6.1
CVE-2025-3706 - 104 Corporation eHRMS - Reflected Cross-Site Scripting
The eHRMS from 104 Corporation has a Reflected Cross-site Scripting vulnerability, allowing unauthenticated remote attackers to execute arbitrary JavaScript codes in user's browser through phishing attacks.
5.3
CVE-2025-3997 - dazhouda lecms Personal Information Page index.php cross-site request forgery
A vulnerability classified as problematic has been found in dazhouda lecms 3.0.3. This affects an unknown part of the file /index.php?my-profile-ajax-1 of the component Personal Information Page. The manipulation leads to cross-site request forgery. It is possible to initiate the attack remotely. Tβ¦
4.8
CVE-2025-3996 - TOTOLINK N150RT MAC Filtering Page home.htm cross site scripting
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /home.htm of the component MAC Filtering Page. The manipulation of the argument Comment leads to cross site scripting. The attack may be lβ¦
4.8
CVE-2025-3995 - TOTOLINK N150RT LAN Settings Page fromStaticDHCP cross site scripting
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /boafrm/fromStaticDHCP of the component LAN Settings Page. The manipulation of the argument Hostname leads to cross site scriptinβ¦
4.8
CVE-2025-3994 - TOTOLINK N150RT IP Port Filtering home.htm cross site scripting
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525. It has been classified as problematic. Affected is an unknown function of the file /home.htm of the component IP Port Filtering. The manipulation of the argument Comment leads to cross site scripting. It is possible to launch the attack β¦
8.7
CVE-2025-3993 - TOTOLINK N150RT formWsc buffer overflow
A vulnerability was found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This issue affects some unknown processing of the file /boafrm/formWsc. The manipulation of the argument submit-url leads to buffer overflow. The attack may be initiated remotely. The exploit has been disclosedβ¦
8.7
CVE-2025-3992 - TOTOLINK N150RT formWlwds buffer overflow
A vulnerability has been found in TOTOLINK N150RT 3.4.0-B20190525 and classified as critical. This vulnerability affects unknown code of the file /boafrm/formWlwds. The manipulation of the argument submit-url leads to buffer overflow. The attack can be initiated remotely. The exploit has been disclβ¦
3.5
CVE-2023-35815 -
DevExpress before 23.1.3 has a data-source protection mechanism bypass during deserialization on XML data.
3.5
CVE-2023-35816 -
DevExpress before 23.1.3 allows arbitrary TypeConverter conversion.
5
CVE-2023-35817 -
DevExpress before 23.1.3 allows AsyncDownloader SSRF.