9.3
CVE-2025-10351 - SQL injection vulnerability in Melis Platform
SQL injection vulnerability based on the melis-cms module of the Melis platform from Melis Technology. This vulnerability allows an attacker to retrieve, create, update, and delete databases through the 'idPage' parameter in the '/melis/MelisCms/PageEdition/getTinyTemplates' endpoint.
5.1
CVE-2025-11470 - SourceCodester Hotel and Lodge Management System manage_website.php unrestricted upload
A security vulnerability has been detected in SourceCodester Hotel and Lodge Management System up to 1.0. The impacted element is an unknown function of the file /manage_website.php. The manipulation of the argument website_image/back_login_image leads to unrestricted upload. The attack is possibleβ¦
5.3
CVE-2025-11469 - SourceCodester Hotel and Lodge Management System save_customer.php sql injection
A weakness has been identified in SourceCodester Hotel and Lodge Management System 1.0. The affected element is an unknown function of the file /pages/save_customer.php. Executing manipulation of the argument Contact can lead to sql injection. The attack can be executed remotely. The exploit has beβ¦
5.3
CVE-2025-11445 - Kilo Code Prompt ClineProvider.ts ClineProvider injection
A vulnerability was detected in Kilo Code up to 4.86.0. Affected is the function ClineProvider of the file src/core/webview/ClineProvider.ts of the component Prompt Handler. Performing manipulation results in injection. The attack can be initiated remotely. The exploit is now public and may be usedβ¦
8.7
CVE-2025-11444 - TOTOLINK N600R HTTP Request cstecgi.cgi setWiFiBasicConfig buffer overflow
A security vulnerability has been detected in TOTOLINK N600R up to 4.3.0cu.7866_B20220506. This impacts the function setWiFiBasicConfig of the file /cgi-bin/cstecgi.cgi of the component HTTP Request Handler. Such manipulation of the argument wepkey leads to buffer overflow. It is possible to launchβ¦
6.3
CVE-2025-11443 - JhumanJ OpnForm Forgotten Password email information exposure
A weakness has been identified in JhumanJ OpnForm up to 1.9.3. This affects an unknown function of the file /api/password/email of the component Forgotten Password Handler. This manipulation causes information exposure through discrepancy. It is possible to initiate the attack remotely. The attack β¦
5.3
CVE-2025-11442 - JhumanJ OpnForm API Endpoint cross-site request forgery
A security flaw has been discovered in JhumanJ OpnForm up to 1.9.3. The impacted element is an unknown function of the component API Endpoint. The manipulation results in cross-site request forgery. The attack may be performed from remote. The exploit has been released to the public and may be explβ¦
6.3
CVE-2025-11441 - JhumanJ OpnForm HTTP Header excessive authentication
A vulnerability was identified in JhumanJ OpnForm up to 1.9.3. The affected element is an unknown function of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads to improper restriction of excessive authentication attempts. The attack is possible to be carried β¦
5.3
CVE-2025-11440 - JhumanJ OpnForm edit access control
A vulnerability was determined in JhumanJ OpnForm up to 1.9.3. Impacted is an unknown function of the file /edit. Executing manipulation can lead to improper access controls. The attack can be executed remotely. The exploit has been publicly disclosed and may be utilized. This patch is called b15e2β¦
4.7
CVE-2025-48464 - Exposure of Sensitive Information
Successful exploitation of the vulnerability could allow an unauthenticated attacker to gain access to a victimβs Sync account data such as account credentials and email protection information.