9.2
CVE-2025-49594 - XWiki OIDC Authenticator vulnerable to creation of token for any user with just `view` right
XWiki OIDC has various tools to manipulate OpenID Connect protocol in XWiki. Starting in version 2.17.1 and prior to version 2.18.2, anyone with VIEW access to a user profile can create a token for that user. If that XWiki instance is configured to allow token authentication, it allows authenticatiโฆ
9.8
CVE-2023-49886 - IBM Transformation Extender Advanced code execution
IBM Standards Processing Engine 10.0.1.10 could allow a remote attacker to execute arbitrary code on the system, caused by an unsafe java deserialization. By sending specially crafted input, an attacker could exploit this vulnerability to execute arbitrary code on the system.
6.9
CVE-2025-11337 - Four-Faith Water Conservancy Informatization Platform download.do;othersusrlogout.do path traversal
A vulnerability was detected in Four-Faith Water Conservancy Informatization Platform up to 2.2. This affects an unknown part of the file /aloneReport/index.do/../../aloneReport/download.do;othersusrlogout.do. Performing manipulation of the argument fileName results in path traversal. It is possiblโฆ
6.9
CVE-2025-11336 - Four-Faith Water Conservancy Informatization Platform download.do;otherlogout.do path traversal
A security vulnerability has been detected in Four-Faith Water Conservancy Informatization Platform up to 2.2. Affected by this issue is some unknown functionality of the file /stAlarmConfigure/index.do/../../aloneReport/download.do;otherlogout.do. Such manipulation of the argument fileName leads tโฆ
5.1
CVE-2025-11335 - D-Link DI-7100G C1 jhttpd msp_info.htm sub_46409C command injection
A weakness has been identified in D-Link DI-7100G C1 up to 20250928. Affected by this vulnerability is the function sub_46409C of the file /msp_info.htm?flag=qos of the component jhttpd. This manipulation of the argument iface causes command injection. The attack is possible to be carried out remotโฆ
6.9
CVE-2025-11334 - Campcodes Online Apartment Visitor Management System visitor-detail.php sql injection
A security flaw has been discovered in Campcodes Online Apartment Visitor Management System 1.0. Affected is an unknown function of the file /visitor-detail.php. The manipulation of the argument editid results in sql injection. The attack can be executed remotely. The exploit has been released to tโฆ
4.8
CVE-2025-11333 - langleyfcu Online Banking System Add Customer customer_add_action.php cross site scripting
A vulnerability was identified in langleyfcu Online Banking System up to 57437e6400ce0ae240e692c24e6346b8d0c17d7a. This impacts an unknown function of the file /customer_add_action.php of the component Add Customer Page. The manipulation of the argument First Name leads to cross site scripting. Remโฆ
5.1
CVE-2025-11332 - CmsEasy URL view.php cross site scripting
A vulnerability was determined in CmsEasy up to 7.7.7. This affects an unknown function in the library lib/inc/view.php of the component URL Handler. Executing a manipulation of the argument PHP_SELF can lead to cross site scripting. The attack may be launched remotely. The exploit has been publiclโฆ
5.1
CVE-2025-11331 - IdeaCMS Website Name Config.php command injection
A vulnerability was found in IdeaCMS up to 1.8. The impacted element is an unknown function of the file app/common/logic/admin/Config.php of the component Website Name Handler. Performing manipulation of the argument ็ฝ็ซๅ็งฐ results in command injection. The attack may be initiated remotely. The exploโฆ
5.3
CVE-2025-11330 - PHPGurukul Beauty Parlour Management System sales-reports-detail.php sql injection
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. The affected element is an unknown function of the file /admin/sales-reports-detail.php. Such manipulation of the argument fromdate/todate leads to sql injection. The attack can be launched remotely. The exploit has โฆ