6.9
CVE-2025-7576 - Teledyne FLIR FB-Series O/FLIR FH-Series ID Production Tools production.html access control
A vulnerability was found in Teledyne FLIR FB-Series O and FLIR FH-Series ID 1.3.2.16 and classified as critical. Affected by this issue is some unknown functionality of the file /priv/production/production.html of the component Production Tools. The manipulation leads to improper access controls. โฆ
5.1
CVE-2025-7575 - Zavy86 WikiDocs submit.php image_delete_ajax path traversal
A vulnerability has been found in Zavy86 WikiDocs up to 1.0.77 and classified as critical. Affected by this vulnerability is the function image_drop_upload_ajax/image_delete_ajax of the file submit.php. The manipulation leads to path traversal. The attack can be launched remotely. Upgrading to versโฆ
9.3
CVE-2025-7574 - LB-LINK BL-WR9000 Web Interface lighttpd.cgi restore improper authentication
A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web Interface. The manipulation leads to impropโฆ
6.9
CVE-2025-7573 - LB-LINK BL-WR9000 lighttpd.cgi bs_GetManPwd information disclosure
A vulnerability, which was classified as critical, has been found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This issue affects the function bs_GetManPwd in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads โฆ
6.9
CVE-2025-7572 - LB-LINK BL-WR9000 lighttpd.cgi bs_GetHostInfo information disclosure
A vulnerability classified as critical was found in LB-LINK BL-AC1900, BL-AC2100_AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. This vulnerability affects the function bs_GetHostInfo in the library libblinkapi.so of the file /cgi-bin/lighttpd.cgi. The manipulation leads to infoโฆ
8.7
CVE-2025-7571 - UTT HiPER 840G aspApBasicConfigUrcp buffer overflow
A vulnerability classified as critical has been found in UTT HiPER 840G up to 3.1.1-190328. This affects an unknown part of the file /goform/aspApBasicConfigUrcp. The manipulation of the argument Username leads to buffer overflow. It is possible to initiate the attack remotely. The exploit has beenโฆ
8.7
CVE-2025-7570 - UTT HiPER 840G aspRemoteApConfTempSend buffer overflow
A vulnerability was found in UTT HiPER 840G up to 3.1.1-190328. It has been rated as critical. Affected by this issue is some unknown functionality of the file /goform/aspRemoteApConfTempSend. The manipulation of the argument remoteSrcTemp leads to buffer overflow. The attack may be launched remoteโฆ
5.1
CVE-2025-7569 - Bigotry OneBase think_exception.tpl parse_args cross site scripting
A vulnerability was found in Bigotry OneBase up to 1.3.6. It has been declared as problematic. Affected by this vulnerability is the function parse_args of the file /tpl/think_exception.tpl. The manipulation of the argument args leads to cross site scripting. The attack can be launched remotely. Thโฆ
5.3
CVE-2025-7568 - qianfox FoxCMS Video.php batchCope sql injection
A vulnerability was found in qianfox FoxCMS up to 1.2.5. It has been classified as critical. Affected is the function batchCope of the file app/admin/controller/Video.php. The manipulation of the argument ids leads to sql injection. It is possible to launch the attack remotely. The exploit has beenโฆ
8.6
CVE-2025-7620 - DSIC๏ฝCross-browser Components for Official Document Creation - Remote Code Execution
The cross-browser document creation component produced by Digitware System Integration Corporation has a Remote Code Execution vulnerability. If a user visits a malicious website while the component is active, remote attackers can cause the system to download and execute arbitrary programs.