5.3
CVE-2025-9410 - lostvip-com ruoyi-go GenTableDao.go SelectListByPage sql injection
A weakness has been identified in lostvip-com ruoyi-go up to 2.1. The affected element is the function SelectListByPage of the file modules/system/dao/GenTableDao.go. Executing manipulation of the argument isAsc/orderByColumn can lead to sql injection. It is possible to launch the attack remotely. β¦
8.8
CVE-2025-57760 - Langflow Vulnerable to Privilege Escalation via CLI Superuser Creation
Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in fβ¦
7.2
CVE-2025-6737 - Securden Unified PAM Shared SSH Key and Cloud Infrastructure
Securdenβs Unified PAM Remote Vendor Gateway access portal shares infrastructure and access tokens across multiple tenants. A malicious actor can obtain authentication material and access the gateway server with low-privilege permissions.
9.4
CVE-2025-53120 - Securden Unified PAM Path Traversal In File Upload
A path traversal vulnerability in unauthenticated upload functionality allows a malicious actor to upload binaries and scripts to the serverβs configuration and web root directories, achieving remote code execution on the Unified PAM server.
7.5
CVE-2025-53119 - Securden Unified PAM Unauthenticated Unrestricted File Upload
An unauthenticated unrestricted file upload vulnerability allows an attacker to upload malicious binaries and scripts to the server.
9.8
CVE-2025-53118 - Securden Unified PAM Authentication Bypass
An authentication bypass vulnerability exists which allows an unauthenticated attacker to control administrator backup functions, leading to compromise of passwords, secrets, and application session tokens stored by the Unified PAM.
5.3
CVE-2025-9409 - lostvip-com ruoyi-go CommonController.go DownloadUpload path traversal
A security flaw has been discovered in lostvip-com ruoyi-go up to 2.1. Impacted is the function DownloadTmp/DownloadUpload of the file modules/system/controller/CommonController.go. Performing manipulation of the argument fileName results in path traversal. It is possible to initiate the attack remβ¦
8.5
CVE-2025-3478 - OpenText Enterprise Security Manager Stored XSS
A Stored Cross-Site Scripting (XSS) vulnerability has been identified in OpenText Enterprise Security Manager. The vulnerability could be remotely exploited.
6.7
CVE-2025-55301 - The Scratch Channel Allows Username Modification
The Scratch Channel is a news website. In version 1, it is possible to go to application in devtools and click local storage to edit the account's username locally. This issue has been patched in version 1.1.
8.2
CVE-2025-5302 - Denial of Service (DOS) in JSONReader in run-llama/llama_index
A denial of service vulnerability exists in the JSONReader component of the run-llama/llama_index repository, specifically in version v0.12.37. The vulnerability is caused by uncontrolled recursion when parsing deeply nested JSON files, which can lead to Python hitting its maximum recursion depth lβ¦