8.8
CVE-2025-55370 -
Incorrect access control in the component \controller\ResourceController.java of jshERP v3.5 allows unauthorized attackers to obtain all the corresponding ID data by modifying the ID value.
8.8
CVE-2025-9141 - vllm: quen3: RCE in vllm tool call parser for qwen3coder
A vulnerability was found in vLLM's Qwen3 Coder tool parser. Since this parser uses Python's eval() function, it poses a risk of arbitrary code execution. This vulnerability appears during the parameter conversion process when the parser attempts to handle complex data types.
5.3
CVE-2025-9264 - Xuxueli xxl-job Jobs JobInfoController.java remove resource injection
A vulnerability was found in Xuxueli xxl-job up to 3.1.1. Affected by this issue is the function remove of the file /src/main/java/com/xxl/job/admin/controller/JobInfoController.java of the component Jobs Handler. Performing manipulation of the argument ID results in improper control of resource idβ¦
5.3
CVE-2025-9263 - Xuxueli xxl-job JobLogController.java getJobsByGroup resource injection
A vulnerability has been found in Xuxueli xxl-job up to 3.1.1. Affected by this vulnerability is the function getJobsByGroup of the file /src/main/java/com/xxl/job/admin/controller/JobLogController.java. Such manipulation of the argument jobGroup leads to improper control of resource identifiers. Tβ¦
6.3
CVE-2025-9262 - wong2 mcp-cli oAuth provider.js redirectToAuthorization os command injection
A flaw has been found in wong2 mcp-cli 1.13.0. Affected is the function redirectToAuthorization of the file /src/oauth/provider.js of the component oAuth Handler. This manipulation causes os command injection. The attack may be initiated remotely. The attack is considered to have high complexity. Tβ¦
8.7
CVE-2025-9253 - Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 RP_doSpecifySiteSurvey stack-based overflow
A security vulnerability has been detected in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this issue is the function RP_doSpecifySiteSurvey of the file /goform/RP_doSpecifySiteSurvey. The manipulation of the argumentβ¦
8.7
CVE-2025-9252 - Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 DisablePasswordAlertRedirect stack-based overflow
A weakness has been identified in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected by this vulnerability is the function DisablePasswordAlertRedirect of the file /goform/DisablePasswordAlertRedirect. Executing manipulation oβ¦
8.7
CVE-2025-9251 - Linksys RE6250/RE6300/RE6350/RE6500/RE7000/RE9000 sta_wps_pin stack-based overflow
A security flaw has been discovered in Linksys RE6250, RE6300, RE6350, RE6500, RE7000 and RE9000 1.0.013.001/1.0.04.001/1.0.04.002/1.1.05.003/1.2.07.001. Affected is the function sta_wps_pin of the file /goform/sta_wps_pin. Performing manipulation of the argument Ssid results in stack-based buffer β¦
9.1
CVE-2025-9288 - Missing type checks leading to hash rewind and passing on crafted data
Improper Input Validation vulnerability in sha.js allows Input Data Manipulation.This issue affects sha.js: through 2.4.11.
6.5
CVE-2025-57749 - n8n has a symlink traversal vulnerability in "Read/Write File" node allows access to restricted filβ¦
n8n is a workflow automation platform. Before 1.106.0, a symlink traversal vulnerability was discovered in the Read/Write File node in n8n. While the node attempts to restrict access to sensitive directories and files, it does not properly account for symbolic links (symlinks). An attacker with theβ¦