7.4
CVE-2025-1724 - Account Takeover
Zohocorp's ManageEngine Analytics Plus and Zoho Analytics on-premise versions older than 6130 are vulnerable to an AD only account takeover because of a hardcoded sensitive token.
5.3
CVE-2025-2365 - crmeb_java WeChatMessageController.java webHook xml external entity reference
A vulnerability, which was classified as problematic, has been found in crmeb_java up to 1.3.4. Affected by this issue is the function webHook of the file WeChatMessageController.java. The manipulation leads to xml external entity reference. The attack may be launched remotely. The exploit has beenβ¦
5.1
CVE-2025-2364 - lenve VBlog ArticleService.java addNewArticle cross site scripting
A vulnerability classified as problematic was found in lenve VBlog up to 1.0.0. Affected by this vulnerability is the function addNewArticle of the file blogserver/src/main/java/org/sang/service/ArticleService.java. The manipulation of the argument mdContent/htmlContent leads to cross site scriptinβ¦
8.8
CVE-2025-2396 - e-Excellence U-Office Force - Arbitrary File Upload
The U-Office Force from e-Excellence has an Arbitrary File Upload vulnerability, allowing remote attackers with regular privileges to upload and execute web shell backdoors, thereby enabling arbitrary code execution on the server.
9.8
CVE-2025-2395 - e-Excellence U-Office Force - Improper Authentication
The U-Office Force from e-Excellence has an Improper Authentication vulnerability, allowing unauthenticated remote attackers to use a particular API and alter cookies to log in as an administrator.
5.3
CVE-2025-2363 - lenve VBlog ArticleController.java uploadImg path traversal
A vulnerability classified as critical has been found in lenve VBlog up to 1.0.0. Affected is the function uploadImg of the file blogserver/src/main/java/org/sang/controller/ArticleController.java. The manipulation of the argument filename leads to path traversal. It is possible to launch the attacβ¦
6.9
CVE-2025-2362 - PHPGurukul Pre-School Enrollment System contact-us.php sql injection
A vulnerability was found in PHPGurukul Pre-School Enrollment System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/contact-us.php. The manipulation of the argument mobnum leads to sql injection. The attack may be initiated remotely. The exploit haβ¦
5.3
CVE-2025-2361 - Mercurial SCM Web Interface cross site scripting
A vulnerability was found in Mercurial SCM 4.5.3/71.19.145.211. It has been declared as problematic. This vulnerability affects unknown code of the component Web Interface. The manipulation of the argument cmd leads to cross site scripting. The attack can be initiated remotely. The exploit has beenβ¦
6.9
CVE-2025-2360 - D-Link DIR-823G UPnP Service HNAP1 SetUpnpSettings improper authorization
A vulnerability classified as critical was found in D-Link DIR-823G 1.0.2B05_20181207. Affected by this vulnerability is the function SetUpnpSettings of the file /HNAP1/ of the component UPnP Service. The manipulation of the argument SOAPAction leads to improper authorization. The attack can be lauβ¦
6.9
CVE-2025-2359 - D-Link DIR-823G DDNS Service HNAP1 SetDDNSSettings improper authorization
A vulnerability classified as critical has been found in D-Link DIR-823G 1.0.2B05_20181207. Affected is the function SetDDNSSettings of the file /HNAP1/ of the component DDNS Service. The manipulation of the argument SOAPAction leads to improper authorization. It is possible to launch the attack reβ¦