CVE-2025-15175

CVE-2025-15175 affects SohuTV CacheCloud up to 3.2.0. The vulnerability lies in the doAppList/appCommandAnalysis function in AppController.java, where input manipulation can trigger cross-site scripting. Exploitation can be performed remotely, and the exploit is publicly available. Affected versi...

PT-2025-53787

Name of the Vulnerable Software and Affected Versions SohuTV CacheCloud versions up to 3.2.0 Description A flaw exists in SohuTV CacheCloud that allows for cross site scripting. This issue is related to the taskQueueList function within the file...

PT-2025-53704

Name of the Vulnerable Software and Affected Versions Tenda WH450 version 1.0.0.18 Description A flaw exists in the HTTP Request Handler component of Tenda WH450 version 1.0.0.18. The issue relates to stack-based buffer overflow triggered by manipulating the page argument when processing the file...

EUVD-2025-205528

A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack is possible to be carried out remotely. The...

EUVD-2025-205526

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are...

EUVD-2025-205527

A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted...

CVE-2025-15152

A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted...

CVE-2025-15152 h-moses moga-mall PmsProductController.java addProduct unrestricted upload

A vulnerability was identified in h-moses moga-mall up to 392d631a5ef15962a9bddeeb9f1269b9085473fa. This vulnerability affects the function addProduct of the file src/main/java/com/ms/product/controller/PmsProductController.java. Such manipulation of the argument objectName leads to unrestricted...

CVE-2025-15152

CVE-2025-15152 affects the h-moses moga-mall product service, specifically the addProduct function in src/main/java/com/ms/product/controller/PmsProductController.java. The root cause is manipulation of the objectName argument, enabling unrestricted (unbounded) uploads. The issue is exploitable r...

CVE-2025-15142

CVE-2025-15142 affects 9786 phpok3w up to commit 901d96a06809fb28b17f3a4362c59e70411c933c. The vulnerability is an SQL injection in the file show.php caused by manipulation of the ID argument. It can be exploited remotely, and public exploit code exists. The project uses a rolling release, and no...

CVE-2025-15142 9786 phpok3w show.php sql injection

A vulnerability was identified in 9786 phpok3w up to 901d96a06809fb28b17f3a4362c59e70411c933c. Impacted is an unknown function of the file show.php. The manipulation of the argument ID leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly available and...

EUVD-2025-205514

A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...

CVE-2025-15141 Halo Configuration actuator information disclosure

A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high...

EUVD-2025-205506

A security flaw has been discovered in yourmaileyes MOOC up to 1.17. This affects the function subreview of the file mooc/controller/MainController.java of the component Submission Handler. Performing manipulation of the argument review results in cross site scripting. The attack can be initiated...

EUVD-2025-205497

A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack requires a high level of complexity. The...

CVE-2025-15125

A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack can be launched remotely. This attack is...

CVE-2025-15124 JeecgBoot list getParameterMap improper authorization

A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high...

CVE-2025-15123 JeecgBoot datarule improper authorization

A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the file /sys/sysDepartPermission/datarule/. Executing manipulation can lead to improper authorization. It is possible to launch the attack remotely. The attack requires a high level of complexity. The...

CVE-2025-15123

JeecgBoot up to version 3.9.0 contains an authorization flaw in the file/directory path /sys/sysDepartPermission/datarule/ that can be exploited remotely. Root cause is improper authorization in that data rule handling. The vulnerability is described as having high attack complexity and publicly ...

CVE-2025-15122

A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDatarule of the file /sys/sysDepartRole/datarule/. Performing manipulation of the argument departId/roleId results in improper authorization. It is possible to initiate the attack remotely. The attack is...