5.1
CVE-2025-40674 - Reflected Cross-Site Scripting (XSS) in osCommerce
Reflected Cross-Site Scripting (XSS) in osCommerce v4. This vulnerability allows an attacker to execute JavaScript code in the victim's browser by sending the victim a malicious URL using the name of any parameter in /watch/en/about-us. This vulnerability can be exploited to steal sensitive user daβ¦
5.1
CVE-2025-6173 - Webkul QloApps ajax_products_list.php sql injection
A vulnerability classified as critical was found in Webkul QloApps 1.6.1. Affected by this vulnerability is an unknown functionality of the file /admin/ajax_products_list.php. The manipulation of the argument packItself leads to sql injection. The attack can be launched remotely. The exploit has beβ¦
5.1
CVE-2025-6167 - themanojdesai python-a2a api.py create_workflow path traversal
A vulnerability classified as critical has been found in themanojdesai python-a2a up to 0.5.5. Affected is the function create_workflow of the file python_a2a/agent_flow/server/api.py. The manipulation leads to path traversal. Upgrading to version 0.5.6 is able to address this issue. It is recommenβ¦
5.1
CVE-2025-6166 - frdel Agent-Zero image_get.py image_get path traversal
A vulnerability was found in frdel Agent-Zero up to 0.8.4. It has been rated as problematic. This issue affects the function image_get of the file /python/api/image_get.py. The manipulation of the argument path leads to path traversal. Upgrading to version 0.8.4.1 is able to address this issue. Theβ¦
8.7
CVE-2025-6165 - TOTOLINK X15 HTTP POST Request formTmultiAP buffer overflow
A vulnerability was found in TOTOLINK X15 1.0.0-B20230714.1105. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formTmultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack canβ¦
4.8
CVE-2025-5209 - Ivory Search < 5.5.10 - Admin+ Stored XSS
The Ivory Search WordPress plugin before 5.5.10 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Cross-Site Scripting attacks even when unfiltered_html is disallowed
8.7
CVE-2025-6164 - TOTOLINK A3002R HTTP POST Request formMultiAP buffer overflow
A vulnerability was found in TOTOLINK A3002R 4.0.0-B20230531.1404. It has been classified as critical. This affects an unknown part of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to iniβ¦
8.7
CVE-2025-6163 - TOTOLINK A3002RU HTTP POST Request formMultiAP buffer overflow
A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615 and classified as critical. Affected by this issue is some unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The aβ¦
8.7
CVE-2025-6162 - TOTOLINK EX1200T HTTP POST Request formMultiAP buffer overflow
A vulnerability has been found in TOTOLINK EX1200T 4.1.2cu.5232_B20210713 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer ovβ¦
6.9
CVE-2025-6161 - SourceCodester Simple Food Ordering System editproduct.php unrestricted upload
A vulnerability, which was classified as critical, was found in SourceCodester Simple Food Ordering System 1.0. Affected is an unknown function of the file /editproduct.php. The manipulation of the argument photo leads to unrestricted upload. It is possible to launch the attack remotely. The exploiβ¦