6.9
CVE-2025-2993 - Tenda FH1202 default.cfg access control
A vulnerability, which was classified as critical, has been found in Tenda FH1202 1.2.0.14(408). Affected by this issue is some unknown functionality of the file /default.cfg. The manipulation of the argument these leads to improper access controls. The attack may be launched remotely. The exploit β¦
9.3
CVE-2025-3022 - OS Command Injection vulnerability in e-management of e-solutions
Os command injection vulnerability in e-solutions e-management. This vulnerability allows an attacker to execute arbitrary commands on the server via the βclientβ parameter in the /data/apache/e-management/api/api3.php endpoint.
6.9
CVE-2025-2992 - Tenda FH1202 Web Management Interface AdvSetWrlsafeset access control
A vulnerability classified as critical was found in Tenda FH1202 1.2.0.14(408). Affected by this vulnerability is an unknown functionality of the file /goform/AdvSetWrlsafeset of the component Web Management Interface. The manipulation leads to improper access controls. The attack can be launched rβ¦
7.1
CVE-2025-23995 - WordPress Tantyyellow theme <= 1.0.0.5 - Reflected Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ta2g Tantyyellow allows Reflected XSS.This issue affects Tantyyellow: from n/a through 1.0.0.5.
6.5
CVE-2025-31419 - WordPress Churel plugin <= 1.0.8 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Themeix Churel allows DOM-Based XSS.This issue affects Churel: from n/a through 1.0.8.
6.5
CVE-2025-30963 - WordPress JetSmartFilters plugin <= 3.6.3 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Crocoblock JetSmartFilters jet-smart-filters allows DOM-Based XSS.This issue affects JetSmartFilters: from n/a through <= 3.6.3.
5.1
CVE-2025-3027 - Open Redirect vulnerability in EJBCA
The vulnerability exists in the EJBCA service, version 8.0 Enterprise. By making a small change to the PATH of the URL associated with the service, the server fails to find the requested file and redirects to an external page. This vulnerability could allow users to be redirected to potentially malβ¦
6.9
CVE-2025-2991 - Tenda FH1202 Web Management Interface AdvSetWrlmacfilter access control
A vulnerability classified as critical has been found in Tenda FH1202 1.2.0.14(408). Affected is an unknown function of the file /goform/AdvSetWrlmacfilter of the component Web Management Interface. The manipulation leads to improper access controls. It is possible to launch the attack remotely. Thβ¦
5.1
CVE-2025-3026 - Improper Neutralization of Special Elements vulnerability in EJBCA
The vulnerability exists in the EJBCA service, version 8.0 Enterprise. Not tested in higher versions. By modifying the βHostβ header in an HTTP request, it is possible to manipulate the generated links and thus redirect the client to a different base URL. In this way, an attacker could insert his β¦
8.7
CVE-2025-3021 - Path Traversal vulnerability in e-management of e-solutions
Path Traversal vulnerability in e-solutions e-management. This vulnerability could allow an attacker to access confidential files outside the expected scope via the βfileβ parameter in the /downloadReport.php endpoint.