Security Vulnerabilities
kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in /osms/Requester/Requesterchangepass.php via the parameter: rPassword.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-05-05
kashipara Online Service Management Portal V1.0 is vulnerable to SQL Injection in osms/Requester/CheckStatus.php via the checkid parameter.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-05-05
CVE-2025-27920
Output Messenger before 2.0.63 was vulnerable to a directory traversal attack through improper file path handling. By using ../ sequences in parameters, attackers could access sensitive files outside the intended directory, potentially leading to configuration leakage or arbitrary file access.
Known exploited
CVSS Score
7.2
EPSS Score
0.702
Published
2025-05-05
SourceCodester Web Based Pharmacy Product Management System 1.0 is vulnerable to Cross Site Scripting (XSS) in add-admin.php via the Fullname text field.
CVSS Score
6.1
EPSS Score
0.0
Published
2025-05-05
A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been classified as problematic. Affected is an unknown function of the file /cgi-bin/cstecgi.cgi of the component Config Handler. The manipulation of the argument topicurl with the input getInitCfg/getSysStatusCfg leads to information disclosure. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-05-05
A vulnerability was found in TOTOLINK A720R 4.1.5cu.374. It has been declared as problematic. Affected by this vulnerability is an unknown functionality of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input showSyslog leads to information disclosure. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.3
EPSS Score
0.001
Published
2025-05-05
A vulnerability was found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This issue affects some unknown processing of the file /cgi-bin/cstecgi.cgi of the component Log Handler. The manipulation of the argument topicurl with the input clearDiagnosisLog/clearSyslog/clearTracerouteLog leads to improper access controls. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-05-05
A vulnerability has been found in TOTOLINK A720R 4.1.5cu.374 and classified as critical. This vulnerability affects unknown code of the file /cgi-bin/cstecgi.cgi. The manipulation of the argument topicurl with the input RebootSystem leads to missing authentication. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-05-05
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in AlphaEfficiencyTeam Custom Login and Registration allows Stored XSS.This issue affects Custom Login and Registration: from n/a through 1.0.0.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-05-05
The Newsletter WordPress plugin before 8.7.1 does not sanitise and escape some of its settings, which could allow high privilege users such as admin to perform Stored Cross-Site Scripting attacks even when the unfiltered_html capability is disallowed (for example in multisite setup).
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-05