CVE Vulnerability Database

Search and browse 235 known security vulnerabilities. Filter by severity, vendor, product, and year.

235 vulnerabilities found
CVE-2025-15284
3.7 low

Improper Input Validation vulnerability in qs (parse modules) allows HTTP DoS.This issue affects qs: < 6.14.1. Summary The arrayLimit option in qs did not enforce limits for bracket notation (a[]=1&a[]=2), only for indexed notation (a[0]=1). This is a consistency bug; arrayLimit should apply unif

Qs Project Qs Dec 29, 2025
CVE-2025-15204
2.4 low

A vulnerability was determined in SohuTV CacheCloud up to 3.2.0. Affected is the function doQuartzList of the file src/main/java/com/sohu/cache/web/controller/QuartzManageController.java. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The explo

Sohu Cachecloud Dec 29, 2025
CVE-2025-15203
2.4 low

A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been m

Sohu Cachecloud Dec 29, 2025
CVE-2025-15202
2.4 low

A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclos

Sohu Cachecloud Dec 29, 2025
CVE-2025-15201
3.5 low

A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The explo

Sohu Cachecloud Dec 29, 2025
CVE-2025-15200
2.4 low

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scr

Sohu Cachecloud Dec 29, 2025
CVE-2025-66861
2.5 low

An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allowing attackers to cause a denial of service via crafted PE file.

Gnu Binutils Dec 29, 2025
CVE-2025-15188
2.4 low

A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotely.

Campcodes Online Beauty Parlor Management System Dec 29, 2025
CVE-2025-15187
3.8 low

A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing a manipulation of the argument sqlFiles/zipFiles results in path traversal. The attack can be initiated remotely. The exploit has been made pu

Njtech Greencms Dec 29, 2025
CVE-2025-15175
3.5 low

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attac

Sohu Cachecloud Dec 29, 2025
CVE-2025-15174
3.5 low

A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross site scripting. The attack may be performed fr

Sohu Cachecloud Dec 29, 2025
CVE-2025-15173
3.5 low

A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit ha

Sohu Cachecloud Dec 29, 2025
CVE-2025-15172
3.5 low

A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has b

Sohu Cachecloud Dec 29, 2025
CVE-2025-15171
3.5 low

A vulnerability was identified in SohuTV CacheCloud up to 3.2.0. This affects the function index of the file src/main/java/com/sohu/cache/web/controller/ServerController.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly avail

Sohu Cachecloud Dec 29, 2025
CVE-2025-15153
3.7 low

A weakness has been identified in PbootCMS up to 3.2.12. Impacted is an unknown function of the file /data/pbootcms.db of the component SQLite Database. Executing a manipulation can lead to files or directories accessible. It is possible to launch the attack remotely. Attacks of this nature are high

Pbootcms Pbootcms Dec 28, 2025
CVE-2025-15151
3.7 low

A vulnerability was determined in TaleLin Lin-CMS up to 0.6.0. This affects an unknown part of the file /tests/config.py of the component Tests Folder. This manipulation of the argument username/password causes password in configuration file. The attack is possible to be carried out remotely. The co

Dec 28, 2025
CVE-2025-15149
2.4 low

A vulnerability has been found in rawchen ecms up to b59d7feaa9094234e8aa6c8c6b290621ca575ded. Affected by this vulnerability is the function updateProductServlet of the file src/servlet/product/updateProductServlet.java of the component Add New Product Page. The manipulation of the argument product

Dec 28, 2025
CVE-2025-15146
2.4 low

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function doUserList of the file src/main/java/com/sohu/cache/web/controller/UserManageController.java. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit is now pub

Sohu Cachecloud Dec 28, 2025
CVE-2025-15145
2.4 low

A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. This affects the function doTotalList of the file src/main/java/com/sohu/cache/web/controller/TotalManageController.java. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has

Sohu Cachecloud Dec 28, 2025
CVE-2025-15141
3.1 low

A vulnerability was determined in Halo up to 2.21.10. This issue affects some unknown processing of the file /actuator of the component Configuration Handler. Executing a manipulation can lead to information disclosure. The attack may be performed from remote. This attack is characterized by high co

Halo Halo Dec 28, 2025
CVE-2025-15134
3.5 low

A security flaw has been discovered in yourmaileyes MOOC up to 1.17. This affects the function subreview of the file mooc/controller/MainController.java of the component Submission Handler. Performing manipulation of the argument review results in cross site scripting. The attack can be initiated re

Dec 28, 2025
CVE-2025-15126
3.1 low

A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the function getPositionUserList of the file /sys/position/getPositionUserList. This manipulation of the argument positionId causes improper authorization. The attack may be initiated remotely. The complexity

Jeecg Jeecg Boot Dec 28, 2025
CVE-2025-15125
3.1 low

A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartPermission of the file /sys/permission/queryDepartPermission. The manipulation of the argument departId results in improper authorization. The attack can be launched remotely. This attack is characteriz

Jeecg Jeecg Boot Dec 28, 2025
CVE-2025-15124
3.1 low

A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap of the file /sys/sysDepartPermission/list. The manipulation of the argument departId leads to improper authorization. The attack can be initiated remotely. The attack's complexity is rated as high. The

Jeecg Jeecg Boot Dec 28, 2025