5.1
CVE-2025-7867 - Portabilis i-Educar Agenda agenda.php cross site scripting
A vulnerability has been found in Portabilis i-Educar 2.9.0/2.10.0. This vulnerability affects unknown code of the file /intranet/agenda.php of the component Agenda Module. The manipulation of the argument novo_titulo/novo_descricao leads to cross site scripting. It is possible to initiate the attaโฆ
5.1
CVE-2025-7866 - Portabilis i-Educar Disabilities Module educar_deficiencia_lst.php cross site scripting
A vulnerability was found in Portabilis i-Educar 2.9.0. It has been rated as problematic. This issue affects some unknown processing of the file /intranet/educar_deficiencia_lst.php of the component Disabilities Module. The manipulation of the argument Deficiรชncia ou Transtorno leads to cross site โฆ
5.1
CVE-2025-7865 - thinkgem JeeSite XSS Filter EncodeUtils.java xssFilter cross site scripting
A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been declared as problematic. This vulnerability affects the function xssFilter of the file src/main/java/com/jeesite/common/codec/EncodeUtils.java of the component XSS Filter. The manipulation of the argument text leads to cross siโฆ
5.3
CVE-2025-7864 - thinkgem JeeSite FileUploadController.java upload unrestricted upload
A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been classified as critical. This affects the function Upload of the file src/main/java/com/jeesite/modules/file/web/FileUploadController.java. The manipulation leads to unrestricted upload. It is possible to initiate the attack remโฆ
5.1
CVE-2025-7863 - thinkgem JeeSite ServletUtils.java redirectUrl
A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the argument url leads to open redirect. The attack may be launchโฆ
6.9
CVE-2025-7862 - TOTOLINK T6 Telnet Service cstecgi.cgi setTelnetCfg missing authentication
A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnet_enabled with the input 1 leads to misโฆ
9.8
CVE-2025-53770 - Microsoft SharePoint Server Remote Code Execution Vulnerability
Deserialization of untrusted data in on-premises Microsoft SharePoint Server allows an unauthorized attacker to execute code over a network. Microsoft is aware that an exploit for CVE-2025-53770 exists in the wild. Microsoft is preparing and fully testing a comprehensive update to address this vulnโฆ
6.9
CVE-2025-7861 - code-projects Church Donation System search.php sql injection
A vulnerability, which was classified as critical, was found in code-projects Church Donation System 1.0. Affected is an unknown function of the file /members/search.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has โฆ
6.9
CVE-2025-7860 - code-projects Church Donation System login_admin.php sql injection
A vulnerability, which was classified as critical, has been found in code-projects Church Donation System 1.0. This issue affects some unknown processing of the file /members/login_admin.php. The manipulation of the argument Username leads to sql injection. The attack may be initiated remotely. Theโฆ
6.9
CVE-2025-7859 - code-projects Church Donation System update_password_admin.php sql injection
A vulnerability classified as critical was found in code-projects Church Donation System 1.0. This vulnerability affects unknown code of the file /members/update_password_admin.php. The manipulation of the argument new_password leads to sql injection. The attack can be initiated remotely. The exploโฆ