A vulnerability was found in thinkgem JeeSite up to 5.12.0. It has been classified as critical. This affects the function Upload of the file src/main/java/com/jeesite/modules/file/web/FileUploadController.java. The manipulation leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public and may be used. The identifier of the patch is 3585737d21fe490ff6948d913fcbd8d99c41fc08. It is recommended to apply a patch to fix this issue.

CVE Database V5

Detailed information about CVE-2025-7864: Unrestricted Upload in thinkgem JeeSite affecting thinkgem JeeSite. Get real-time updates, technical details, and miti

CVE-2025-7864: Unrestricted Upload in thinkgem JeeSite - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7864: Unrestricted Upload in thinkgem JeeSite

A vulnerability was found in thinkgem JeeSite up to 5.12.0 and classified as problematic. Affected by this issue is the function redirectUrl of the file src/main/java/com/jeesite/common/web/http/ServletUtils.java. The manipulation of the argument url leads to open redirect. The attack may be launched remotely. The name of the patch is 3d06b8d009d0267f0255acc87ea19d29d07cedc3. It is recommended to apply a patch to fix this issue.

Detailed information about CVE-2025-7863: Open Redirect in thinkgem JeeSite affecting thinkgem JeeSite. Get real-time updates, technical details, and mitigation

CVE-2025-7863: Open Redirect in thinkgem JeeSite - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7863: Open Redirect in thinkgem JeeSite

Thor before 1.4.0 can construct an unsafe shell command from library input.

Detailed information about CVE-2025-54314: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rubyonrails Thor

CVE-2025-54314: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rubyonrails Thor - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-54314: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rubyonrails Thor

A vulnerability, which was classified as critical, was found in code-projects Church Donation System 1.0. Affected is an unknown function of the file /members/search.php. The manipulation of the argument Username leads to sql injection. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.

CVE-2025-7861 is a critical SQL Injection vulnerability identified in version 1.0 of the code-projects Church Donation System, specifically within an unspecified function in the /members/search.php file. The vulnerability arises from improper sanitization or validation of the 'Username' parameter, which allows an attacker to inject malicious SQL code remotely without requiring authentication or user interaction. Exploiting this flaw could enable an attacker to manipulate backend database queries, potentially leading to unauthorized data access, data modification, or even complete compromise of the underlying database. The vulnerability has a CVSS 4.0 base score of 6.9, indicating a medium severity level, with an attack vector that is network-based and requires no privileges or user interaction. The impact on confidentiality, integrity, and availability is limited but present, as the vulnerability allows partial compromise of data. Although no public exploits are currently known in the wild, the disclosure of the exploit code increases the risk of exploitation. The absence of patches or mitigation links suggests that the vendor has not yet released an official fix, making affected systems vulnerable until remediated.

Detailed information about CVE-2025-7861: SQL Injection in code-projects Church Donation System affecting code-projects Church Donation System. Get real-time up

CVE-2025-7861: SQL Injection in code-projects Church Donation System - Live Threat Intelligence - Threat Radar | OffSeq.com

CVE-2025-7861: SQL Injection in code-projects Church Donation System

A vulnerability has been found in TOTOLINK T6 4.1.5cu.748_B20211015 and classified as critical. Affected by this vulnerability is the function setTelnetCfg of the file /cgi-bin/cstecgi.cgi of the component Telnet Service. The manipulation of the argument telnet_enabled with the input 1 leads to missing authentication. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.

Detailed information about CVE-2025-7862: Missing Authentication in TOTOLINK T6 affecting TOTOLINK T6. Get real-time updates, technical details, and mitigation 

CVE-2025-7862: Missing Authentication in TOTOLINK T6

CVE-2025-7862: Missing Authentication in TOTOLINK T6

Description

Technical Details

Related Threats

CVE-2025-7864: Unrestricted Upload in thinkgem JeeSite

CVE-2025-7863: Open Redirect in thinkgem JeeSite

CVE-2025-54314: CWE-78 Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') in rubyonrails Thor

CVE-2025-7861: SQL Injection in code-projects Church Donation System

CVE-2025-53770: CWE-502: Deserialization of Untrusted Data in Microsoft Microsoft SharePoint Enterprise Server 2016

Actions

External Links

Need enhanced features?

Latest Threats

Keyboard Shortcuts

Navigation

Search & Filters

UI Controls

Accessibility