5.1
CVE-2025-10332 - cdevroe unmark info.php cross site scripting
A vulnerability was found in cdevroe unmark up to 1.9.3. Impacted is an unknown function of the file application/views/marks/info.php. Performing manipulation of the argument Title results in cross site scripting. The attack is possible to be carried out remotely. The exploit has been made public aβ¦
5.1
CVE-2025-10331 - cdevroe unmark Marks.php cross site scripting
A vulnerability has been found in cdevroe unmark up to 1.9.3. This issue affects some unknown processing of the file /application/controllers/Marks.php. Such manipulation of the argument Title leads to cross site scripting. The attack can be executed remotely. The exploit has been disclosed to the β¦
5.3
CVE-2025-10330 - cdevroe unmark searchform.php cross site scripting
A flaw has been found in cdevroe unmark up to 1.9.3. This vulnerability affects unknown code of the file application/views/layouts/topbar/searchform.php. This manipulation of the argument q causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published anβ¦
5.3
CVE-2025-10329 - cdevroe unmark Marks.php server-side request forgery
A vulnerability was detected in cdevroe unmark up to 1.9.3. This affects an unknown part of the file /application/controllers/Marks.php. The manipulation of the argument url results in server-side request forgery. The attack may be launched remotely. The exploit is now public and may be used. The vβ¦
5.3
CVE-2025-10328 - MiczFlor RPi-Jukebox-RFID playsinglefile.php os command injection
A security vulnerability has been detected in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this issue is some unknown functionality of the file /htdocs/api/playlist/playsinglefile.php. The manipulation of the argument File leads to os command injection. The attack may be initiated remotely. Tβ¦
7.2
CVE-2025-10176 - The Hack Repair Guy's Plugin Archiver <= 2.0.4 - Authenticated (Administrator+) Arbitrary File Deleβ¦
The The Hack Repair Guy's Plugin Archiver plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the prepare_items function in all versions up to, and including, 2.0.4. This makes it possible for authenticated attackers, with Administrator-level acβ¦
5.3
CVE-2025-10327 - MiczFlor RPi-Jukebox-RFID shuffle.php os command injection
A weakness has been identified in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected by this vulnerability is an unknown functionality of the file /htdocs/api/playlist/shuffle.php. Executing manipulation of the argument playlist can lead to os command injection. The attack can be launched remotely. Thβ¦
5.3
CVE-2025-10326 - MiczFlor RPi-Jukebox-RFID single.php os command injection
A security flaw has been discovered in MiczFlor RPi-Jukebox-RFID up to 2.8.0. Affected is an unknown function of the file /htdocs/api/playlist/single.php. Performing manipulation of the argument playlist results in os command injection. The attack can be initiated remotely. The exploit has been relβ¦
5.3
CVE-2025-10325 - Wavlink WL-WN578W2 login.cgi sub_401BA4 command injection
A vulnerability was identified in Wavlink WL-WN578W2 221110. This impacts the function sub_401340/sub_401BA4 of the file /cgi-bin/login.cgi. Such manipulation of the argument ipaddr leads to command injection. It is possible to launch the attack remotely. The exploit is publicly available and mightβ¦
5.1
CVE-2025-43795 -
Open redirect vulnerability in the System Settings in Liferay Portal 7.1.0 through 7.4.3.101, and Liferay DXP 2023.Q3.1 through 2023.Q3.4 , 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to redirect users to arbitrary external URLs via theβ¦