6.9
CVE-2025-9150 - Surbowl dormitory-management-php violation_add.php sql injection
A vulnerability was identified in Surbowl dormitory-management-php up to 9f1d9d1f528cabffc66fda3652c56ff327fda317. Affected is an unknown function of the file /admin/violation_add.php?id=2. Such manipulation of the argument ID leads to sql injection. The attack may be performed from a remote locatiโฆ
5.3
CVE-2025-9149 - Wavlink WL-NU516U1 wireless.cgi sub_4032E4 command injection
A vulnerability was determined in Wavlink WL-NU516U1 M16U1_V240425. This impacts the function sub_4032E4 of the file /cgi-bin/wireless.cgi. This manipulation of the argument Guest_ssid causes command injection. The attack is possible to be carried out remotely. The exploit has been publicly disclosโฆ
0.0
CVE-2025-9197 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
5.3
CVE-2025-54881 - Mermaid improperly sanitizes of sequence diagram labels leading to XSS
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 10.9.0-rc.1 to 11.9.0, user supplied input for sequence diagram labels is passed to innerHTML duringโฆ
5.3
CVE-2025-9148 - CodePhiliaX Chat2DB JDBC Connection DataSourceController.java sql injection
A vulnerability was found in CodePhiliaX Chat2DB up to 0.3.7. This affects an unknown function of the file ai/chat2db/server/web/api/controller/data/source/DataSourceController.java of the component JDBC Connection Handler. The manipulation results in sql injection. The attack can be executed remotโฆ
5.1
CVE-2025-54880 - Mermaid does not properly sanitize architecture diagram iconText leading to XSS
Mermaid is a JavaScript based diagramming and charting tool that uses Markdown-inspired text definitions and a renderer to create and modify complex diagrams. In the default configuration of mermaid 11.9.0 and earlier, user supplied input for architecture diagram icons is passed to the d3 html() meโฆ
2.4
CVE-2025-54411 - Discourse welcome banner user name XSS
Discourse is an open-source discussion platform. Welcome banner user name string for logged in users can be vulnerable to XSS attacks, which affect the user themselves or an admin impersonating them. Admins can temporarily alter the welcome_banner.header.logged_in_members site text to remove the prโฆ
8.7
CVE-2025-52478 - Stored XSS in n8n Form Trigger allows Account Takeover via injected iframe and video/source
n8n is a workflow automation platform. From 1.77.0 to before 1.98.2, a stored Cross-Site Scripting (XSS) vulnerability was identified in n8n, specifically in the Form Trigger node's HTML form element. An authenticated attacker can inject malicious HTML via an <iframe> with a srcdoc payload that incโฆ
5.1
CVE-2025-9147 - jasonclark getsemantic index.php cross site scripting
A vulnerability has been found in jasonclark getsemantic up to 040c96eb8cf9947488bd01b8de99b607b0519f7d. The impacted element is an unknown function of the file /index.php. The manipulation of the argument view leads to cross site scripting. Remote exploitation of the attack is possible. The exploiโฆ
7.5
CVE-2025-9146 - Linksys E5600 Firmware checkFw.sh verify_gemtek_header risky encryption
A flaw has been found in Linksys E5600 1.1.0.26. The affected element is the function verify_gemtek_header of the file checkFw.sh of the component Firmware Handler. Executing manipulation can lead to risky cryptographic algorithm. The attack may be launched remotely. The attack requires a high leveโฆ