8.7
CVE-2025-12271 - Tenda CH22 RouteStatic fromRouteStatic buffer overflow
A vulnerability was identified in Tenda CH22 1.0.0.1. This affects the function fromRouteStatic of the file /goform/RouteStatic. Such manipulation of the argument page leads to buffer overflow. The attack can be launched remotely. The exploit is publicly available and might be used.
5.3
CVE-2025-12270 - LearnHouse Student Assignment Submission sub_file resource injection
A vulnerability was determined in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The impacted element is an unknown function of the file /api/v1/assignments/{assignment_id}/tasks/{task_id}/sub_file of the component Student Assignment Submission Handler. This manipulation causes improperβ¦
9.3
CVE-2025-41009 - SQL injection on the virtual campus platform of DiseΓ±o de Recursos Educativos
SQL injection vulnerability in the DRED virtual campus platform. This vulnerability allows an attacker to retrieve, create, update, and delete data from the database by sending a POST request using the βbuscameβ parameter in β/catalogo_c/catalogo.phpβ.
5.1
CVE-2025-12269 - LearnHouse Account Setting previews cross site scripting
A vulnerability was found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. The affected element is an unknown function of the file /dash/org/settings/previews of the component Account Setting Page. The manipulation results in cross site scripting. It is possible to launch the attack reβ¦
5.3
CVE-2025-12268 - LearnHouse Course Thumbnail courses unrestricted upload
A vulnerability has been found in LearnHouse up to 98dfad76aad70711a8113f6c1fdabfccf10509ca. Impacted is an unknown function of the file /api/v1/courses/ of the component Course Thumbnail Handler. The manipulation of the argument thumbnail leads to unrestricted upload. It is possible to initiate thβ¦
8.2
CVE-2025-11955 - Incorrect validation of OCSP certificates in TheGreenBow VPN Client Windows Enterprise
Incorrect validation of OCSP certificates vulnerability in TheGreenBow VPN, versions 7.5 and 7.6. During the IKEv2 authentication step, the OCSP-enabled VPN client establishes the tunnel even if it does not receive an OCSP response or if the OCSP response signature is invalid.
5.3
CVE-2025-12267 - abhicodebox ModernShop search cross site scripting
A flaw has been found in abhicodebox ModernShop 20250922. This issue affects some unknown processing of the file /search. Executing manipulation of the argument q can lead to cross site scripting. The attack may be performed from remote. The exploit has been published and may be used.
5.3
CVE-2025-12266 - Zytec Dalian Zhuoyun Technology Central Authentication Service widget _empty code injection
A vulnerability was detected in Zytec Dalian Zhuoyun Technology Central Authentication Service up to 20251009. This vulnerability affects the function _empty of the file /index.php/auth/widget. Performing manipulation of the argument get.layer/get.widget/get.action results in code injection. The atβ¦
8.7
CVE-2025-12265 - Tenda CH22 VirtualSer fromVirtualSer buffer overflow
A weakness has been identified in Tenda CH22 1.0.0.1. Affected by this issue is the function fromVirtualSer of the file /goform/VirtualSer. This manipulation of the argument page causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the publicβ¦
5.1
CVE-2025-12264 - Wisencode Create Support Ticket create cross site scripting
A security flaw has been discovered in Wisencode up to 20251012. Affected by this vulnerability is an unknown functionality of the file /support-ticket/create of the component Create Support Ticket Handler. The manipulation of the argument Message results in cross site scripting. The attack may be β¦