5.3
CVE-2025-10764 - SeriaWei ZKEACMS Event Action System PendingTaskController.cs Edit server-side request forgery
A vulnerability was identified in SeriaWei ZKEACMS up to 4.3. This affects the function Edit of the file src/ZKEACMS.EventAction/Controllers/PendingTaskController.cs of the component Event Action System. Such manipulation of the argument Data leads to server-side request forgery. The attack may be β¦
5.3
CVE-2025-10763 - academico-sis academico Profile Picture edit-photo unrestricted upload
A vulnerability was determined in academico-sis academico up to d9a9e2636fbf7e5845ee086bcb03ca62faceb6ab. Affected by this issue is some unknown functionality of the file /edit-photo of the component Profile Picture Handler. This manipulation causes unrestricted upload. The attack is possible to beβ¦
5.3
CVE-2025-10762 - kuaifan DooTask UsersController.php sql injection
A vulnerability was found in kuaifan DooTask up to 1.2.49. Affected by this vulnerability is an unknown functionality of the file app/Http/Controllers/Api/UsersController.php. The manipulation of the argument keys[department] results in sql injection. The attack can be executed remotely. The exploiβ¦
6.3
CVE-2025-10761 - Harness Login Endpoint login excessive authentication
A vulnerability has been found in Harness 3.3.0. Affected is an unknown function of the file /api/v1/login of the component Login Endpoint. The manipulation leads to improper restriction of excessive authentication attempts. Remote exploitation of the attack is possible. The attack is considered toβ¦
5.3
CVE-2025-10760 - Harness lookup_repo.go LookupRepo server-side request forgery
A flaw has been found in Harness 3.3.0. This impacts the function LookupRepo of the file app/api/controller/gitspace/lookup_repo.go. Executing manipulation of the argument url can lead to server-side request forgery. The attack may be launched remotely. The exploit has been published and may be useβ¦
6.9
CVE-2025-10759 - Webkul QloApps CSRF Token authorization
A vulnerability was detected in Webkul QloApps up to 1.7.0. This affects an unknown function of the component CSRF Token Handler. Performing manipulation of the argument token results in authorization bypass. The attack may be initiated remotely. The exploit is now public and may be used. The vendoβ¦
4.8
CVE-2025-10758 - htmly Custom Field post cross site scripting
A security vulnerability has been detected in htmly up to 3.1.0. The impacted element is an unknown function of the file /htmly/admin/field/post of the component Custom Field Handler. Such manipulation of the argument label leads to cross site scripting. The attack can be launched remotely. The expβ¦
8.7
CVE-2025-10757 - UTT 1200GW formConfigDnsFilterGlobal buffer overflow
A weakness has been identified in UTT 1200GW up to 3.0.0-170831. The affected element is an unknown function of the file /goform/formConfigDnsFilterGlobal. This manipulation of the argument GroupName causes buffer overflow. The attack can be initiated remotely. The exploit has been made available tβ¦
8.7
CVE-2025-10756 - UTT HiPER 840G getOneApConfTempEntry buffer overflow
A security flaw has been discovered in UTT HiPER 840G up to 3.1.1-190328. Impacted is an unknown function of the file /goform/getOneApConfTempEntry. The manipulation of the argument tempName results in buffer overflow. It is possible to launch the attack remotely. The exploit has been released to tβ¦
5.3
CVE-2025-10755 - Selleo Mentingo Content-Type unrestricted upload
A vulnerability was detected in Selleo Mentingo 2025.08.27. The impacted element is an unknown function of the component Content-Type Handler. The manipulation of the argument userAvatar results in unrestricted upload. The attack may be performed from remote. The exploit is now public and may be usβ¦