Common Vulnerabilities and Exposures (CVE)

CVE-2025-15172

Dec 29, 2025 17:51:46 UTC

A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scrip...

CVE-2025-15173

Dec 29, 2025 17:50:08 UTC

A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipulation causes cross site scripting. The a...

CVE-2025-68973

Dec 29, 2025 17:45:19 UTC

In GnuPG through 2.4.8, armor_filter in g10/armor.c has two increments of an index variable where one is intended, leading to an out-of-bounds write for crafted input. (For ExtendedLTS, 2.2.51 and later are fixed versions.)

CVE-2025-15068

Dec 29, 2025 17:36:55 UTC

Missing Authorization vulnerability in Gmission Web Fax allows Privilege Abuse, Session Credential Falsification through Manipulation.This issue affects Web Fax: from 3.0 before 4.0.

CVE-2025-15066

Dec 29, 2025 17:35:49 UTC

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal'), Missing Authorization vulnerability in Innorix WP allows Path Traversal.This issue affects Innorix WP from All versions If the "exam" directory exists under the...

CVE-2025-15198

Dec 29, 2025 17:32:05 UTC

A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing manipulation of the argument User can lead to sql injection. The attack may be ...

CVE-2025-15067

Dec 29, 2025 17:31:32 UTC

Unrestricted Upload of File with Dangerous Type vulnerability in Innorix Innorix WP allows Upload a Web Shell to a Web Server.This issue affects Innorix WP from All versions If the "exam" directory exists under the directory where the produ...

CVE-2025-66877

Dec 29, 2025 17:25:42 UTC

Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8.

CVE-2025-55064

Dec 29, 2025 17:23:31 UTC

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

CVE-2025-68861

Dec 29, 2025 17:23:08 UTC

Missing Authorization vulnerability in Plugin Optimizer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Plugin Optimizer: from n/a through 1.3.7.

CVE-2025-7195

Dec 29, 2025 17:23:05 UTC

Early versions of Operator-SDK provided an insecure method to allow operator containers to run in environments that used a random UID. Operator-SDK before 0.15.2 provided a script, user_setup, which modifies the permissions of the /etc/pass...

CVE-2025-15069

Dec 29, 2025 17:22:58 UTC

Improper Authentication vulnerability in Gmission Web Fax allows Privilege Escalation.This issue affects Web Fax: from 3.0 before 4.0.

CVE-2025-15136

Dec 29, 2025 17:20:27 UTC

A security vulnerability has been detected in TRENDnet TEW-800MB 1.0.1.0. Affected is the function do_setWizard_asp of the file /goform/wizardset of the component Management Interface. The manipulation of the argument WizardConfigured leads...

CVE-2025-55063

Dec 29, 2025 17:19:52 UTC

CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting')

CVE-2025-15137

Dec 29, 2025 17:19:47 UTC

A vulnerability was detected in TRENDnet TEW-800MB 1.0.1.0. Affected by this vulnerability is the function sub_F934  of the file NTPSyncWithHost.cgi. The manipulation results in command injection. The attack may be launched remotely. The ex...