5.1
CVE-2025-44017 -
"Gunosy" App contains a vulnerability where sensitive information may be included in the application's outbound communication. If a user accesses a crafted URL, an attacker may obtain the JWT (JSON Web Token).
8.5
CVE-2025-9815 - alaneuler batteryKid NSXPCListener PrivilegeHelper.swift missing authentication
A weakness has been identified in alaneuler batteryKid up to 2.1 on macOS. The affected element is an unknown function of the file PrivilegeHelper/PrivilegeHelper.swift of the component NSXPCListener. This manipulation causes missing authentication. It is possible to launch the attack on the local β¦
6.9
CVE-2025-9814 - PHPGurukul Beauty Parlour Management System contact-us.php sql injection
A security flaw has been discovered in PHPGurukul Beauty Parlour Management System 1.1. Impacted is an unknown function of the file /admin/contact-us.php. The manipulation of the argument mobnumber results in sql injection. It is possible to launch the attack remotely. The exploit has been releasedβ¦
8.7
CVE-2025-9813 - Tenda CH22 SetSambaConf formSetSambaConf buffer overflow
A vulnerability was identified in Tenda CH22 1.0.0.1. This issue affects the function formSetSambaConf of the file /goform/SetSambaConf. The manipulation of the argument samba_userNameSda leads to buffer overflow. It is possible to initiate the attack remotely. The exploit is publicly available andβ¦
8.7
CVE-2025-9812 - Tenda CH22 exeCommand formexeCommand buffer overflow
A vulnerability was determined in Tenda CH22 1.0.0.1. This vulnerability affects the function formexeCommand of the file /goform/exeCommand. Executing manipulation of the argument cmdinput can lead to buffer overflow. The attack may be performed from remote. The exploit has been publicly disclosed β¦
6.9
CVE-2025-9811 - Campcodes Farm Management System reviewInput.php sql injection
A vulnerability was found in Campcodes Farm Management System 1.0. This affects an unknown part of the file /reviewInput.php. Performing manipulation of the argument rating results in sql injection. The attack is possible to be carried out remotely. The exploit has been made public and could be useβ¦
2.3
CVE-2025-8662 -
OpenAM (OpenAM Consortium Edition) contains a vulnerability that may cause it to malfunction as a SAML IdP due to a tampered request.This issue affects OpenAM: from 14.0.0 through 14.0.1.
7.8
CVE-2025-58178 - Command Injection via sonarqube-scan-action GitHub Action
SonarQube Server and Cloud is a static analysis solution for continuous code quality and security inspection. In versions 4 to 5.3.0, a command injection vulnerability was discovered in the SonarQube Scan GitHub Action that allows untrusted input arguments to be processed without proper sanitizatioβ¦
6.5
CVE-2025-58162 - MobSF Vulnerable to Arbitrary File Write (AR-Slip) via Absolute Path in .a Extraction
MobSF is a mobile application security testing tool used. In version 4.4.0, an authenticated user who uploaded a specially prepared one.a, can write arbitrary files to any directory writable by the user of the MobSF process. This issue has been patched in version 4.4.1.
1.3
CVE-2025-58161 - MobSF Path Traversal in GET /download/<filename> using absolute filenames
MobSF is a mobile application security testing tool used. In version 4.4.0, the GET /download/ route uses string path verification via os.path.commonprefix, which allows an authenticated user to download files outside the DWD_DIR download directory from "neighboring" directories whose absolute pathβ¦