sohu CVE Vulnerabilities & Metrics

Focus on sohu vulnerabilities and metrics.

Last updated: 16 Jan 2026, 23:25 UTC

About sohu Security Exposure

This page consolidates all known Common Vulnerabilities and Exposures (CVEs) associated with sohu. We track both calendar-based metrics (using fixed periods) and rolling metrics (using gliding windows) to give you a comprehensive view of security trends and risk evolution. Use these insights to assess risk and plan your patching strategy.

For a broader perspective on cybersecurity threats, explore the comprehensive list of CVEs by vendor and product. Stay updated on critical vulnerabilities affecting major software and hardware providers.

Global CVE Overview

Total sohu CVEs: 16
Earliest CVE date: 30 Nov 2023, 21:15 UTC
Latest CVE date: 30 Dec 2025, 05:16 UTC

Latest CVE reference: CVE-2025-15221

Rolling Stats

30-day Count (Rolling): 15
365-day Count (Rolling): 15

Calendar-based Variation

Calendar-based Variation compares a fixed calendar period (e.g., this month versus the same month last year), while Rolling Growth Rate uses a continuous window (e.g., last 30 days versus the previous 30 days) to capture trends independent of calendar boundaries.

Variations & Growth

Month Variation (Calendar): 0%
Year Variation (Calendar): 0%

Month Growth Rate (30-day Rolling): 0.0%
Year Growth Rate (365-day Rolling): 0.0%

Monthly CVE Trends (current vs previous Year)

Annual CVE Trends (Last 20 Years)

Critical sohu CVEs (CVSS ≥ 9) Over 20 Years

CVSS Stats

Average CVSS: 3.55

Max CVSS: 5.0

Critical CVEs (≥9): 0

CVSS Range vs. Count

Range	Count
0.0-3.9	7
4.0-6.9	9
7.0-8.9	0
9.0-10.0	0

CVSS Distribution Chart

Top 5 Highest CVSS sohu CVEs

These are the five CVEs with the highest CVSS scores for sohu, sorted by severity first and recency.

CVE-2025-15220 sohu Published on 30 Dec 2025, 05:16 UTC (CVSS: 5.0)
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.
CVE-2025-15221 sohu Published on 30 Dec 2025, 05:16 UTC (CVSS: 4.0)
A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue rep...
CVE-2025-15219 sohu Published on 30 Dec 2025, 04:15 UTC (CVSS: 4.0)
A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doMachineList/doPodList of the file src/main/java/com/sohu/cache/web/controller/MachineManageController.java. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of ...
CVE-2025-15201 sohu Published on 29 Dec 2025, 19:15 UTC (CVSS: 4.0)
A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The project was informed of the problem early through an i...
CVE-2025-15175 sohu Published on 29 Dec 2025, 06:15 UTC (CVSS: 4.0)
A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used. The project was informed of the problem ea...

All CVEs for sohu

CVE-2025-15221 sohu vulnerability CVSS: 4.0 30 Dec 2025, 05:16 UTC

A flaw has been found in SohuTV CacheCloud up to 3.2.0. This vulnerability affects the function index of the file src/main/java/com/sohu/cache/web/controller/AppDataMigrateController.java. This manipulation causes cross site scripting. Remote exploitation of the attack is possible. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15220 sohu vulnerability CVSS: 5.0 30 Dec 2025, 05:16 UTC

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This affects the function init of the file src/main/java/com/sohu/cache/web/controller/LoginController.java. The manipulation results in cross site scripting. The attack may be launched remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15219 sohu vulnerability CVSS: 4.0 30 Dec 2025, 04:15 UTC

A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doMachineList/doPodList of the file src/main/java/com/sohu/cache/web/controller/MachineManageController.java. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15204 sohu vulnerability CVSS: 3.3 29 Dec 2025, 21:15 UTC

A vulnerability was determined in SohuTV CacheCloud up to 3.2.0. Affected is the function doQuartzList of the file src/main/java/com/sohu/cache/web/controller/QuartzManageController.java. Executing manipulation can lead to cross site scripting. It is possible to launch the attack remotely. The exploit has been publicly disclosed and may be utilized. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15203 sohu vulnerability CVSS: 3.3 29 Dec 2025, 20:15 UTC

A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the file src/main/java/com/sohu/cache/web/controller/ResourceController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit has been made public and could be used. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15202 sohu vulnerability CVSS: 3.3 29 Dec 2025, 20:15 UTC

A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueueList of the file src/main/java/com/sohu/cache/web/controller/TaskController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed to the public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15201 sohu vulnerability CVSS: 4.0 29 Dec 2025, 19:15 UTC

A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redirectNoPower of the file src/main/java/com/sohu/cache/web/controller/WebResourceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been published and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15200 sohu vulnerability CVSS: 3.3 29 Dec 2025, 19:15 UTC

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function getExceptionStatisticsByClient/getCommandStatisticsByClient/doIndex of the file src/main/java/com/sohu/cache/web/controller/AppClientDataShowController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15175 sohu vulnerability CVSS: 4.0 29 Dec 2025, 06:15 UTC

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. Affected by this issue is the function doAppList/appCommandAnalysis of the file src/main/java/com/sohu/cache/web/controller/AppController.java. Performing manipulation results in cross site scripting. It is possible to initiate the attack remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15174 sohu vulnerability CVSS: 4.0 29 Dec 2025, 06:15 UTC

A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. Affected by this vulnerability is the function doAppAuditList of the file src/main/java/com/sohu/cache/web/controller/AppManageController.java. Such manipulation leads to cross site scripting. The attack may be performed from remote. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15173 sohu vulnerability CVSS: 4.0 29 Dec 2025, 05:16 UTC

A weakness has been identified in SohuTV CacheCloud up to 3.2.0. Affected is the function advancedAnalysis of the file src/main/java/com/sohu/cache/web/controller/InstanceController.java. This manipulation causes cross site scripting. The attack is possible to be carried out remotely. The exploit has been made available to the public and could be exploited. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15172 sohu vulnerability CVSS: 4.0 29 Dec 2025, 05:15 UTC

A security flaw has been discovered in SohuTV CacheCloud up to 3.2.0. This impacts the function preview of the file src/main/java/com/sohu/cache/web/controller/RedisConfigTemplateController.java. The manipulation results in cross site scripting. The attack can be executed remotely. The exploit has been released to the public and may be exploited. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15171 sohu vulnerability CVSS: 4.0 29 Dec 2025, 05:15 UTC

A vulnerability was identified in SohuTV CacheCloud up to 3.2.0. This affects the function index of the file src/main/java/com/sohu/cache/web/controller/ServerController.java. The manipulation leads to cross site scripting. Remote exploitation of the attack is possible. The exploit is publicly available and might be used. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15146 sohu vulnerability CVSS: 3.3 28 Dec 2025, 18:15 UTC

A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. This impacts the function doUserList of the file src/main/java/com/sohu/cache/web/controller/UserManageController.java. Performing manipulation results in cross site scripting. The attack may be initiated remotely. The exploit is now public and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2025-15145 sohu vulnerability CVSS: 3.3 28 Dec 2025, 17:16 UTC

A security vulnerability has been detected in SohuTV CacheCloud up to 3.2.0. This affects the function doTotalList of the file src/main/java/com/sohu/cache/web/controller/TotalManageController.java. Such manipulation leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed publicly and may be used. The project was informed of the problem early through an issue report but has not responded yet.

CVE-2023-47453 sohu vulnerability CVSS: 0 30 Nov 2023, 21:15 UTC

An Untrusted search path vulnerability in Sohu Video Player 7.0.15.0 allows local users to gain escalated privileges through the version.dll file in the current working directory.