5.1

CVSS4.0

CVE-2025-7902 - yangzongzhuan RuoYi SysNoticeController.java addSave cross site scripting

A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The explo…

πŸ“… Published: July 20, 2025, 4:02 p.m. πŸ”„ Last Modified: Aug. 8, 2025, 4:19 p.m.

5.3

CVSS4.0

CVE-2025-7901 - yangzongzhuan RuoYi Swagger UI index.html cross site scripting

A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be init…

πŸ“… Published: July 20, 2025, 3:32 p.m. πŸ”„ Last Modified: Sept. 11, 2025, 3:28 p.m.

5.1

CVSS4.0

CVE-2025-7898 - Codecanyon iDentSoft Account Setting Page updateSetting unrestricted upload

A vulnerability was found in Codecanyon iDentSoft 2.0. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of the component Account Setting Page. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate t…

πŸ“… Published: July 20, 2025, 3:14 p.m. πŸ”„ Last Modified: Aug. 5, 2025, 8:59 p.m.

6.9

CVSS4.0

CVE-2025-7897 - harry0703 MoneyPrinterTurbo API Endpoint base.py verify_token missing authentication

A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/controllers/base.py of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remote…

πŸ“… Published: July 20, 2025, 3:02 p.m. πŸ”„ Last Modified: Nov. 20, 2025, 9:20 p.m.

5.3

CVSS4.0

CVE-2025-7896 - harry0703 MoneyPrinterTurbo video.py delete_video path traversal

A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/delete_video of the file app/controllers/v1/video.py. The manipulation leads to path traversal. The attack can be launched remotely.

πŸ“… Published: July 20, 2025, 2:44 p.m. πŸ”„ Last Modified: Nov. 20, 2025, 9:21 p.m.

8.6

CVSS3.1

CVE-2025-46385 -

CWE-918 Server-Side Request Forgery (SSRF)

πŸ“… Published: July 20, 2025, 2:42 p.m. πŸ”„ Last Modified: July 22, 2025, 1:06 p.m.

8.8

CVSS3.1

CVE-2025-46384 -

CWE-434 Unrestricted Upload of File with Dangerous Type

πŸ“… Published: July 20, 2025, 2:40 p.m. πŸ”„ Last Modified: July 22, 2025, 1:06 p.m.

6.1

CVSS3.1

CVE-2025-46383 -

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

πŸ“… Published: July 20, 2025, 2:35 p.m. πŸ”„ Last Modified: July 22, 2025, 1:06 p.m.

5.3

CVSS4.0

CVE-2025-7895 - harry0703 MoneyPrinterTurbo File Extension video.py upload_bgm_file unrestricted upload

A vulnerability, which was classified as critical, was found in harry0703 MoneyPrinterTurbo up to 1.2.6. Affected is the function upload_bgm_file of the file app/controllers/v1/video.py of the component File Extension Handler. The manipulation of the argument File leads to unrestricted upload. It i…

πŸ“… Published: July 20, 2025, 2:32 p.m. πŸ”„ Last Modified: Nov. 20, 2025, 9:25 p.m.

5.3

CVSS3.1

CVE-2025-46382 -

CWE-200 Exposure of Sensitive Information to an Unauthorized Actor

πŸ“… Published: July 20, 2025, 2:31 p.m. πŸ”„ Last Modified: July 22, 2025, 1:06 p.m.
Total resulsts: 348389
Page 4503 of 34,839
Β« previous page Β» next page
Filters