4.5
CVE-2025-66510 - Nextcloud Server Contacts Search allowed users to retrieve contact information of other users beyonโฆ
Nextcloud Server is a self hosted personal cloud system. In Nextcloud Server prior to 31.0.10 and 32.0.1 and Nextcloud Enterprise Server prior to 28.0.14.11, 29.0.16.8, 30.0.17.3, and 31.0.10, contacts search allowed to retrieve personal data of other users (emails, names, identifiers) without propโฆ
8.3
CVE-2025-65036 - XWiki Remote Macros vulnerable to remote code execution using the confluence details summary macro
XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Prior to 1.27.1, the macro executes Velocity from the details pages without checking for permissions, which can lead to remote code execution. This vulnerability is fixed in 1.27.1.
8.9
CVE-2025-66471 - urllib3 Streaming API improperly handles highly compressed data
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.0 and prior to 2.6.0, the Streaming API improperly handles highly compressed data. urllib3's streaming API is designed for the efficient handling of large HTTP responses by reading the content in chunks, rather than loโฆ
8.9
CVE-2025-66418 - urllib3 allows an unbounded number of links in the decompression chain
urllib3 is a user-friendly HTTP client library for Python. Starting in version 1.24 and prior to 2.6.0, the number of links in the decompression chain was unbounded allowing a malicious server to insert a virtually unlimited number of compression steps leading to high CPU usage and massive memory aโฆ
5.1
CVE-2025-14092 - Edimax BR-6478AC V3 formDebugDiagnosticRun sub_416898 os command injection
A security vulnerability has been detected in Edimax BR-6478AC V3 1.0.15. This issue affects the function sub_416898 of the file /boafrm/formDebugDiagnosticRun. The manipulation of the argument host leads to os command injection. The attack can be initiated remotely. The exploit has been disclosed โฆ
6.9
CVE-2025-14091 - TrippWasTaken PHP-Guitar-Shop Product Details product.php sql injection
A weakness has been identified in TrippWasTaken PHP-Guitar-Shop up to 6ce0868889617c1975982aae6df8e49555d0d555. This vulnerability affects unknown code of the file /product.php of the component Product Details Page. Executing manipulation of the argument ID can lead to sql injection. It is possibleโฆ
5.1
CVE-2025-14090 - AMTT Hotel Broadband Operation System cardmake_down.php sql injection
A security flaw has been discovered in AMTT Hotel Broadband Operation System 1.0. This affects an unknown part of the file /manager/card/cardmake_down.php. Performing manipulation of the argument ID results in sql injection. It is possible to initiate the attack remotely. The exploit has been releaโฆ
5.3
CVE-2025-14089 - Himool ERP AdminActionViewSet update_account improper authorization
A vulnerability was identified in Himool ERP up to 2.2. Affected by this issue is the function update_account of the file /api/admin/update_account/ of the component AdminActionViewSet. Such manipulation leads to improper authorization. The attack may be performed from remote. The exploit is publicโฆ
5.3
CVE-2025-14088 - ketr JEPaaS load improper authorization
A vulnerability was determined in ketr JEPaaS up to 7.2.8. Affected by this vulnerability is an unknown functionality of the file /je/load. This manipulation of the argument Authorization causes improper authorization. The attack is possible to be carried out remotely. The exploit has been publiclyโฆ
5.3
CVE-2025-14086 - youlaitech youlai-mall openid access control
A vulnerability was found in youlaitech youlai-mall 1.0.0/2.0.0. Affected is an unknown function of the file /app-api/v1/members/openid/. The manipulation of the argument openid results in improper access controls. The attack can be executed remotely. The exploit has been made public and could be uโฆ