8.7
CVE-2025-5734 - TOTOLINK X15 HTTP POST Request formWlanRedirect buffer overflow
A vulnerability has been found in TOTOLINK X15 1.0.0-B20230714.1105 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlanRedirect of the component HTTP POST Request Handler. The manipulation of the argument redirect-url leads to buffer overflow. The attackβ¦
5.3
CVE-2025-5732 - code-projects Traffic Offense Reporting System cross-site request forgery
A vulnerability, which was classified as problematic, was found in code-projects Traffic Offense Reporting System 1.0. This affects an unknown part. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public andβ¦
5.3
CVE-2025-5729 - code-projects Health Center Patient Record Management System birthing_record.php sql injection
A vulnerability, which was classified as critical, was found in code-projects Health Center Patient Record Management System 1.0. Affected is an unknown function of the file /birthing_record.php. The manipulation of the argument itr_no leads to sql injection. It is possible to launch the attack remβ¦
5.3
CVE-2025-5728 - SourceCodester Open Source Clinic Management System manage_website.php unrestricted upload
A vulnerability classified as critical was found in SourceCodester Open Source Clinic Management System 1.0. This vulnerability affects unknown code of the file /manage_website.php. The manipulation of the argument website_image leads to unrestricted upload. The attack can be initiated remotely. Thβ¦
6.7
CVE-2025-48908 -
Ability Auto Startup service vulnerability in the foundation process Impact: Successful exploitation of this vulnerability may affect availability.
8.2
CVE-2025-48911 -
Vulnerability of improper permission assignment in the note sharing module Impact: Successful exploitation of this vulnerability may affect availability.
5.5
CVE-2025-48910 -
Buffer overflow vulnerability in the DFile module Impact: Successful exploitation of this vulnerability may affect availability.
7.1
CVE-2025-48909 -
Bypass vulnerability in the device management channel Impact: Successful exploitation of this vulnerability may affect service confidentiality.
6.4
CVE-2025-5686 - Paged Gallery <= 0.7 - Authenticated (Contributor+) Stored Cross-Site Scripting
The Paged Gallery plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's 'gallery' shortcode in all versions up to, and including, 0.7 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackeβ¦
6.5
CVE-2025-5563 - WP-Addpub <= 1.2.8 - Authenticated (Contributor+) SQL Injection
The WP-Addpub plugin for WordPress is vulnerable to SQL Injection via the 'wp-addpub' shortcode in all versions up to, and including, 1.2.8 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for authenticβ¦