5.3
CVE-2025-8229 - Campcodes Courier Management System parcel_list.php sql injection
A vulnerability classified as critical has been found in Campcodes Courier Management System 1.0. This affects an unknown part of the file /parcel_list.php. The manipulation of the argument s leads to sql injection. It is possible to initiate the attack remotely. The exploit has been disclosed to tβ¦
5.3
CVE-2025-8228 - yanyutao0402 ChanCMS getPages server-side request forgery
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function getPages of the file /cms/collect/getPages. The manipulation of the argument targetUrl leads to server-side request forgery. The attack may be launched remotely. The β¦
5.3
CVE-2025-8227 - yanyutao0402 ChanCMS getArticle deserialization
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /collect/getArticle. The manipulation of the argument taskUrl leads to deserialization. The attack can be launched remotely. The exβ¦
5.3
CVE-2025-8226 - yanyutao0402 ChanCMS find information disclosure
A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been classified as problematic. Affected is an unknown function of the file /sysApp/find. The manipulation of the argument accessKey/secretKey leads to information disclosure. It is possible to launch the attack remotely. The expβ¦
4.8
CVE-2025-8225 - GNU Binutils DWARF Section dwarf.c process_debug_info memory leak
A vulnerability was found in GNU Binutils 2.44 and classified as problematic. This issue affects the function process_debug_info of the file binutils/dwarf.c of the component DWARF Section Handler. The manipulation leads to memory leak. Attacking locally is a requirement. The identifier of the patcβ¦
10.0
CVE-2025-5120 - Sandbox Escape Vulnerability in huggingface/smolagents
A sandbox escape vulnerability was identified in huggingface/smolagents version 1.14.0, allowing attackers to bypass the restricted execution environment and achieve remote code execution (RCE). The vulnerability stems from the local_python_executor.py module, which inadequately restricts Python coβ¦
4.8
CVE-2025-8224 - GNU Binutils BFD Library elf.c bfd_elf_get_str_section null pointer dereference
A vulnerability has been found in GNU Binutils 2.44 and classified as problematic. This vulnerability affects the function bfd_elf_get_str_section of the file bfd/elf.c of the component BFD Library. The manipulation leads to null pointer dereference. Local access is required to approach this attackβ¦
5.3
CVE-2025-8223 - jerryshensjf JPACookieShop θη³εεJPAη AdminTypeCustController.java cross-site request forgery
A vulnerability, which was classified as problematic, was found in jerryshensjf JPACookieShop θη³εεJPAη up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. This affects an unknown part of the file AdminTypeCustController.java. The manipulation leads to cross-site request forgery. It is possible to initiβ¦
5.1
CVE-2025-8222 - jerryshensjf JPACookieShop θη³εεJPAη GoodsController.java cross site scripting
A vulnerability, which was classified as problematic, has been found in jerryshensjf JPACookieShop θη³εεJPAη up to 24a15c02b4f75042c9f7f615a3fed2ec1cefb999. Affected by this issue is some unknown functionality of the file GoodsController.java. The manipulation leads to cross site scripting. The attaβ¦
4.3
CVE-2025-8104 - Memory Usage <= 3.98 - Cross-Site Request Forgery to Limited Plugin Installation via wpmemory_instaβ¦
The Memory Usage plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 3.98. This is due to missing nonce validation in the wpmemory_install_plugin() function. This makes it possible for unauthenticated attackers to silently install one of the severaβ¦