5.3
CVE-2025-15191 - D-Link DWR-M920 formLtefotaUpgradeFibocom sub_4155B4 command injection
A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been madβ¦
8.7
CVE-2025-15190 - D-Link DWR-M920 formFilter sub_42261C stack-based overflow
A security flaw has been discovered in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. The attack may be launched remotely. The exploit has been released to the public β¦
8.7
CVE-2025-15189 - D-Link DWR-M920 formDefRoute sub_464794 buffer overflow
A vulnerability was identified in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit is publicly available and might be useβ¦
4.8
CVE-2025-15188 - Campcodes Complete Online Beauty Parlor Management System search-invoices.php cross site scripting
A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotely.β¦
5.1
CVE-2025-15187 - GreenCMS File DataController.class.php path traversal
A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing a manipulation of the argument sqlFiles/zipFiles results in path traversal. The attack can be initiated remotely. The exploit has been made pβ¦
7.1
CVE-2026-0810 - Gix-date: gix-date: undefined behavior due to invalid string generation
A flaw was found in gix-date. The `gix_date::parse::TimeBuf::as_str` function can generate strings containing invalid non-UTF8 characters. This issue violates the internal safety invariants of the `TimeBuf` component, leading to undefined behavior when these malformed strings are subsequently proceβ¦
6.9
CVE-2025-15186 - code-projects Refugee Food Management System addusers.php sql injection
A vulnerability has been found in code-projects Refugee Food Management System 1.0. Affected by this issue is some unknown functionality of the file /home/addusers.php. Such manipulation of the argument a leads to sql injection. It is possible to launch the attack remotely. The exploit has been disβ¦
6.9
CVE-2025-15185 - code-projects Refugee Food Management System refugeesreport.php sql injection
A flaw has been found in code-projects Refugee Food Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /home/refugeesreport.php. This manipulation of the argument a causes sql injection. It is possible to initiate the attack remotely. The exploit has been β¦
6.9
CVE-2025-15184 - code-projects Refugee Food Management System refugeesreport2.php sql injection
A vulnerability was detected in code-projects Refugee Food Management System 1.0. Affected is an unknown function of the file /home/refugeesreport2.php. The manipulation of the argument a results in sql injection. The attack may be performed from remote. The exploit is now public and may be used.
6.9
CVE-2025-15183 - code-projects Refugee Food Management System viewtakenfd.php sql injection
A security vulnerability has been detected in code-projects Refugee Food Management System 1.0. This impacts an unknown function of the file /home/viewtakenfd.php. The manipulation of the argument tfid leads to sql injection. The attack is possible to be carried out remotely. The exploit has been dβ¦