6.1
CVE-2025-14313 - Advance WP Query Search Filter <= 1.0.10 - Reflected XSS via taxo_ajax
The Advance WP Query Search Filter WordPress plugin through 1.0.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
6.1
CVE-2025-14312 - Advance WP Query Search Filter <= 1.0.10 - Reflected XSS via counter
The Advance WP Query Search Filter WordPress plugin through 1.0.10 does not sanitise and escape a parameter before outputting it back in the page, leading to a Reflected Cross-Site Scripting which could be used against high privilege users such as admin
2.3
CVE-2025-15222 - Dromara Sa-Token SaSerializerTemplateForJdkUseBase64.java ObjectInputStream.readObject deserializatβ¦
A vulnerability has been found in Dromara Sa-Token up to 1.44.0. This issue affects the function ObjectInputStream.readObject of the file SaSerializerTemplateForJdkUseBase64.java. Such manipulation leads to deserialization. The attack can be executed remotely. This attack is characterized by high cβ¦
5.1
CVE-2025-15221 - SohuTV CacheCloud AppDataMigrateController.java index cross site scripting
A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has β¦
5.3
CVE-2025-15220 - SohuTV CacheCloud LoginController.java init cross site scripting
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be useβ¦
5.1
CVE-2025-15219 - SohuTV CacheCloud MachineManageController.java doPodList cross site scripting
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doMachineList/doPodList of the file src/main/java/com/sohu/cache/web/controller/MachineManageController.java. The manipulation leads to cross site scripting. The attack may be initiatβ¦
8.7
CVE-2025-15218 - Tenda AC10U POST Request Parameter AdvSetLanip fromadvsetlanip buffer overflow
A weakness has been identified in Tenda AC10U 15.03.06.48/15.03.06.49. Affected by this vulnerability is the function fromadvsetlanip of the file /goform/AdvSetLanip of the component POST Request Parameter Handler. Executing a manipulation of the argument lanMask can lead to buffer overflow. The atβ¦
8.7
CVE-2025-15217 - Tenda AC23 HTTP POST Request formSetPPTPUserList buffer overflow
A security flaw has been discovered in Tenda AC23 16.03.07.52. Affected is the function formSetPPTPUserList of the component HTTP POST Request Handler. Performing a manipulation of the argument list results in buffer overflow. The attack can be initiated remotely.
8.7
CVE-2025-15216 - Tenda AC23 SetIpMacBind fromSetIpMacBind stack-based overflow
A vulnerability was identified in Tenda AC23 16.03.07.52. This impacts the function fromSetIpMacBind of the file /goform/SetIpMacBind. Such manipulation of the argument bindnum leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and β¦
8.7
CVE-2025-15215 - Tenda AC10U HTTP POST Request setPptpUserList formSetPPTPUserList buffer overflow
A vulnerability was determined in Tenda AC10U 15.03.06.48/15.03.06.49. This affects the function formSetPPTPUserList of the file /goform/setPptpUserList of the component HTTP POST Request Handler. This manipulation of the argument list causes buffer overflow. It is possible to initiate the attack rβ¦