5.1
CVE-2026-0580 - SourceCodester API Key Manager App Import Key cross site scripting
A vulnerability was found in SourceCodester API Key Manager App 1.0. Affected by this vulnerability is an unknown functionality of the component Import Key Handler. Performing a manipulation results in cross site scripting. The attack can be initiated remotely.
7.1
CVE-2025-15235 - Quanta Computerο½QOCA aim AI Medical Cloud Platform - Missing Authorization
QOCA aim AI Medical Cloud Platform developed by Quanta Computer has a Missing Authorization vulnerability, allowing authenticated remote attackers to modify specific network packet parameters, enabling certain system functions to access other users' files.
8.7
CVE-2025-15462 - UTT θΏε 520W ConfigAdvideo strcpy buffer overflow
A vulnerability has been found in UTT θΏε 520W 1.7.7-180627. This issue affects the function strcpy of the file /goform/ConfigAdvideo. The manipulation of the argument timestart leads to buffer overflow. The attack is possible to be carried out remotely. The exploit has been disclosed to the public β¦
8.7
CVE-2025-15461 - UTT θΏε 520W formTaskEdit strcpy buffer overflow
A flaw has been found in UTT θΏε 520W 1.7.7-180627. This vulnerability affects the function strcpy of the file /goform/formTaskEdit. Executing a manipulation of the argument selDateType can lead to buffer overflow. The attack can be executed remotely. The exploit has been published and may be used. β¦
8.7
CVE-2025-15460 - UTT θΏε 520W formPptpClientConfig strcpy buffer overflow
A vulnerability was detected in UTT θΏε 520W 1.7.7-180627. This affects the function strcpy of the file /goform/formPptpClientConfig. Performing a manipulation of the argument EncryptionMode results in buffer overflow. Remote exploitation of the attack is possible. The exploit is now public and may β¦
3.5
CVE-2025-9543 - FlexTable Google Sheets Connector < 3.19.2 - Admin+ Stored XSS
The FlexTable WordPress plugin before 3.19.2 does not sanitise and escape the imported links from Google Sheet cells, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisiteβ¦
8.6
CVE-2025-14124 - Team < 5.0.11 - Unauthenticated SQLi
The Team WordPress plugin before 5.0.11 does not properly sanitize and escape a parameter before using it in a SQL statement via an AJAX action available to unauthenticated users, leading to a SQL injection.
8.7
CVE-2025-15459 - UTT θΏε 520W formUser strcpy buffer overflow
A security vulnerability has been detected in UTT θΏε 520W 1.7.7-180627. Affected by this issue is the function strcpy of the file /goform/formUser. Such manipulation of the argument passwd1 leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed publicly and maβ¦
6.9
CVE-2025-15458 - bg5sbk MiniCMS Article post-edit.php improper authentication
A vulnerability was determined in bg5sbk MiniCMS up to 1.8. This affects an unknown function of the file /mc-admin/post-edit.php of the component Article Handler. Executing a manipulation can lead to improper authentication. It is possible to launch the attack remotely. The exploit has been publiclβ¦
6.9
CVE-2025-15457 - bg5sbk MiniCMS Trash File Restore post.php improper authentication
A vulnerability was found in bg5sbk MiniCMS up to 1.8. The impacted element is an unknown function of the file /minicms/mc-admin/post.php of the component Trash File Restore Handler. Performing a manipulation results in improper authentication. It is possible to initiate the attack remotely. The exβ¦