CVE-2025-6007 - A vulnerability, which was classified as critical, was found in kiCode111 like-girl 5.2.0. Affected is an unknown function of the file /admin/CopyadminPost.php. The manipulation of the argument icp/Copyright leads to sql injection. It is possible ... read CVE-2025-6007
Published: June 11, 2025; 10:15:27 PM -0400

V3.1: 7.2 HIGH

CVE-2025-6008 - A vulnerability has been found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /admin/ImgAddPost.php. The manipulation of the argument imgDatd/imgText/imgUrl leads to ... read CVE-2025-6008
Published: June 11, 2025; 10:15:27 PM -0400

V3.1: 7.2 HIGH

CVE-2025-6009 - A vulnerability was found in kiCode111 like-girl 5.2.0 and classified as critical. Affected by this issue is some unknown functionality of the file /admin/ipAddPost.php. The manipulation of the argument bz/ipdz leads to sql injection. The attack m... read CVE-2025-6009
Published: June 11, 2025; 11:15:26 PM -0400

V3.1: 7.2 HIGH

CVE-2025-6151 - A vulnerability, which was classified as critical, has been found in TP-Link TL-WR940N V4. Affected by this issue is some unknown functionality of the file /userRpm/WanSlaacCfgRpm.htm. The manipulation of the argument dnsserver1 leads to buffer ov... read CVE-2025-6151
Published: June 16, 2025; 9:15:23 PM -0400

CVE-2025-45879 - A cross-site scripting (XSS) vulnerability in the e-mail manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload.
Published: June 17, 2025; 12:15:32 PM -0400

CVE-2025-45878 - A cross-site scripting (XSS) vulnerability in the report manager function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload.
Published: June 17, 2025; 1:15:33 PM -0400

CVE-2025-45880 - A cross-site scripting (XSS) vulnerability in the data resource management function of Miliaris Amigdala v2.2.6 allows attackers to execute arbitrary HTML in the context of a user's browser via a crafted payload.
Published: June 17, 2025; 1:15:33 PM -0400

CVE-2025-44612 - Tinxy WiFi Lock Controller v1 RF was discovered to transmit sensitive information in plaintext, including control information and device credentials, allowing attackers to possibly intercept and access sensitive information via a man-in-the-middle... read CVE-2025-44612
Published: May 29, 2025; 11:15:20 PM -0400

CVE-2025-44614 - Tinxy WiFi Lock Controller v1 RF was discovered to store users' sensitive information, including credentials and mobile phone numbers, in plaintext.
Published: May 29, 2025; 11:15:20 PM -0400

CVE-2025-44619 - Tinxy WiFi Lock Controller v1 RF was discovered to be configured to transmit on an open Wi-Fi network, allowing attackers to join the network without authentication.
Published: May 29, 2025; 11:15:20 PM -0400

CVE-2025-44906 - jhead v3.08 was discovered to contain a heap-use-after-free via the ProcessFile function at jhead.c.
Published: May 30, 2025; 12:15:46 AM -0400

CVE-2025-48887 - vLLM, an inference and serving engine for large language models (LLMs), has a Regular Expression Denial of Service (ReDoS) vulnerability in the file `vllm/entrypoints/openai/tool_parsers/pythonic_tool_parser.py` of versions 0.6.4 up to but excludi... read CVE-2025-48887
Published: May 30, 2025; 2:15:32 PM -0400

CVE-2025-45474 - maccms10 v2025.1000.4047 is vulnerable to Server-side request forgery (SSRF) in Email Settings.
Published: May 29, 2025; 12:15:40 PM -0400

CVE-2025-5136 - A vulnerability, which was classified as problematic, was found in Tmall Demo up to 20250505. This affects an unknown part of the file /tmall/order/pay/ of the component Payment Identifier Handler. The manipulation leads to insufficiently random v... read CVE-2025-5136
Published: May 24, 2025; 8:15:23 PM -0400

CVE-2022-43840 - IBM Aspera Console 3.4.0 through 3.4.4 is vulnerable to an XPath injection vulnerability, which could allow an authenticated attacker to exfiltrate sensitive application data and/or determine the structure of the XML document.
Published: April 14, 2025; 5:15:16 PM -0400

CVE-2025-32790 - Dify is an open-source LLM app development platform. In versions 0.6.8 and prior, a vulnerability was identified in the DIFY AI where normal users are improperly granted permissions to export APP DSL. The feature in '/export' should only allow adm... read CVE-2025-32790
Published: April 18, 2025; 9:15:58 AM -0400

V3.1: 4.3 MEDIUM

CVE-2025-32795 - Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users are improperly granted permissions to edit APP names, descriptions and icons. This access control flaw allo... read CVE-2025-32795
Published: April 18, 2025; 12:15:23 PM -0400

CVE-2025-29058 - An issue in Qimou CMS v.3.34.0 allows a remote attacker to execute arbitrary code via the upgrade.php component.
Published: April 18, 2025; 5:15:43 PM -0400

CVE-2025-29339 - An issue in UPF in Open5GS UPF versions up to v2.7.2 results an assertion failure vulnerability in PFCP session parameter validation. When processing a PFCP Session Establishment Request with PDN Type=0, the UPF fails to handle the invalid value p... read CVE-2025-29339
Published: April 22, 2025; 1:16:46 PM -0400

CVE-2023-44755 - Sacco Management system v1.0 was discovered to contain a SQL injection vulnerability via the password parameter at /sacco/ajax.php.
Published: April 22, 2025; 2:15:58 PM -0400