6.9
CVE-2025-15097 - Alteryx Server status improper authentication
A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrβ¦
4.9
CVE-2025-68941 - gitea: Gitea: Unauthorized access to private resources via public-scoped API tokens
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.
3.1
CVE-2025-68940 - gitea: Gitea: Unauthorized branch deletion due to inadequate permission enforcement
In Gitea before 1.22.5, branch deletion permissions are not adequately enforced after merging a pull request.
8.2
CVE-2025-68939 - gitea: attachments can be renamed to forbidden file extensions via the attachment API
Gitea before 1.23.0 allows attackers to add attachments with forbidden file extensions by editing an attachment name via an attachment API.
5.1
CVE-2025-15095 - postmanlabs httpbin core.py cross site scripting
A security vulnerability has been detected in postmanlabs httpbin up to 0.6.1. This affects an unknown function of the file httpbin-master/httpbin/core.py. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. β¦
5.3
CVE-2025-15094 - sunkaifei FlyCMS User Login UserController.java userLogin cross site scripting
A weakness has been identified in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The impacted element is the function userLogin of the file src/main/java/com/flycms/web/front/UserController.java of the component User Login. Executing a manipulation of the argument redirectUrl can β¦
4.3
CVE-2025-68938 - gitea: incorrect authorization for deletion of releases
Gitea before 1.25.2 mishandles authorization for deletion of releases.
5.3
CVE-2025-15093 - sunkaifei FlyCMS Admin Login IndexAdminController.java cross site scripting
A security flaw has been discovered in sunkaifei FlyCMS up to abbaa5a8daefb146ad4d61027035026b052cb414. The affected element is an unknown function of the file src/main/java/com/flycms/web/system/IndexAdminController.java of the component Admin Login. Performing a manipulation of the argument redirβ¦
8.7
CVE-2025-15092 - UTT θΏε 512W ConfigExceptMSN strcpy buffer overflow
A vulnerability was identified in UTT θΏε 512W up to 1.7.7-171114. Impacted is the function strcpy of the file /goform/ConfigExceptMSN. Such manipulation of the argument remark leads to buffer overflow. It is possible to launch the attack remotely. The exploit is publicly available and might be used.
6.1
CVE-2025-67349 -
A cross-site scripting (XSS) vulnerability was identified in FluentCMS 1.2.3. After logging in as an admin and navigating to the "Add Page" function, the application fails to properly sanitize input in the <head> section, allowing remote attackers to inject arbitrary script tags.