5.1
CVE-2025-3005 - Sayski ForestBlog Friend Link cross site scripting
A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this issue is some unknown functionality of the component Friend Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosedβ¦
5.3
CVE-2025-31125 - Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3,β¦
5.1
CVE-2025-3004 - Sayski ForestBlog search cross site scripting
A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The exploitβ¦
9
CVE-2025-31122 - scratch-coding-hut.github.io Login Links Generation vulnerability
scratch-coding-hut.github.io is the website for Coding Hut. In 1.0-beta3 and earlier, the login link can be used to login to any account by changing the username in the username field.
6.1
CVE-2025-30006 - Xorcom CompletePBX <= 5.2.35 Reflected Cross-Site Scripting
Xorcom CompletePBX is vulnerable to a reflected cross-site scripting (XSS) in the administrative control panel. This issue affects CompletePBX: all versions up to and prior to 5.2.35
6.9
CVE-2025-31117 - OpenEMR Out-of-Band Server-Side Request Forgery (OOB SSRF) Vulnerability
OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to make unauthorized requests to external or internal resoβ¦
8.3
CVE-2025-30005 - Xorcom CompletePBX <= 5.2.35 Authenticated Path Traversal & File Deletion
Xorcom CompletePBX is vulnerable to a path traversal via the Diagnostics reporting module, which will allow reading of arbitrary files and additionally delete any retrieved file in place of the expected report. This issue affects CompletePBX: all versions up to and prior to 5.2.35
4.4
CVE-2025-31116 - Mobile Security Framework (MobSF) has a SSRF Vulnerability fix bypass on assetlinks_check with DNS β¦
Mobile Security Framework (MobSF) is a pen-testing, malware analysis and security assessment framework capable of performing static and dynamic analysis. The mitigation for CVE-2024-29190 in valid_host() uses socket.gethostbyname(), which is vulnerable to SSRF abuse using DNS rebinding technique. Tβ¦
8.8
CVE-2025-30004 - Xorcom CompletePBX <= 5.2.35 Task Scheduler Authenticated Command Injection
Xorcom CompletePBX is vulnerable to command injection in the administrator Task Scheduler functionality, allowing for attackers to execute arbitrary commands as the root user. This issue affects CompletePBX: all versions up to and prior to 5.2.35
6.5
CVE-2025-2292 - Xorcom CompletePBX <= 5.2.35 Authenticated File Disclosure
Xorcom CompletePBX is vulnerable to an authenticated path traversal, allowing for arbitrary file reads via the Backup and Restore functionality.This issue affects CompletePBX: through 5.2.35.