A vulnerability, which was classified as critical, was found in thinkgem JeeSite up to 5.12.0. This affects an unknown part of the file modules/core/src/main/java/com/jeesite/common/ueditor/ActionEnter.java of the component UEditor Image Grabber. The manipulation of the argument Source leads to server-side request forgery. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 1c5e49b0818037452148e0f8ff69ed04cb8fefdc. It is recommended to apply a patch to fix this issue.

CVE Database V5

Detailed information about CVE-2025-7759: Server-Side Request Forgery in thinkgem JeeSite affecting thinkgem JeeSite. Get real-time updates, technical details, 

CVE-2025-7759: Server-Side Request Forgery in thinkgem JeeSite - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7759: Server-Side Request Forgery in thinkgem JeeSite

A vulnerability classified as critical was found in PHPGurukul Land Record System 1.0. Affected by this vulnerability is an unknown functionality of the file /edit-property.php. The manipulation of the argument editid leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7757 is a critical SQL Injection vulnerability identified in version 1.0 of the PHPGurukul Land Record System, specifically within the /edit-property.php file. The vulnerability arises from improper sanitization and validation of the 'editid' parameter, which is directly used in SQL queries without adequate protection. This flaw allows an unauthenticated remote attacker to inject malicious SQL code, potentially manipulating the backend database. Exploitation can lead to unauthorized data access, modification, or deletion, compromising the confidentiality, integrity, and availability of the land record data. The vulnerability does not require any user interaction or authentication, making it highly accessible to attackers. Although the CVSS 4.0 score is 6.9 (medium severity), the potential impact on sensitive land records and administrative data elevates the risk profile. The exploit has been publicly disclosed, increasing the likelihood of exploitation attempts. No official patches have been released yet, and the affected system is widely used in land management contexts, where data integrity is critical for legal and administrative processes.

Detailed information about CVE-2025-7757: SQL Injection in PHPGurukul Land Record System affecting PHPGurukul Land Record System. Get real-time updates, technic

CVE-2025-7757: SQL Injection in PHPGurukul Land Record System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7757: SQL Injection in PHPGurukul Land Record System

A vulnerability, which was classified as critical, has been found in TOTOLINK T6 up to 4.1.5cu.748_B20211015. Affected by this issue is the function setDiagnosisCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ip leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7758 is a critical buffer overflow vulnerability identified in the TOTOLINK T6 router firmware versions up to 4.1.5cu.748_B20211015. The flaw exists in the HTTP POST request handler component, specifically within the setDiagnosisCfg function of the /cgi-bin/cstecgi.cgi endpoint. An attacker can exploit this vulnerability by manipulating the 'ip' argument in the HTTP POST request, causing a buffer overflow. This overflow can potentially allow remote code execution or denial of service without requiring user interaction or authentication. The vulnerability has a CVSS 4.0 base score of 8.7, indicating high severity due to its network attack vector, low attack complexity, no privileges or user interaction needed, and high impact on confidentiality, integrity, and availability. Although no public exploits are currently known to be actively used in the wild, the exploit code has been disclosed publicly, increasing the risk of exploitation. The vulnerability affects a widely deployed consumer and small business router model, which is often used to provide network connectivity and routing services. Exploitation could lead to full compromise of the device, enabling attackers to intercept, manipulate, or disrupt network traffic, pivot into internal networks, or launch further attacks against connected systems.

Detailed information about CVE-2025-7758: Buffer Overflow in TOTOLINK T6 affecting TOTOLINK T6. Get real-time updates, technical details, and mitigation strateg

CVE-2025-7758: Buffer Overflow in TOTOLINK T6 - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7758: Buffer Overflow in TOTOLINK T6

A vulnerability classified as problematic has been found in code-projects E-Commerce Site 1.0. Affected is an unknown function. The manipulation leads to cross-site request forgery. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7756 is a Cross-Site Request Forgery (CSRF) vulnerability identified in version 1.0 of the code-projects E-Commerce Site. CSRF vulnerabilities allow an attacker to trick an authenticated user into submitting a forged request to a web application, potentially causing unintended actions on behalf of the user without their consent. In this case, the vulnerability affects an unspecified function within the e-commerce platform, enabling remote attackers to exploit the flaw without requiring any privileges or authentication. The CVSS 4.0 base score of 5.3 (medium severity) reflects that the attack vector is network-based (AV:N), requires no privileges (PR:N), and no user authentication (AT:N), but does require user interaction (UI:P), such as the victim clicking a malicious link or visiting a crafted webpage. The impact on confidentiality is none, but there is a low impact on integrity and availability, indicating that the attacker could cause limited unauthorized changes or disruptions. The vulnerability has been publicly disclosed, but no known exploits are currently reported in the wild. Since the affected function is unspecified, the exact scope of potential malicious actions is unclear, but typical CSRF attacks on e-commerce sites could include unauthorized transactions, changes to user account settings, or manipulation of shopping carts. The lack of patch links suggests that a fix may not yet be available, increasing the urgency for mitigation.

Detailed information about CVE-2025-7756: Cross-Site Request Forgery in code-projects E-Commerce Site affecting code-projects E-Commerce Site. Get real-time upd

CVE-2025-7756: Cross-Site Request Forgery in code-projects E-Commerce Site - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7756: Cross-Site Request Forgery in code-projects E-Commerce Site

Brocade ASCG before 3.3.0 allows for the use of medium strength cryptography algorithms on internal ports ports 9000 and 8036.

Detailed information about CVE-2025-7398: CWE-326: Inadequate Encryption Strength in Broadcom Brocade ASCG affecting Broadcom Brocade ASCG. Get real-time update

CVE-2025-7398: CWE-326: Inadequate Encryption Strength in Broadcom Brocade ASCG

CVE-2025-7398: CWE-326: Inadequate Encryption Strength in Broadcom Brocade ASCG

Description

Technical Details

Related Threats

CVE-2025-7759: Server-Side Request Forgery in thinkgem JeeSite

CVE-2025-7757: SQL Injection in PHPGurukul Land Record System

CVE-2025-7758: Buffer Overflow in TOTOLINK T6

CVE-2025-7756: Cross-Site Request Forgery in code-projects E-Commerce Site

CVE-2025-7755: Unrestricted Upload in code-projects Online Ordering System

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility