5.3
CVE-2025-6105 - jflyfox jfinal_cms HOME.java cross-site request forgery
A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed β¦
8.7
CVE-2025-6104 - Wifi-soft UniBox Controller pms_check.php os command injection
A vulnerability, which was classified as critical, was found in Wifi-soft UniBox Controller up to 20250506. This affects an unknown part of the file /billing/pms_check.php. The manipulation of the argument ipaddress leads to os command injection. It is possible to initiate the attack remotely. The β¦
8.7
CVE-2025-6103 - Wifi-soft UniBox Controller test_accesscodelogin.php os command injection
A vulnerability, which was classified as critical, has been found in Wifi-soft UniBox Controller up to 20250506. Affected by this issue is some unknown functionality of the file /billing/test_accesscodelogin.php. The manipulation of the argument Password leads to os command injection. The attack maβ¦
8.7
CVE-2025-6102 - Wifi-soft UniBox Controller logout.php os command injection
A vulnerability classified as critical was found in Wifi-soft UniBox Controller up to 20250506. Affected by this vulnerability is an unknown functionality of the file /authentication/logout.php. The manipulation of the argument mac_address leads to os command injection. The attack can be launched rβ¦
5.1
CVE-2025-6101 - letta-ai letta interface.py function_message eval injection
A vulnerability classified as critical has been found in letta-ai letta up to 0.4.1. Affected is the function function_message of the file letta/letta/interface.py. The manipulation of the argument function_name/function_args leads to improper neutralization of directives in dynamically evaluated cβ¦
5.3
CVE-2025-6100 - realguoshuai open-video-cms list sql injection
A vulnerability was found in realguoshuai open-video-cms 1.0. It has been rated as critical. This issue affects some unknown processing of the file /v1/video/list. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely. The exploit has been disclosed to tβ¦
6.9
CVE-2025-6099 - szluyu99 gin-vue-blog PATCH Request manager.go improper authorization
A vulnerability was found in szluyu99 gin-vue-blog up to 61dd11ccd296e8642a318ada3ef7b3f7776d2410. It has been declared as critical. This vulnerability affects unknown code of the file gin-blog-server/internal/manager.go of the component PATCH Request Handler. The manipulation leads to improper autβ¦
9.3
CVE-2025-6098 - UTT θΏε 750W API setSysAdm strcpy buffer overflow
A vulnerability was found in UTT θΏε 750W up to 5.0. It has been classified as critical. This affects the function strcpy of the file /goform/setSysAdm of the component API. The manipulation of the argument passwd1 leads to buffer overflow. It is possible to initiate the attack remotely. The exploitβ¦
6.9
CVE-2025-6097 - UTT θΏε 750W Administrator Password setSysAdm formDefineManagement unverified password change
A vulnerability was found in UTT θΏε 750W up to 5.0 and classified as critical. Affected by this issue is the function formDefineManagement of the file /goform/setSysAdm of the component Administrator Password Handler. The manipulation of the argument passwd1 leads to unverified password change. Theβ¦
2.5
CVE-2025-6170 - Libxml2: stack buffer overflow in xmllint interactive shell command handling
A flaw was found in the interactive shell of the xmllint command-line tool, used for parsing XML files. When a user inputs an overly long command, the program does not check the input size properly, which can cause it to crash. This issue might allow attackers to run harmful code in rare configuratβ¦