7.7
CVE-2025-46582 - Private Key Disclosure Vulnerability in ZTE ZXMP M721 Product
A private key disclosure vulnerability exists in ZTE's ZXMP M721 product. A low-privileged user can bypass authorization checks to view the device's communication private key, resulting in key exposure and impacting communication security.
5.3
CVE-2025-12252 - code-projects Online Event Judging System action.php sql injection
A vulnerability was found in code-projects Online Event Judging System 1.0. Affected is an unknown function of the file /ajax/action.php. The manipulation of the argument content results in sql injection. The attack can be launched remotely. The exploit has been made public and could be used.
5.1
CVE-2025-12251 - OpenWGA Admin UI cross site scripting
A vulnerability has been found in OpenWGA 7.11.12 Build 737. This impacts an unknown function of the component Admin UI. The manipulation leads to cross site scripting. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted earlyβ¦
5.1
CVE-2025-12250 - OpenWGA TMLScript API WGA.File path traversal
A flaw has been found in OpenWGA 7.11.12 Build 737. This affects an unknown function of the file WGA.File of the component TMLScript API. Executing manipulation can lead to path traversal. It is possible to launch the attack remotely. The exploit has been published and may be used. The vendor was cβ¦
5.3
CVE-2025-12249 - Axosoft Scrum and Bug Tracking Edit Ticket csv injection
A vulnerability was detected in Axosoft Scrum and Bug Tracking 22.1.1.11545. The impacted element is an unknown function of the component Edit Ticket Page. Performing manipulation of the argument Title results in csv injection. It is possible to initiate the attack remotely. The exploit is now publβ¦
6.9
CVE-2025-12248 - CLTPHP search.html sql injection
A security vulnerability has been detected in CLTPHP 3.0. The affected element is an unknown function of the file /home/search.html. Such manipulation of the argument keyword leads to sql injection. The attack may be performed from remote. The exploit has been disclosed publicly and may be used.
7.3
CVE-2025-12247 - Hasleo Backup Suite HasleoImageMountService/HasleoBackupSuiteService unquoted search path
A weakness has been identified in Hasleo Backup Suite up to 5.2. Impacted is an unknown function of the component HasleoImageMountService/HasleoBackupSuiteService. This manipulation causes unquoted search path. The attack is restricted to local execution. The attack's complexity is rated as high. Tβ¦
7.1
CVE-2025-11682 - Stored Cross-Site Scripting in Perx Customer Engagement & Loyalty Platform
Stored cross-site scripting (XSS) vulnerability in the LMT Dashboard of the Perx Customer Engagement & Loyalty Platform allows an authenticated attacker to execute arbitrary JavaScript code in a victim's browser. The vulnerability is due to improper sanitization of SVG file uploads. An attacker canβ¦
5.3
CVE-2025-12246 - chatwoot Admin IframeLoader.vue cross site scripting
A security flaw has been discovered in chatwoot up to 4.7.0. This issue affects some unknown processing of the file app/javascript/shared/components/IframeLoader.vue of the component Admin Interface. The manipulation of the argument Link results in cross site scripting. The attack can be executed rβ¦
6.9
CVE-2025-12245 - chatwoot Widget IFrameHelper.js initPostMessageCommunication origin validation
A vulnerability was identified in chatwoot up to 4.7.0. This vulnerability affects the function initPostMessageCommunication of the file app/javascript/sdk/IFrameHelper.js of the component Widget. The manipulation of the argument baseUrl leads to origin validation error. Remote exploitation of the β¦