A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side Request Forgery (SSRF) and arbitrary file reading. The vulnerability stems from improper handling of user-supplied URLs in the "file_get_contents" function within the "save.php" file.

CVE Database V5

Detailed information about CVE-2024-25181: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2024-25181: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-25181: n/a

A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

Detailed information about CVE-2025-15202: Cross Site Scripting in SohuTV CacheCloud affecting SohuTV CacheCloud. Get real-time updates, technical details, and 

CVE-2025-15202: Cross Site Scripting in SohuTV CacheCloud - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-15202: Cross Site Scripting in SohuTV CacheCloud

A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic algorithm, enabling an adjacent attacker to intercept and decrypt SSH traffic. Exploitation may expose sensitive information and compromise confidentiality.

Detailed information about CVE-2025-14175: CWE-327 Use of a Broken or Risky Cryptographic Algorithm in TP-Link Systems Inc. TL-WR820N v2.8 affecting TP-Link Sys

CVE-2025-14175: CWE-327 Use of a Broken or Risky Cryptographic Algorithm in TP-Link Systems Inc. TL-WR820N v2.8 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-14175: CWE-327 Use of a Broken or Risky Cryptographic Algorithm in TP-Link Systems Inc. TL-WR820N v2.8

DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/dede/makehtml_list_action.php.

Detailed information about CVE-2024-30855: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2024-30855: n/a - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2024-30855: n/a

Axios Cache Interceptor is a cache interceptor for axios. Prior to version 1.11.1, when a server calls an upstream service using different auth tokens, axios-cache-interceptor returns incorrect cached responses, leading to authorization bypass. The cache key is generated only from the URL, ignoring request headers like `Authorization`. When the server responds with `Vary: Authorization` (indicating the response varies by auth token), the library ignores this, causing all requests to share the same cache regardless of authorization. Server-side applications (APIs, proxies, backend services) that use axios-cache-interceptor to cache requests to upstream services, handle requests from multiple users with different auth tokens, and upstream services replies on `Vary` to differentiate caches are affected. Browser/client-side applications (single user per browser session) are not affected. Services using different auth tokens to call upstream services will return incorrect cached data, bypassing authorization checks and leaking user data across different authenticated sessions. After `v1.11.1`, automatic `Vary` header support is now enabled by default. When server responds with `Vary: Authorization`, cache keys now include the authorization header value. Each user gets their own cache.

Detailed information about CVE-2025-69202: CWE-524: Use of Cache Containing Sensitive Information in arthurfiorette axios-cache-interceptor affecting arthurfior

CVE-2025-69202: CWE-524: Use of Cache Containing Sensitive Information in arthurfiorette axios-cache-interceptor - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-69202: CWE-524: Use of Cache Containing Sensitive Information in arthurfiorette axios-cache-interceptor

Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8.

Detailed information about CVE-2025-66877: n/a. Get real-time updates, technical details, and mitigation strategies.

CVE-2025-66877: n/a

CVE-2025-66877: n/a

Description

Technical Details

Community Reviews

Related Threats

CVE-2024-25181: n/a

CVE-2025-15202: Cross Site Scripting in SohuTV CacheCloud

CVE-2025-14175: CWE-327 Use of a Broken or Risky Cryptographic Algorithm in TP-Link Systems Inc. TL-WR820N v2.8

CVE-2024-30855: n/a

CVE-2025-69202: CWE-524: Use of Cache Containing Sensitive Information in arthurfiorette axios-cache-interceptor

Actions

External Links

Need more coverage?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility