5.3
CVE-2025-13791 - Scada-LTS Project Import ZIPProjectManager.java Common.getHomeDir path traversal
A vulnerability was identified in Scada-LTS up to 2.7.8.1. Affected is the function Common.getHomeDir of the file br/org/scadabr/vo/exporter/ZIPProjectManager.java of the component Project Import. Such manipulation leads to path traversal. The attack may be launched remotely. The exploit is publiclโฆ
5.3
CVE-2025-13790 - Scada-LTS cross-site request forgery
A vulnerability was determined in Scada-LTS up to 2.7.8.1. This impacts an unknown function. This manipulation causes cross-site request forgery. The attack may be initiated remotely. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure bโฆ
5.3
CVE-2025-13789 - ZenTao model.php makeRequest server-side request forgery
A vulnerability was found in ZenTao up to 21.7.6-8564. This affects the function makeRequest of the file module/ai/model.php. The manipulation of the argument Base results in server-side request forgery. The attack can be launched remotely. The exploit has been made public and could be used. Upgradโฆ
6.9
CVE-2025-13788 - Chanjet CRM upgradeattribute.php sql injection
A vulnerability has been found in Chanjet CRM up to 20251106. The impacted element is an unknown function of the file /tools/upgradeattribute.php. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public andโฆ
5.3
CVE-2025-13787 - ZenTao File control.php delete privileges management
A flaw has been found in ZenTao up to 21.7.6-8564. The affected element is the function file::delete of the file module/file/control.php of the component File Handler. Executing manipulation of the argument fileID can lead to improper privilege management. It is possible to launch the attack remoteโฆ
6.9
CVE-2025-13786 - taosir WTCMS index.php fetch code injection
A vulnerability was detected in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Impacted is the function fetch of the file /index.php. Performing manipulation of the argument content results in code injection. It is possible to initiate the attack remotely. The exploit is now public anโฆ
5.3
CVE-2025-13785 - yungifez Skuul School Management System Image profile information disclosure
A security vulnerability has been detected in yungifez Skuul School Management System up to 2.6.5. This issue affects some unknown processing of the file /user/profile of the component Image Handler. Such manipulation leads to information disclosure. The attack may be performed from remote. The expโฆ
4.8
CVE-2025-13784 - yungifez Skuul School Management System SVG File edit cross site scripting
A weakness has been identified in yungifez Skuul School Management System up to 2.6.5. This vulnerability affects unknown code of the file /dashboard/schools/1/edit of the component SVG File Handler. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. Tโฆ
5.3
CVE-2025-13783 - taosir WTCMS CommentadminController CommentadminController.class.php delete sql injection
A security flaw has been discovered in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. This affects the function check/uncheck/delete of the file application/Comment/Controller/CommentadminController.class.php of the component CommentadminController. The manipulation of the argument idโฆ
6.9
CVE-2025-13782 - taosir WTCMS SlideController SlideController.class.php delete sql injection
A vulnerability was identified in taosir WTCMS up to 01a5f68a3dfc2fdddb44eed967bb2d4f60487665. Affected by this issue is the function delete of the file application/Admin/Controller/SlideController.class.php of the component SlideController. The manipulation of the argument ids leads to sql injectiโฆ