7.1
CVE-2025-10204 - Unauth Admin Reset Password on AC Smart II
A vulnerability has been discovered in AC Smart II where passwords can be changed without authorization.Β This page contains a hidden form for resetting the administrator password.Β The attacker can manipulate the page using developer tools to display and use the form.Β This form allows you to change β¦
5.3
CVE-2025-10398 - fcba_zzm ics-park Smart Park Management System FileUploadUtils.java unrestricted upload
A security flaw has been discovered in fcba_zzm ics-park Smart Park Management System 2.0. This vulnerability affects unknown code of the file FileUploadUtils.java. The manipulation of the argument File results in unrestricted upload. The attack can be launched remotely. The exploit has been releasβ¦
5.1
CVE-2025-10397 - Magicblack MacCMS API server-side request forgery
A vulnerability was identified in Magicblack MacCMS 2025.1000.4050. This affects an unknown part of the component API Handler. The manipulation of the argument cjurl leads to server-side request forgery. The attack can be initiated remotely. The exploit is publicly available and might be used.
6.9
CVE-2025-10396 - SourceCodester Pet Grooming Management Software edit_role.php sql injection
A vulnerability was determined in SourceCodester Pet Grooming Management Software 1.0. Affected by this issue is some unknown functionality of the file /admin/edit_role.php. Executing manipulation of the argument ID can lead to sql injection. It is possible to launch the attack remotely. The exploiβ¦
5.1
CVE-2025-10395 - Magicblack MacCMS Scheduled Task col_url server-side request forgery
A vulnerability was found in Magicblack MacCMS 2025.1000.4050. Affected by this vulnerability is the function col_url of the component Scheduled Task Handler. Performing manipulation of the argument cjurl results in server-side request forgery. It is possible to initiate the attack remotely.
5.1
CVE-2025-10394 - fcba_zzm ics-park Smart Park Management System Scheduled Task JobController.java code injection
A vulnerability has been found in fcba_zzm ics-park Smart Park Management System 2.0. Affected is an unknown function of the file ruoyi-quartz/src/main/java/com/ruoyi/quartz/controller/JobController.java of the component Scheduled Task Module. Such manipulation leads to code injection. The attack mβ¦
5.3
CVE-2025-10393 - miurla morphic HTTP Status Code 3xx advanced-search fetchHtml server-side request forgery
A flaw has been found in miurla morphic up to 0.4.5. This impacts the function fetchHtml of the file /api/advanced-search of the component HTTP Status Code 3xx Handler. This manipulation causes server-side request forgery. The attack is possible to be carried out remotely. The exploit has been publβ¦
9.3
CVE-2025-10392 - Mercury KM08-708H GiGA WiFi Wave2 HTTP Header stack-based overflow
A vulnerability was detected in Mercury KM08-708H GiGA WiFi Wave2 1.1.14. This affects an unknown function of the component HTTP Header Handler. The manipulation of the argument Host results in stack-based buffer overflow. The attack can be executed remotely. The exploit is now public and may be usβ¦
5.3
CVE-2025-10391 - CRMEB OutAccountServices.php testOutUrl server-side request forgery
A security vulnerability has been detected in CRMEB up to 5.6.1. The impacted element is the function testOutUrl of the file app/services/out/OutAccountServices.php. The manipulation of the argument push_token_url leads to server-side request forgery. Remote exploitation of the attack is possible. β¦
5.3
CVE-2025-10390 - CRMEB UserAddressServices.php editAddress improper authorization
A weakness has been identified in CRMEB up to 5.6.1. The affected element is the function editAddress of the file app/services/user/UserAddressServices.php. Executing manipulation of the argument ID can lead to improper authorization. The attack may be launched remotely. The exploit has been made aβ¦