6.9
CVE-2025-2320 - 274056675 springboot-openai-chatgpt User submit improper authorization
A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launcβ¦
3.5
CVE-2025-2295 - Potential iSCSI R2T PDU Vulnerability
EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.
4.8
CVE-2025-2310 - HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and mβ¦
4.8
CVE-2025-2309 - HDF5 Type Conversion Logic H5T__bit_copy heap-based overflow
A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been discloβ¦
4.8
CVE-2025-2308 - HDF5 Scale-Offset Filter H5Z__scaleoffset_decompress_one_byte heap-based overflow
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been discloβ¦
6.4
CVE-2025-29782 - WeGIA Cross-Site Scripting (XSS) Stored in endpoint `adicionar_tipo_docs_atendido.php` parameter `tβ¦
WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_docs_atendido.php` endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the `tipo` β¦
5.3
CVE-2025-29771 - HtmlSanitizer vulnerable to XSS when used with contentEditable
HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a `contentEditable` element to set the elements `innerHTML` to a sanitized string produced by the package. If the code is particularly crafted to abuse thβ¦
8.7
CVE-2024-12245 - Blind SQL Injection in Logout
Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers. Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain databβ¦
6.4
CVE-2024-12020 - Reflected Cross-Site Scripting (XSS)
There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability. Stealing the session cookie is not possible due to cookie security flags, however the β¦
7.1
CVE-2024-12019 - Arbitrary File Read via Document API
The API used to interact with documents in the application contains a flaw that allows an authenticated attacker to read the contents of files on the underlying operating system. An account with βreadβ and βdownloadβ privileges on at least one existing document in the application is required to expβ¦