5.9
CVE-2025-46703 - Potential XSS in Extension:AtMentions
Improper Encoding or Escaping of Output vulnerability in Hallo Welt! GmbH BlueSpice (Extension:AtMentions) allows Cross-Site Scripting (XSS). This issue affects BlueSpice: from 5 through 5.1.1.
5.3
CVE-2025-10711 - 07FLYCMS/07FLY-CMS/07FlyCRM Login cross site scripting
A vulnerability has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This vulnerability affects unknown code of the file /index.php/sysmanage/Login. Such manipulation of the argument Name leads to cross site scripting. The attack may be performed from remote. The exploit has been discβ¦
5.3
CVE-2025-10710 - 07FLYCMS/07FLY-CMS/07FlyCRM index.php cross site scripting
A flaw has been found in 07FLYCMS, 07FLY-CMS and 07FlyCRM up to 20250831. This affects an unknown part of the file /index.php. This manipulation of the argument Name causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. This β¦
8.1
CVE-2025-7665 - Miniorange OTP Verification with Firebase 3.1.0 - 3.6.2 - Unauthenticated Privilege Escalation
The Miniorange OTP Verification with Firebase plugin for WordPress is vulnerable to privilege escalation due to a missing capability check on the 'handle_mofirebase_form_options' function in versions 3.1.0 to 3.6.2. This makes it possible for unauthenticated attackers to update the default role to β¦
6.9
CVE-2025-10709 - Four-Faith Water Conservancy Informatization Platform historyDownload.do;otheruserLogin.do;getfile β¦
A vulnerability was detected in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this issue is some unknown functionality of the file /history/historyDownload.do;otheruserLogin.do;getfile. The manipulation of the argument fileName results in path traversal. The attack can be eβ¦
6.9
CVE-2025-10708 - Four-Faith Water Conservancy Informatization Platform historyDownload.do;usrlogout.do path traversal
A security vulnerability has been detected in Four-Faith Water Conservancy Informatization Platform 1.0. Affected by this vulnerability is an unknown functionality of the file /history/historyDownload.do;usrlogout.do. The manipulation of the argument fileName leads to path traversal. Remote exploitβ¦
5.3
CVE-2025-10707 - JeecgBoot sendMsg improper authorization
A weakness has been identified in JeecgBoot up to 3.8.2. Affected is an unknown function of the file /message/sysMessageTemplate/sendMsg. Executing manipulation can lead to improper authorization. The attack may be launched remotely. The exploit has been made available to the public and could be exβ¦
7.1
CVE-2025-9969 - Reflected XSS in Vizly Web Design's Real Estate Packages
Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') vulnerability in Vizly Web Design Real Estate Packages allows Content Spoofing, CAPEC - 593 - Session Hijacking, CAPEC - 591 - Reflected XSS.This issue affects Real Estate Packages: before 5.1.
7.5
CVE-2025-10468 - Path Traversal in Beyaz Computer's CityPLus
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Beyaz Computer CityPlus allows Path Traversal.This issue affects CityPlus: before 24.29375.
5.3
CVE-2025-10719 - WisdomGardenο½Tronclass - Insecure Direct Object Reference
Tronclass developed by WisdomGarden has an Insecure Direct object Reference vulnerability, allowing remote attackers with regular privilege to modify a specific parameter to access other users' files.