9.9
CVE-2025-48780 - Soar Cloud HRD Human Resource Management System - Deserialization of Untrusted Data
A deserialization of untrusted data vulnerability in the download file function of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to execute arbitrary system commands via a crafted serialized object.
9.3
CVE-2025-5192 - Soar Cloud HRD Human Resource Management System - Missing Authentication for Critical Function
A missing authentication for critical function vulnerability in the client application of Soar Cloud HRD Human Resource Management System through version 7.3.2025.0408 allows remote attackers to bypass authentication and access application functions.
8.7
CVE-2025-5739 - TOTOLINK X15 HTTP POST Request formSaveConfig buffer overflow
A vulnerability classified as critical has been found in TOTOLINK X15 1.0.0-B20230714.1105. This affects an unknown part of the file /boafrm/formSaveConfig of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to initiate thβ¦
8.7
CVE-2025-5738 - TOTOLINK X15 HTTP POST Request formStats buffer overflow
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been rated as critical. Affected by this issue is some unknown functionality of the file /boafrm/formStats of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attβ¦
8.7
CVE-2025-5737 - TOTOLINK X15 HTTP POST Request formDosCfg buffer overflow
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formDosCfg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overfloβ¦
9.8
CVE-2025-3365 - Relative Path Traversal in OnlineSuite
A missing protection against path traversal allows to access any file on the server.
10
CVE-2025-3322 - Improper Neutralization of Special Elements in OnlineSuite
An improper neutralization of inputs used in expression language allows remote code execution with the highest privileges on the server.
9.4
CVE-2025-3321 - Use of Hard-coded Credentials in OnlineSuite
A predefined administrative account is not documented and cannot be deactivated. This account cannot be misused from the network, only by local users on the server.
8.7
CVE-2025-5736 - TOTOLINK X15 HTTP POST Request formNtp buffer overflow
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been classified as critical. Affected is an unknown function of the file /boafrm/formNtp of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch β¦
8.7
CVE-2025-5735 - TOTOLINK X15 HTTP POST Request formSetLg buffer overflow
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This issue affects some unknown processing of the file /boafrm/formSetLg of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack may be iniβ¦