6.4
CVE-2025-4775 - WordPress Infinite Scroll β Ajax Load More <= 7.4.0.1 - Authenticated(Contributor+) Stored Cross-Siβ¦
The WordPress Infinite Scroll β Ajax Load More plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the data-button-label HTML attribute in all versions up to, and including, 7.4.0.1 due to insufficient input sanitization and output escaping. This makes it possible for authenticateβ¦
7.2
CVE-2025-3774 - Wise Chat <= 3.3.4 - Unauthenticated Stored Cross-Site Scripting via X-Forwarded-For Header
The Wise Chat plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the X-Forwarded-For header in all versions up to, and including, 3.3.4 due to insufficient input sanitization and output escaping. This makes it possible for unauthenticated attackers to inject arbitrary web scriptsβ¦
5.3
CVE-2025-6152 - Steel Browser files.routes.ts handleFileUpload path traversal
A vulnerability, which was classified as critical, was found in Steel Browser up to 0.1.3. This affects the function handleFileUpload of the file api/src/modules/files/files.routes.ts. The manipulation of the argument filename leads to path traversal. It is possible to initiate the attack remotely.β¦
8.2
CVE-2025-6151 - TP-Link TL-WR940N, TL-WR841N WanSlaacCfgRpm.htm buffer overflow
A vulnerability has been found in TP-Link TL-WR940N V4 and TL-WR841N V11. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm, which may lead to buffer overflow. The attack may be launched remotely. This vulnerability only affects products that are no lonβ¦
5.3
CVE-2025-48993 - Group-Office vulnerable to reflected XSS via Look and Feel Formatting input
Group-Office is an enterprise customer relationship management and groupware tool. Prior to versions 6.8.123 and 25.0.27, a malicious JavaScript payload can be executed via the Look and Feel formatting fields. Any user can update their Look and Feel Formatting input fields, but the web application β¦
8.7
CVE-2025-6150 - TOTOLINK X15 HTTP POST Request formMultiAP buffer overflow
A vulnerability classified as critical was found in TOTOLINK X15 1.0.0-B20230714.1105. Affected by this vulnerability is an unknown functionality of the file /boafrm/formMultiAP of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attβ¦
8.7
CVE-2025-6149 - TOTOLINK A3002R HTTP POST Request formSysLog buffer overflow
A vulnerability classified as critical has been found in TOTOLINK A3002R 4.0.0-B20230531.1404. Affected is an unknown function of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. It is possible to launch thβ¦
8.7
CVE-2025-6148 - TOTOLINK A3002RU HTTP POST Request formSysLog buffer overflow
A vulnerability was found in TOTOLINK A3002RU 3.0.0-B20230809.1615. It has been rated as critical. This issue affects some unknown processing of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack mβ¦
8.7
CVE-2025-6147 - TOTOLINK A702R HTTP POST Request formSysLog buffer overflow
A vulnerability was found in TOTOLINK A702R 4.0.0-B20230721.1521. It has been declared as critical. This vulnerability affects unknown code of the file /boafrm/formSysLog of the component HTTP POST Request Handler. The manipulation of the argument submit-url leads to buffer overflow. The attack canβ¦
7.3
CVE-2025-49179 - Xorg-x11-server-xwayland: xorg-x11-server: tigervnc: integer overflow in x record extension
A flaw was found in the X Record extension. The RecordSanityCheckRegisterClients function does not check for an integer overflow when computing request length, which allows a client to bypass length checks.