5.1
CVE-2025-15201 - SohuTV CacheCloud WebResourceController.java redirectNoPower cross site scripting
A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The explβ¦
4.8
CVE-2025-15200 - SohuTV CacheCloud AppClientDataShowController.java doIndex cross site scripting
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scβ¦
7.2
CVE-2025-13592 - Advanced Ads <= 2.0.14 - Authenticated (Editor+) Remote Code Execution via Shortcode
The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and including, 2.0.14 via the 'change-ad__content' shortcode parameter. This allows authenticated attackers with editor-level permissions or above, to execute code on the server.
5.3
CVE-2025-14280 - PixelYourSite <= 11.1.5 - Sensitive Information Exposure via Log File
The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 11.1.5 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in the exposed log files, β¦
5.3
CVE-2025-15199 - code-projects College Notes Uploading System userprofile.php unrestricted upload
A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit hasβ¦
6.9
CVE-2025-15198 - code-projects College Notes Uploading System login.php sql injection
A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing a manipulation of the argument User can lead to sql injection. The attack may be launched remotely. The exploit has been made available toβ¦
4.8
CVE-2025-55064 - Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Sβ¦
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
0.0
CVE-2025-68861 - WordPress Plugin Optimizer plugin <= 1.3.7 - Broken Access Control vulnerability
Missing Authorization vulnerability in pluginoptimizer Plugin Optimizer plugin-optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through <= 1.3.7.
4.8
CVE-2025-55063 - Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Sβ¦
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')
4.8
CVE-2025-55062 - Priority - CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Sβ¦
CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')