5.3
CVE-2025-2361 - Mercurial SCM Web Interface cross site scripting
A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has beenβ¦
6.9
CVE-2025-2360 - D-Link DIR-823G UPnP Service HNAP1 SetUpnpSettings improper authorization
A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is the function SetUpnpSettings of the file /HNAP1/ of the component UPnP Service. The manipulation of the argument SOAPAction leads to improper authorization. The attack can be lauβ¦
6.9
CVE-2025-2359 - D-Link DIR-823G DDNS Service HNAP1 SetDDNSSettings improper authorization
A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B05_20181207. Affected is the function SetDDNSSettings of the file /HNAP1/ of the component DDNS Service. The manipulation of the argument SOAPAction leads to improper authorization. It is possible to launch the attack reβ¦
5.3
CVE-2025-2358 - Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System HTTP Header Service.asmx sql injβ¦
A vulnerability was found in Shenzhen Mingyuan Cloud Technology Mingyuan Real Estate ERP System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /Kfxt/Service.asmx of the component HTTP Header Handler. The manipulation of the argument X-Forwarded-For leads β¦
5.3
CVE-2025-2357 - DCMTK dcmjpls JPEG-LS Decoder memory corruption
A vulnerability was found in DCMTK 3.6.9. It has been declared as critical. This vulnerability affects unknown code of the component dcmjpls JPEG-LS Decoder. The manipulation leads to memory corruption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be usβ¦
6.3
CVE-2025-2356 - BlackVue App API deviceDelete get request method with sensitive query strings
A vulnerability was found in BlackVue App 3.65 on Android. It has been classified as problematic. This affects the function deviceDelete of the component API Handler. The manipulation leads to use of get request method with sensitive query strings. It is possible to initiate the attack remotely. Thβ¦
4.8
CVE-2025-2355 - BlackVue App API Endpoint credentials storage
A vulnerability was found in BlackVue App 3.65 on Android and classified as problematic. Affected by this issue is some unknown functionality of the component API Endpoint Handler. The manipulation of the argument BCS_TOKEN/SECRET_KEY leads to unprotected storage of credentials. Local access is reqβ¦
5.3
CVE-2025-2354 - VAM Virtual Airlines Manager index.php cross site scripting
A vulnerability has been found in VAM Virtual Airlines Manager 2.6.2 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /vam/index.php. The manipulation of the argument registry_id/plane_icao/hub_id leads to cross site scripting. The attack can be β¦
7.3
CVE-2025-26125 -
An exposed ioctl in the IMFForceDelete driver of IObit Malware Fighter v12.1.0 allows attackers to arbitrarily delete files and escalate privileges.
5.4
CVE-2025-30143 -
Rule 3000216 (before version 2) in Akamai App & API Protector (with Akamai ASE) before 2024-12-10 does not properly consider JavaScript variable assignment to built-in functions and properties.