5.3
CVE-2025-7905 - itsourcecode Insurance Management System insertPayment.php sql injection
A vulnerability has been found in itsourcecode Insurance Management System 1.0 and classified as critical. This vulnerability affects unknown code of the file /insertPayment.php. The manipulation of the argument recipt_no leads to sql injection. The attack can be initiated remotely. The exploit hasβ¦
5.3
CVE-2025-7904 - itsourcecode Insurance Management System insertNominee.php sql injection
A vulnerability, which was classified as critical, was found in itsourcecode Insurance Management System 1.0. This affects an unknown part of the file /insertNominee.php. The manipulation of the argument nominee_id leads to sql injection. It is possible to initiate the attack remotely. The exploit β¦
5.3
CVE-2025-7903 - yangzongzhuan RuoYi Image Source ui layer
A vulnerability classified as problematic was found in yangzongzhuan RuoYi up to 4.8.1. Affected by this vulnerability is an unknown functionality of the component Image Source Handler. The manipulation leads to improper restriction of rendered ui layers. The attack can be launched remotely. The exβ¦
5.1
CVE-2025-7902 - yangzongzhuan RuoYi SysNoticeController.java addSave cross site scripting
A vulnerability classified as problematic has been found in yangzongzhuan RuoYi up to 4.8.1. Affected is the function addSave of the file com/ruoyi/web/controller/system/SysNoticeController.java. The manipulation leads to cross site scripting. It is possible to launch the attack remotely. The exploβ¦
5.3
CVE-2025-7901 - yangzongzhuan RuoYi Swagger UI index.html cross site scripting
A vulnerability was found in yangzongzhuan RuoYi up to 4.8.1. It has been rated as problematic. This issue affects some unknown processing of the file /swagger-ui/index.html of the component Swagger UI. The manipulation of the argument configUrl leads to cross site scripting. The attack may be initβ¦
5.1
CVE-2025-7898 - Codecanyon iDentSoft Account Setting Page updateSetting unrestricted upload
A vulnerability was found in Codecanyon iDentSoft 2.0. It has been classified as critical. This affects an unknown part of the file /clinica/profile/updateSetting of the component Account Setting Page. The manipulation of the argument photo leads to unrestricted upload. It is possible to initiate tβ¦
6.9
CVE-2025-7897 - harry0703 MoneyPrinterTurbo API Endpoint base.py verify_token missing authentication
A vulnerability was found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this issue is the function verify_token of the file app/controllers/base.py of the component API Endpoint. The manipulation leads to missing authentication. The attack may be launched remoteβ¦
5.3
CVE-2025-7896 - harry0703 MoneyPrinterTurbo video.py delete_video path traversal
A vulnerability has been found in harry0703 MoneyPrinterTurbo up to 1.2.6 and classified as critical. Affected by this vulnerability is the function download_video/delete_video of the file app/controllers/v1/video.py. The manipulation leads to path traversal. The attack can be launched remotely.
8.6
CVE-2025-46385 -
CWE-918 Server-Side Request Forgery (SSRF)
8.8
CVE-2025-46384 -
CWE-434 Unrestricted Upload of File with Dangerous Type