5.1
CVE-2025-6167 - themanojdesai python-a2a api.py create_workflow path traversal
A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this issue. It is recommenβ¦
5.1
CVE-2025-6166 - frdel Agent-Zero image_get.py image_get path traversal
A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. Theβ¦
8.7
CVE-2025-6165 - TOTOLINK X15 HTTP POST Request formTmultiAP buffer overflow
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack canβ¦
4.8
CVE-2025-5209 - Ivory Search < 5.5.10 - Admin+ Stored XSS
The Ivory Search WordPress plugin before 5.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
8.7
CVE-2025-6164 - TOTOLINK A3002R HTTP POST Request formMultiAP buffer overflow
A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to iniβ¦
8.7
CVE-2025-6163 - TOTOLINK A3002RU HTTP POST Request formMultiAP buffer overflow
A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The aβ¦
8.7
CVE-2025-6162 - TOTOLINK EX1200T HTTP POST Request formMultiAP buffer overflow
A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer ovβ¦
6.9
CVE-2025-6161 - SourceCodester Simple Food Ordering System editproduct.php unrestricted upload
A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploiβ¦
6.9
CVE-2025-6160 - SourceCodester Client Database Management System user_customer_create_order.php sql injection
A vulnerability, which was classified as critical, has been found in SourceCodester Client Database Management System 1.0. This issue affects some unknown processing of the file /user_customer_create_order.php. The manipulation of the argument user_id leads to sql injection. The attack may be initiβ¦
6.9
CVE-2025-6159 - code-projects Hostel Management System allocate_room.php sql injection
A vulnerability classified as critical was found in code-projects Hostel Management System 1.0. This vulnerability affects unknown code of the file /allocate_room.php. The manipulation of the argument search_box leads to sql injection. The attack can be initiated remotely. The exploit has been discβ¦