4.7
CVE-2025-0609 - XSS in Logo Software's Logo Cloud
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Logo Software Inc. Logo Cloud allows Cross-Site Scripting (XSS).This issue affects Logo Cloud: before 1.18.
5.5
CVE-2025-0608 - Open Redirect in Logo Software's Logo Cloud
URL Redirection to Untrusted Site ('Open Redirect') vulnerability in Logo Software Inc. Logo Cloud allows Phishing, Forceful Browsing.This issue affects Logo Cloud: before 2025.R6.
4.3
CVE-2025-0607 - HTML Injection in Logo Software's Logo Cloud
Improper Encoding or Escaping of Output vulnerability in Logo Software Inc. Logo Cloud allows Phishing.This issue affects Logo Cloud: before 2.57.
6
CVE-2025-0606 - IDOR in Logo Software's Logo Cloud
Authorization Bypass Through User-Controlled Key vulnerability in Logo Software Inc. Logo Cloud allows Forceful Browsing, Resource Leak Exposure.This issue affects Logo Cloud: before 0.67.
6.9
CVE-2025-11329 - code-projects Online Course Registration manage-students.php sql injection
A flaw has been found in code-projects Online Course Registration 1.0. Impacted is an unknown function of the file /admin/manage-students.php. This manipulation of the argument ID causes sql injection. The attack can be initiated remotely. The exploit has been published and may be used.
8.7
CVE-2025-11328 - Tenda AC18 SetDDNSCfg stack-based overflow
A vulnerability was detected in Tenda AC18 15.03.05.19(6318). This issue affects some unknown processing of the file /goform/SetDDNSCfg. The manipulation of the argument ddnsEn results in stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is now public and may be…
8.7
CVE-2025-59734 - Heap-buffer-overflow write in FFmpeg SANM process_ftch
It is possible to cause an use-after-free write in SANM decoding with a carefully crafted animation using subversion <2. When a STOR chunk is present, a subsequent FOBJ chunk will be saved in ctx->stored_frame. Stored frames can later be referenced by FTCH chunks. For files using subversion < 2, t…
8.7
CVE-2025-59733 - Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that all image channels have the same pixel type (and size), and that if there are four channels, the first four are "B", "G", "R" and "A". The channel parsing code can be found in decode_header. The bu…
8.7
CVE-2025-59732 - Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress
When decoding an OpenEXR file that uses DWAA or DWAB compression, there's an implicit assumption that the height and width are divisible by 8. If the height or width of the image is not divisible by 8, the copy loops at [0] and [1] will continue to write until the next multiple of 8. The buffer t…
6.9
CVE-2025-59731 - Heap-buffer-overflow write in FFmpeg EXR dwa_uncompress
When decoding an OpenEXR file that uses DWAA or DWAB compression, the specified raw length of run-length-encoded data is not checked when using it to calculate the output data. We read rle_raw_size from the input file at [0], we decompress and decode into the buffer td->rle_raw_data of size rle_ra…