7.7
CVE-2025-59344 - AliasVault Vulnerable to Server-Side Request Forgery via Favicon Extraction
AliasVault is a privacy-first password manager with built-in email aliasing. A server-side request forgery (SSRF) vulnerability exists in the favicon extraction feature of AliasVault API versions 0.23.0 and lower. The extractor fetches a user-supplied URL, parses the returned HTML, and follows <linβ¦
6.3
CVE-2025-8664 - XSS in Saysis Computer Systems' StarCities
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Saysis Computer Systems Trade Ltd. Co. StarCities E-Municipality Management allows Cross-Site Scripting (XSS).This issue affects StarCities E-Municipality Management: before 20250825.
4.8
CVE-2025-10717 - intsig CamScanner App com.intsig.camscanner AndroidManifest.xml improper export of android applicatβ¦
A vulnerability has been found in intsig CamScanner App 6.91.1.5.250711 on Android. Affected by this issue is some unknown functionality of the file AndroidManifest.xml of the component com.intsig.camscanner. The manipulation leads to improper export of android application components. Local access β¦
4.8
CVE-2025-10716 - Creality Cloud App com.cxsw.sdprinter AndroidManifest.xml improper export of android application coβ¦
A flaw has been found in Creality Cloud App up to 6.1.0 on Android. Affected by this vulnerability is an unknown functionality of the file AndroidManifest.xml of the component com.cxsw.sdprinter. Executing manipulation can lead to improper export of android application components. It is possible toβ¦
6.4
CVE-2025-8532 - IDOR in Bimser's eBA Document and Workflow Management System
Authorization Bypass Through User-Controlled Key, Improper Authorization vulnerability in Bimser Solution Software Trade Inc. EBA Document and Workflow Management System allows Forceful Browsing.This issue affects eBA Document and Workflow Management System: from 6.7.164 before 6.7.166.
4.8
CVE-2025-10715 - APEUni PTE Exam Practice App com.ape_edication AndroidManifest.xml improper export of android appliβ¦
A security flaw has been discovered in APEUni PTE Exam Practice App up to 10.8.0 on Android. The impacted element is an unknown function of the file AndroidManifest.xml of the component com.ape_edication. The manipulation results in improper export of android application components. The attack requβ¦
6.9
CVE-2025-10712 - 07FLYCMS/07FLY-CMS/07FlyCRM login sql injection
A vulnerability was found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This issue affects some unknown processing of the file /index.php/Login/login. Performing manipulation of the argument Username results in sql injection. It is possible to initiate the attack remotely. The exploit has beeβ¦
5.9
CVE-2025-58114 - Potential XSS in Extension:CognitiveProcessDesigner
Improper Input Validation vulnerability in Hallo Welt! GmbH BlueSpice (Extension:CognitiveProcessDesigner) allows Cross-Site Scripting (XSS).This issue affects BlueSpice: from 5 through 5.1.1.
5.9
CVE-2025-57880 - Potential XSS in Extension:BlueSpiceWhoIsOnline
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceWhoIsOnline) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.
5.9
CVE-2025-48007 - Potential XSS in Extension:BlueSpiceAvatars
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:BlueSpiceAvatars) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.