9.4
CVE-2025-10644 - Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability
Wondershare Repairit SAS Token Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists within the permissโฆ
9.1
CVE-2025-10643 - Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability
Wondershare Repairit Incorrect Permission Assignment Authentication Bypass Vulnerability. This vulnerability allows remote attackers to bypass authentication on affected installations of Wondershare Repairit. Authentication is not required to exploit this vulnerability. The specific flaw exists wiโฆ
5.3
CVE-2025-10617 - SourceCodester Online Polling System positions.php sql injection
A weakness has been identified in SourceCodester Online Polling System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/positions.php. This manipulation of the argument ID causes sql injection. The attack may be initiated remotely. The exploit has been made availabโฆ
5.3
CVE-2025-10616 - itsourcecode E-Commerce Website users.php unrestricted upload
A security flaw has been discovered in itsourcecode E-Commerce Website 1.0. Affected is an unknown function of the file /admin/users.php. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit has been released to the public and may be exploited.
5.3
CVE-2025-10615 - itsourcecode E-Commerce Website products.php unrestricted upload
A vulnerability was identified in itsourcecode E-Commerce Website 1.0. This impacts an unknown function of the file /admin/products.php. The manipulation leads to unrestricted upload. The attack can be initiated remotely. The exploit is publicly available and might be used.
9.8
CVE-2025-59340 - jinjava Sandbox Bypass via JavaType-Based Deserialization
jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Priori to 2.8.1, by using mapper.getTypeFactory().constructFromCanonical(), it is possible to instruct the underlying ObjectMapper to deserialize attacker-controlled input into arbitrary clasโฆ
5.5
CVE-2025-59410 - Dragonfly tiny file download uses hard coded HTTP protocol
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the code in the scheduler for downloading a tiny file is hard coded to use the HTTP protocol, rather than HTTPS. This means that an attacker could perform a Man-in-the-Middle attack, changing the โฆ
5.5
CVE-2025-59354 - Dragonfly has weak integrity checks for downloaded files
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the DragonFly2 uses a variety of hash functions, including the MD5 hash, for downloaded files. This allows attackers to replace files with malicious ones that have a colliding hash. This vulnerabiโฆ
7.7
CVE-2025-59353 - Manager generates mTLS certificates for arbitrary IP addresses
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, a peer can obtain a valid TLS certificate for arbitrary IP addresses, effectively rendering the mTLS authentication useless. The issue is that the Managerโs Certificate gRPC service does not validโฆ
6.9
CVE-2025-59352 - Dragonfly allows arbitrary file read and write on a peer machine
Dragonfly is an open source P2P-based file distribution and image acceleration system. Prior to 2.1.0, the gRPC API and HTTP APIs allow peers to send requests that force the recipient peer to create files in arbitrary file system locations, and to read arbitrary files. This allows peers to steal otโฆ