Skip to main content
CVE-2025-15192 LOW POC Monitor

Command injection in D-Link DWR-M920 firmware up to version 1.1.50 allows authenticated remote attackers to execute arbitrary commands via the fota_url parameter in the /boafrm/formLtefotaUpgradeQuectel endpoint. Public exploit code is available, though EPSS exploitation probability remains low at 0.20% percentile, suggesting limited real-world exploitation despite proof-of-concept availability.

Command Injection D-Link Dwr M920 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-15191 LOW POC Monitor

A weakness has been identified in D-Link DWR-M920 up to 1.1.50. The affected element is the function sub_4155B4 of the file /boafrm/formLtefotaUpgradeFibocom. This manipulation of the argument fota_url causes command injection. Remote exploitation of the attack is possible. The exploit has been made available to the public and could be exploited.

Command Injection D-Link Dwr M920 Firmware
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.2%
CVE-2025-15209 LOW POC Monitor

SQL injection in Refugee Food Management System 1.0 allows authenticated remote attackers to execute arbitrary SQL queries via manipulated a/b/c/d arguments in /home/editfood.php, affecting confidentiality and integrity of stored data. The vulnerability has a public exploit available but carries low real-world risk due to authentication requirement and minimal scope (CVSS 2.1, EPSS 0.05%). Active exploitation is not confirmed in CISA KEV despite public POC availability.

PHP SQLi Refugee Food Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-15170 LOW POC Monitor

Reflected cross-site scripting (XSS) in Advaya Softech GEMS ERP Portal versions up to 2.1 allows remote attackers to inject malicious scripts via the Message parameter in /home.jsp?isError=true, exploitable without authentication or user interaction beyond viewing a crafted link. Public exploit code is available, though the CVSS score of 2.1 reflects limited integrity impact and requirement for user interaction; the vulnerability is unlikely to see widespread exploitation despite public disclosure due to low EPSS score (0.05%).

XSS Gems Erp Portal
NVD VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15205 LOW POC Monitor

SQL injection in Student File Management System 1.0 via the istore_id parameter in /download.php allows authenticated remote attackers to execute arbitrary SQL queries with limited information disclosure impact. The vulnerability requires valid user credentials (PR:L) and has a CVSS score of 2.1 with EPSS exploitation probability of 0.04%, indicating low real-world risk despite public exploit availability.

PHP SQLi Student File Management System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-15187 LOW POC Monitor

A vulnerability was found in GreenCMS up to 2.3. This affects an unknown part of the file /DataController.class.php of the component File Handler. Performing a manipulation of the argument sqlFiles/zipFiles results in path traversal. The attack can be initiated remotely. The exploit has been made public and could be used. This vulnerability only affects products that are no longer supported by the maintainer.

PHP Path Traversal Greencms
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-15197 LOW POC Monitor

A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and News-Buzz 1.0. This vulnerability affects unknown code of the file /admin/editposts.php. Performing manipulation of the argument image results in unrestricted upload. The attack may be initiated remotely. The exploit has been released to the public and may be exploited.

PHP Authentication Bypass File Upload News Buzz Content Management System
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.1%
CVE-2025-15174 LOW POC Monitor

A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Java XSS Cachecloud
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15173 LOW POC Monitor

A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The project was informed of the problem early through an issue report but has not responded yet.

Java XSS Cachecloud
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15172 LOW POC Monitor

A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited. The project was informed of the problem early through an issue report but has not responded yet.

Java XSS Cachecloud
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15171 LOW POC Monitor

Reflected cross-site scripting (XSS) in SohuTV CacheCloud up to version 3.2.0 allows authenticated remote attackers to inject malicious scripts via the index function in ServerController.java, requiring user interaction to execute. The exploit is publicly available on GitHub, though the project maintainers have not responded to early disclosure reports. With an EPSS score of 0.03% and CVSS 2.0 severity, real-world exploitation risk is minimal despite public POC availability.

Java XSS Cachecloud
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15201 LOW POC Monitor

A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Java XSS Cachecloud
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15175 LOW POC Monitor

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Java XSS Cachecloud
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15169 LOW POC Monitor

A weakness has been identified in BiggiDroid Simple PHP CMS 1.0. Affected by this issue is some unknown functionality of the file /admin/editsite.php. Executing a manipulation of the argument ID can lead to sql injection. The attack may be performed from remote. The exploit has been made available to the public and could be used for attacks. The vendor was contacted early about this disclosure but did not respond in any way.

PHP SQLi Simple Php Cms
NVD VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-15200 LOW POC Monitor

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Java XSS Cachecloud
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.1%
CVE-2025-15188 LOW POC Monitor

A vulnerability was determined in Campcodes Complete Online Beauty Parlor Management System 1.0. This vulnerability affects unknown code of the file /admin/search-invoices.php. Executing a manipulation of the argument searchdata can lead to cross site scripting. The attack can be launched remotely. The exploit has been publicly disclosed and may be utilized.

PHP XSS Online Beauty Parlor Management System
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-15204 LOW POC Monitor

Stored cross-site scripting (XSS) in SohuTV CacheCloud up to version 3.2.0 allows high-privileged authenticated users to inject malicious scripts via the doQuartzList function in QuartzManageController.java, affecting users who interact with crafted content. The vulnerability requires high privileges (PR:H) and user interaction (UI:P), limiting real-world impact despite remote network accessibility. Public exploit code is available, but EPSS exploitation probability is exceptionally low at 0.04% (11th percentile), suggesting the attack requires substantial prerequisites unlikely to occur in typical deployments.

Java XSS Cachecloud
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-15203 LOW POC Monitor

A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

Java XSS Cachecloud
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-15202 LOW POC Monitor

Reflected cross-site scripting (XSS) in SohuTV CacheCloud up to version 3.2.0 allows authenticated high-privilege users to inject malicious scripts via the taskQueueList function in TaskController.java, requiring user interaction for exploitation. The vulnerability has publicly available exploit details and a low EPSS score of 0.04%, indicating minimal real-world exploitation risk despite the public disclosure.

Java XSS Cachecloud
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-15199 LOW Monitor

A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Impacted is an unknown function of the file /dashboard/userprofile.php. The manipulation of the argument image leads to unrestricted upload. Remote exploitation of the attack is possible. The exploit has been disclosed publicly and may be used.

PHP Authentication Bypass File Upload College Notes Uploading System
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy