7.7
CVE-2025-58355 - Soft Serve is vulnerable to arbitrary file writing through its SSH API
Soft Serve is a self-hostable Git server for the command line. In versions 0.9.1 and below, attackers can create or override arbitrary files with uncontrolled data through its SSH API. This issue is fixed in version 0.10.0.
8.7
CVE-2025-9938 - D-Link DI-8400 yyxz.asp yyxz_dlink_asp stack-based overflow
A weakness has been identified in D-Link DI-8400 16.07.26A1. The affected element is the function yyxz_dlink_asp of the file /yyxz.asp. This manipulation of the argument ID causes stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been made available to theβ¦
5.3
CVE-2025-9937 - elunez eladmin LocalStorageController deleteFile improper authorization
A security flaw has been discovered in elunez eladmin 1.1. Impacted is the function deleteFile of the component LocalStorageController. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be exploited.
5.3
CVE-2025-9936 - fuyang_lipengjun platform queryAll AdController improper authorization
A vulnerability was identified in fuyang_lipengjun platform 1.0.0. This issue affects the function AdController of the file /ad/queryAll. The manipulation leads to improper authorization. The attack is possible to be carried out remotely. The exploit is publicly available and might be used.
6.9
CVE-2025-9935 - TOTOLINK N600R cstecgi.cgi sub_4159F8 command injection
A vulnerability was determined in TOTOLINK N600R 4.3.0cu.7866_B20220506. This vulnerability affects the function sub_4159F8 of the file /web_cste/cgi-bin/cstecgi.cgi. Executing manipulation can lead to command injection. The attack can be executed remotely. The exploit has been publicly disclosed aβ¦
5.3
CVE-2025-9934 - TOTOLINK X5000R cstecgi.cgi sub_410C34 command injection
A vulnerability was found in TOTOLINK X5000R 9.1.0cu.2415_B20250515. This affects the function sub_410C34 of the file /cgi-bin/cstecgi.cgi. Performing manipulation of the argument pid results in command injection. Remote exploitation of the attack is possible. The exploit has been made public and cβ¦
6.9
CVE-2025-9933 - PHPGurukul Beauty Parlour Management System view-appointment.php sql injection
A vulnerability has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this issue is some unknown functionality of the file /admin/view-appointment.php. Such manipulation of the argument viewid leads to sql injection. The attack may be launched remotely. The exploit has beenβ¦
2.3
CVE-2025-58064 - CKEditor is susceptible to Cross-Site Scripting (XSS) through its clipboard package
CKEditor 5 is a modern JavaScript rich-text editor with an MVC architecture. ckeditor5 and ckeditor5-clipboard versions 46.0.0 through 46.0.2 and 44.2.0 through 45.2.1 contain a Cross-Site Scripting (XSS) vulnerability. Ability to exploit could be triggered by a specific user action (leading to unaβ¦
6.9
CVE-2025-9932 - PHPGurukul Beauty Parlour Management System update-image.php sql injection
A flaw has been found in PHPGurukul Beauty Parlour Management System 1.1. Affected by this vulnerability is an unknown functionality of the file /admin/update-image.php. This manipulation of the argument lid causes sql injection. The attack may be initiated remotely. The exploit has been published β¦
5.3
CVE-2025-9931 - Jinher OA POST Request login!changePassWord.action cross site scripting
A vulnerability was detected in Jinher OA 1.0. Affected is an unknown function of the file /jc6/platform/sys/login!changePassWord.action of the component POST Request Handler. The manipulation of the argument Account results in cross site scripting. The attack can be launched remotely. The exploit β¦