7.5
CVE-2025-65945 - auth0/node-jws improper HMAC signature verification vulnerability
auth0/node-jws is a JSON Web Signature implementation for Node.js. In versions 3.2.2 and earlier and version 4.0.0, auth0/node-jws has an improper signature verification vulnerability when using the HS256 algorithm under specific conditions. Applications are affected when they use the jws.createVerβ¦
5.3
CVE-2025-14016 - macrozheng mall-swarm delete improper authorization
A security vulnerability has been detected in macrozheng mall-swarm up to 1.0.3. Affected is the function delete of the file /member/readHistory/delete. Such manipulation of the argument ids leads to improper authorization. The attack can be executed remotely. The exploit has been disclosed publiclβ¦
8.7
CVE-2025-14015 - H3C Magic B0 aspForm EditWlanMacList buffer overflow
A weakness has been identified in H3C Magic B0 up to 100R002. This impacts the function EditWlanMacList of the file /goform/aspForm. This manipulation of the argument param causes buffer overflow. Remote exploitation of the attack is possible. The exploit has been made available to the public and cβ¦
5.1
CVE-2025-13488 - Nexus Repository 3 - Stored Cross-Site Scripting (XSS)
Due to a regression introduced in version 3.83.0, a security header is no longer applied to certain user-uploaded content served from repositories. This may allow an authenticated attacker with repository upload privileges to exploit a stored cross-site scripting (XSS) vulnerability with user conteβ¦
4.8
CVE-2025-14013 - JIZHICMS Comment addcomment.html cross site scripting
A vulnerability was identified in JIZHICMS up to 2.5.5. The impacted element is an unknown function of the file /index.php/admins/Comment/addcomment.html of the component Comment Handler. The manipulation of the argument body leads to cross site scripting. The attack may be initiated remotely. The β¦
8.4
CVE-2025-9127 - PX Enterprise Improper Sanitization Vulnerability
A vulnerability exists in PX Enterprise whereby sensitive information may be logged under specific conditions.
5.1
CVE-2025-14012 - JIZHICMS Batch Delete Comments deleteAll.html delete sql injection
A vulnerability was determined in JIZHICMS up to 2.5.5. The affected element is the function deleteAll/findAll/delete of the file /index.php/admins/Comment/deleteAll.html of the component Batch Delete Comments. Executing a manipulation can lead to sql injection. The attack can be launched remotely.β¦
5.1
CVE-2025-14011 - JIZHICMS Add Display Name Field addcomment.html commentlist sql injection
A vulnerability was found in JIZHICMS up to 2.5.5. Impacted is the function commentlist of the file /index.php/admins/Comment/addcomment.html of the component Add Display Name Field. Performing a manipulation of the argument aid/tid results in sql injection. The attack can be initiated remotely. Thβ¦
8.4
CVE-2025-66516 - Apache Tika core, Apache Tika parsers, Apache Tika PDF parser module: Update to CVE-2025-54988 to eβ¦
Critical XXE in Apache Tika tika-core (1.13-3.2.1), tika-pdf-module (2.0.0-3.2.1) and tika-parsers (1.13-1.28.5) modules on all platforms allows an attacker to carry out XML External Entity injection via a crafted XFA file inside of a PDF. This CVE covers the same vulnerability as inΒ CVE-2025-549β¦
5.6
CVE-2025-8074 -
Origin validation error vulnerability in BeeDrive in Synology BeeDrive for desktop before 1.4.3-13973 allows local users to write arbitrary files with non-sensitive information via unspecified vectors.