4.8
CVE-2024-5200 - Postie < 1.9.71 - Admin+ Stored XSS
The Postie WordPress plugin before 1.9.71 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
5.1
CVE-2025-11141 - Ruijie NBR2100G-E branch_passw.php listAction os command injection
A security flaw has been discovered in Ruijie NBR2100G-E up to 20250919. Affected by this issue is the function listAction of the file /itbox_pi/branch_passw.php?a=list. Performing manipulation of the argument city results in os command injection. The attack is possible to be carried out remotely. β¦
6.9
CVE-2025-10504 - Heap Memory Corruption Vulnerability
Heap-based Buffer Overflow vulnerability in ABB Terra AC wallbox.This issue affects Terra AC wallbox: through 1.8.33.
6.9
CVE-2025-11140 - Bjskzy Zhiyou ERP com.artery.richclient.RichClientService openForm xml external entity reference
A vulnerability was identified in Bjskzy Zhiyou ERP up to 11.0. Affected by this vulnerability is the function openForm of the component com.artery.richclient.RichClientService. Such manipulation of the argument contentString leads to xml external entity reference. The attack can be executed remoteβ¦
5.3
CVE-2025-11139 - Bjskzy Zhiyou ERP com.artery.form.services.FormStudioUpdater uploadStudioFile path traversal
A vulnerability was determined in Bjskzy Zhiyou ERP up to 11.0. Affected is the function uploadStudioFile of the component com.artery.form.services.FormStudioUpdater. This manipulation of the argument filepath causes path traversal. Remote exploitation of the attack is possible. The exploit has beeβ¦
5.3
CVE-2025-11138 - mirweiye wenkucms common.php createPathOne os command injection
A vulnerability was found in mirweiye wenkucms up to 3.4. This impacts the function createPathOne of the file app/common/common.php. The manipulation results in os command injection. The attack may be launched remotely. The exploit has been made public and could be used.
5.1
CVE-2025-11137 - Gstarsoft GstarCAD File Renaming cross site scripting
A vulnerability has been found in Gstarsoft GstarCAD up to 9.4.0. This affects an unknown function of the component File Renaming Handler. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. Applying a pβ¦
5.1
CVE-2025-11136 - YiFang CMS Backend File.php webUploader unrestricted upload
A flaw has been found in YiFang CMS up to 2.0.2. The impacted element is the function webUploader of the file app/app/controller/File.php of the component Backend. Executing manipulation of the argument uploadpath can lead to unrestricted upload. The attack can be launched remotely. The exploit hasβ¦
6.9
CVE-2025-11135 - pmTicket Project-Management-Software Cookie class.database.php loadLanguage deserialization
A vulnerability was detected in pmTicket Project-Management-Software up to 2ef379da2075f4761a2c9029cf91d073474e7486. The affected element is the function loadLanguage of the file classes/class.database.php of the component Cookie Handler. Performing manipulation of the argument user_id results in dβ¦
4.8
CVE-2025-11134 - Cudy TR1200 Wireless Settings config cross site scripting
A security vulnerability has been detected in Cudy TR1200 1.16.3-20230804-164635. Impacted is an unknown function of the file /cgi-bin/luci/admin/network/wireless/config/ of the component Wireless Settings Page. Such manipulation of the argument SSID leads to cross site scripting. It is possible toβ¦