8.7
CVE-2025-3538 - D-Link DI-8100 jhttpd auth.asp auth_asp stack-based overflow
A vulnerability was found in D-Link DI-8100 16.07.26A1. It has been rated as critical. This issue affects the function auth_asp of the file /auth.asp of the component jhttpd. The manipulation of the argument callback leads to stack-based buffer overflow. The attack needs to be approached within theโฆ
8.4
CVE-2024-56406 - Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes
A heap buffer overflow vulnerability was discovered in Perl. Release branches 5.34, 5.36, 5.38 and 5.40 are affected, including development versions from 5.33.1 through 5.41.10. When there are non-ASCII bytes in the left-hand-side of the `tr` operator, `S_do_trans_invmap` can overflow the destinโฆ
6.9
CVE-2025-3537 - Tutorials-Website Employee Management System update-user.php improper authorization
A vulnerability was found in Tutorials-Website Employee Management System 1.0. It has been classified as critical. This affects an unknown part of the file /admin/update-user.php. The manipulation of the argument ID leads to improper authorization. It is possible to initiate the attack remotely. Thโฆ
5.4
CVE-2025-3423 - IBM Aspera Faspex 5 cross-site scripting
IBM Aspera Faspex 5.0.0 through 5.0.11 is vulnerable to cross-site scripting. This vulnerability allows an authenticated user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a trusted session.
6.9
CVE-2025-3536 - Tutorials-Website Employee Management System delete-user.php improper authorization
A vulnerability was found in Tutorials-Website Employee Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/delete-user.php. The manipulation of the argument ID leads to improper authorization. The attack may be launched remotelyโฆ
5.3
CVE-2025-3535 - shuanx BurpAPIFinder BurpApiFinder.db denial of service
A vulnerability has been found in shuanx BurpAPIFinder up to 2.0.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file BurpApiFinder.db. The manipulation leads to denial of service. The attack can be launched remotely. The exploit has been disclosedโฆ
5.3
CVE-2025-3534 - PowerCreator CMS OpenPublicCourse.aspx sql injection
A vulnerability, which was classified as critical, was found in PowerCreator CMS 1.0. Affected is an unknown function of the file /OpenPublicCourse.aspx. The manipulation of the argument cid leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the โฆ
5.3
CVE-2025-3533 - YouDianCMS index.html.Attackers cross site scripting
A vulnerability, which was classified as problematic, has been found in YouDianCMS 9.5.21. This issue affects some unknown processing of the file /App/Tpl/Admin/Default/Channel/index.html.Attackers. The manipulation of the argument Parent leads to cross site scripting. The attack may be initiated rโฆ
5.3
CVE-2025-3532 - YouDianCMS index.html.Attackers cross site scripting
A vulnerability classified as problematic was found in YouDianCMS 9.5.21. This vulnerability affects unknown code of the file /App/Tpl/Member/Default/Order/index.html.Attackers. The manipulation of the argument OrderNumber leads to cross site scripting. The attack can be initiated remotely. The expโฆ
5.3
CVE-2025-3531 - YouDianCMS index.html cross site scripting
A vulnerability classified as problematic has been found in YouDianCMS 9.5.21. This affects an unknown part of the file /App/Tpl/Admin/Default/Log/index.html. The manipulation of the argument UserName/LogType leads to cross site scripting. It is possible to initiate the attack remotely. The exploitโฆ