VulDB Recent Entries

A vulnerability classified as problematic was found in SohuTV CacheCloud up to 3.2.0. Affected is the function doQuartzList of the file src/main/java/com/sohu/cache/web/controller/QuartzManageController.java. Executing manipulation can lead to cross site scripting. This vulnerability is registered as CVE-2025-15204. It is possible to launch the attack remotely. Furthermore, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability classified as problematic has been found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation results in cross site scripting. This vulnerability is cataloged as CVE-2025-15203. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability described as problematic has been identified in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross site scripting. This vulnerability is listed as CVE-2025-15202. The attack may be performed from remote. In addition, an exploit is available. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability marked as problematic has been reported in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. This vulnerability is tracked as CVE-2025-15201. The attack is possible to be carried out remotely. Moreover, an exploit is present. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability labeled as problematic has been found in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scripting. This vulnerability is identified as CVE-2025-15200. The attack can be executed remotely. Additionally, an exploit exists. The project was informed of the problem early through an issue report but has not responded yet.

A vulnerability identified as critical has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. This vulnerability is referenced as CVE-2025-15199. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability categorized as critical has been discovered in code-projects College Notes Uploading System 1.0. This issue affects some unknown processing of the file /login.php. Executing manipulation of the argument User can lead to sql injection. The identification of this vulnerability is CVE-2025-15198. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability was found in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. It has been rated as critical. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. This vulnerability was named CVE-2025-15197. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability was found in code-projects Assessment Management 1.0. It has been declared as critical. This affects an unknown part of the file login.php. Such manipulation of the argument userid leads to sql injection. This vulnerability is uniquely identified as CVE-2025-15196. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability was found in code-projects Assessment Management 1.0. It has been classified as critical. Affected by this issue is some unknown functionality of the file /admin/add-module.php. This manipulation of the argument linked[] causes sql injection. This vulnerability is handled as CVE-2025-15195. The attack can be initiated remotely. Additionally, an exploit exists.

A vulnerability was found in D-Link DIR-600 up to 2.15WWb02 and classified as critical. Affected by this vulnerability is an unknown functionality of the file hedwig.cgi of the component HTTP Header Handler. The manipulation of the argument Cookie results in stack-based buffer overflow. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is known as CVE-2025-15194. It is possible to launch the attack remotely. Furthermore, an exploit is available.

A vulnerability has been found in Campcodes Supplier Management System 1.0 and classified as critical. Affected is an unknown function of the file /admin/view_products.php. The manipulation of the argument chkId[] leads to sql injection. This vulnerability is traded as CVE-2025-15207. It is possible to initiate the attack remotely. Furthermore, there is an exploit available.

A vulnerability, which was classified as critical, was found in Campcodes Supplier Management System 1.0. This impacts an unknown function of the file /admin/add_area.php. Executing manipulation of the argument txtAreaCode can lead to sql injection. This vulnerability appears as CVE-2025-15206. The attack may be performed from remote. In addition, an exploit is available.

A vulnerability, which was classified as critical, has been found in D-Link DWR-M920 up to 1.1.50. This affects the function sub_423848 of the file /boafrm/formParentControl. Performing manipulation of the argument submit-url results in buffer overflow. This vulnerability is reported as CVE-2025-15193. The attack is possible to be carried out remotely. Moreover, an exploit is present.

A vulnerability classified as critical was found in D-Link DWR-M920 up to 1.1.50. The impacted element is the function sub_415328 of the file /boafrm/formLtefotaUpgradeQuectel. Such manipulation of the argument fota_url leads to command injection. This vulnerability is documented as CVE-2025-15192. The attack can be executed remotely. Additionally, an exploit exists.

A vulnerability classified as critical has been found in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. This vulnerability is registered as CVE-2025-15191. Remote exploitation of the attack is possible. Furthermore, an exploit is available.

A vulnerability described as critical has been identified in D-Link DWR-M920 up to 1.1.50. Impacted is the function sub_42261C of the file /boafrm/formFilter. The manipulation of the argument ip6addr results in stack-based buffer overflow. This vulnerability is cataloged as CVE-2025-15190. The attack may be launched remotely. Furthermore, there is an exploit available.

A vulnerability marked as critical has been reported in D-Link DWR-M920 up to 1.1.50. This issue affects the function sub_464794 of the file /boafrm/formDefRoute. The manipulation of the argument submit-url leads to buffer overflow. This vulnerability is listed as CVE-2025-15189. The attack may be initiated remotely. In addition, an exploit is available.

A vulnerability labeled as problematic has been found in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing manipulation of the argument searchdata can lead to cross site scripting. This vulnerability is tracked as CVE-2025-15188. The attack can be launched remotely. Moreover, an exploit is present.

A vulnerability identified as critical has been detected in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing manipulation of the argument sqlFiles/zipFiles results in path traversal. This vulnerability only affects products that are no longer supported by the maintainer. This vulnerability is identified as CVE-2025-15187. The attack can be initiated remotely. Additionally, an exploit exists.