticated C++ API to access or modify sensitive data and disrupt services.
7.5
CVE-2025-59460 - Unsecure access configuration
The system is deployed in its default state, with configuration settings that do not comply with the latest best practices for restricting access. This increases the risk of unauthorised connections.