5.3
CVE-2025-7787 - Xuxueli xxl-job SampleXxlJob.java httpJobHandler server-side request forgery
A vulnerability, which was classified as critical, was found in Xuxueli xxl-job up to 3.1.1. Affected is the function httpJobHandler of the file src\main\java\com\xxl\job\executor\service\jobhandler\SampleXxlJob.java. The manipulation leads to server-side request forgery. It is possible to launch tβ¦
5.5
CVE-2024-13175 - IDOR in Vidco Software's VOC TESTER
Authorization Bypass Through User-Controlled Key vulnerability in Vidco Software VOC TESTER allows Forceful Browsing.This issue affects VOC TESTER: before 12.41.0.
5.1
CVE-2025-7786 - Gnuboard g6 Post Reply qa cross site scripting
A vulnerability, which was classified as problematic, has been found in Gnuboard g6 up to 6.0.10. This issue affects some unknown processing of the file /bbs/scrap_popin_update/qa/ of the component Post Reply Handler. The manipulation leads to cross site scripting. The attack may be initiated remotβ¦
5.3
CVE-2025-7785 - thinkgem JeeSite SsoController.java sso redirect
A vulnerability classified as problematic was found in thinkgem JeeSite up to 5.12.0. This vulnerability affects the function sso of the file src/main/java/com/jeesite/modules/sys/web/SsoController.java. The manipulation of the argument redirect leads to open redirect. The attack can be initiated rβ¦
2.2
CVE-2025-6227 - Invite token is used as part of the secure communication
Mattermost versions 10.5.x <= 10.5.7, 9.11.x <= 9.11.16 fail to negotiate a new token when accepting the invite which allows a user that intercepts both invite and password to send synchronization payloads to the server that originally created the invite via the REST API.
8.7
CVE-2025-49484 - Extension - joomsky.com - SQL injection in JS jobs component version 1.1.5 - 1.4.1 for Joomla
A SQL injection vulnerability in the JS Jobs plugin versions 1.0.0-1.4.1 for Joomla allows low-privilege users to execute arbitrary SQL commands via the 'cvid' parameter in the employee application feature.
5.3
CVE-2025-50126 - Extension - rsjoomla.com - Stored XSS vulnerability RSBlog! component 1.11.6-1.14.5 for Joomla
A stored XSS vulnerability in the RSBlog! component 1.11.6-1.14.5 Joomla was discovered. The issue allows remote authenticated users to inject arbitrary web script or HTML via the jform[tags_text] parameter.
5.1
CVE-2025-50058 - Extension - rsjoomla.com - Stored XSS vulnerability in RSDirectory! component 1.16.3-1.17.7 for Jooβ¦
A stored XSS vulnerability in the RSDirectory! component 1.0.0-2.2.8 Joomla was discovered. The issue allows remote authenticated attackers to inject arbitrary web script or HTML via the review reply component.
6.9
CVE-2025-50057 - Extension - rsjoomla.com - DOS vulnerability RSFiles! component 1.16.3-1.17.7 for Joomla
A DOS vulnerability in RSFiles! component 1.16.3-1.17.7 Joomla was discovered. The issue allows unauthenticated remote attackers to deny access to service via the search feature.
5.1
CVE-2025-50056 - Extension - rsjoomla.com - Reflected XSS vulnerability RSMail! component 1.19.20-1.22.28 for Joomla
A reflected XSS vulnerability in RSMail! component 1.19.20 - 1.22.26 28 Joomla was discovered. The issue allows remote attackers to inject arbitrary web script or HTML via the crafted parameter.