8.7
CVE-2025-11386 - Tenda AC15 POST Parameter SetDDNSCfg stack-based overflow
A vulnerability was found in Tenda AC15 15.03.05.18. The impacted element is an unknown function of the file /goform/SetDDNSCfg of the component POST Parameter Handler. The manipulation of the argument ddnsEn results in stack-based buffer overflow. The attack can be launched remotely. The exploit hβ¦
8.7
CVE-2025-11385 - Tenda AC20 fast_setting_wifi_set sscanf buffer overflow
A vulnerability has been found in Tenda AC20 up to 16.03.08.12. The affected element is the function sscanf of the file /goform/fast_setting_wifi_set. The manipulation of the argument timeZone leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to the publβ¦
5.3
CVE-2025-11360 - jakowenko double-take API app.js app.use cross site scripting
A vulnerability was detected in jakowenko double-take up to 1.13.1. The impacted element is the function app.use of the file api/src/app.js of the component API. The manipulation of the argument X-Ingress-Path results in cross site scripting. The attack can be executed remotely. Upgrading to versioβ¦
5.3
CVE-2025-11359 - code-projects Simple Banking System transfermoney.php sql injection
A security vulnerability has been detected in code-projects Simple Banking System 1.0. The affected element is an unknown function of the file /transfermoney.php. The manipulation of the argument ID leads to sql injection. Remote exploitation of the attack is possible. The exploit has been discloseβ¦
5.3
CVE-2025-10645 - WP Reset <= 2.05 - Unauthenticated Sensitive Information Exposure via wf-licensing.log
The WP Reset plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.05 via the WF_Licensing::log() method when debugging is enabled (default). This makes it possible for unauthenticated attackers to extract sensitive license key and site data.
5.3
CVE-2025-11358 - code-projects Simple Banking System removeuser.php sql injection
A weakness has been identified in code-projects Simple Banking System 1.0. Impacted is an unknown function of the file /removeuser.php. Executing manipulation of the argument ID can lead to sql injection. The attack may be launched remotely. The exploit has been made available to the public and couβ¦
5.3
CVE-2025-11357 - code-projects Simple Banking System createuser.php sql injection
A security flaw has been discovered in code-projects Simple Banking System 1.0. This issue affects some unknown processing of the file /createuser.php. Performing manipulation of the argument Name results in sql injection. The attack may be initiated remotely. The exploit has been released to the pβ¦
6.4
CVE-2025-7400 - Featured Image from URL (FIFU) <= 5.2.7 - Authenticated (Contributor+) Stored Cross-Site Scripting β¦
The Featured Image from URL (FIFU) plugin for WordPress is vulnerable to Stored Cross-Site Scripting via a post's Featured Image custom fields in all versions up to, and including, 5.2.7 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, β¦
8.7
CVE-2025-11356 - Tenda AC23 SetStaticRouteCfg sscanf buffer overflow
A vulnerability was found in Tenda AC23 up to 16.03.07.52. Affected by this issue is the function sscanf of the file /goform/SetStaticRouteCfg. The manipulation of the argument list results in buffer overflow. It is possible to launch the attack remotely. The exploit has been made public and could β¦
8.7
CVE-2025-11355 - UTT 1250GW aspChangeChannel strcpy buffer overflow
A vulnerability has been found in UTT 1250GW up to v2v3.2.2-200710. Affected by this vulnerability is the function strcpy of the file /goform/aspChangeChannel. The manipulation of the argument pvid leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has been discloβ¦