7.3
CVE-2025-6384 - Improper Control of Dynamically-Managed Code Resources in Crafter Studio
Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE (Remote Code Exeβ¦
5.1
CVE-2025-6278 - Upsonic server.py os.path.join path traversal
A vulnerability classified as critical was found in Upsonic up to 0.55.6. This vulnerability affects the function os.path.join of the file markdown/server.py. The manipulation of the argument file.filename leads to path traversal. The exploit has been disclosed to the public and may be used.
5.3
CVE-2025-6277 - Brilliance Golden Link Secondary System custTakeInfoPage.htm sql injection
A vulnerability classified as critical has been found in Brilliance Golden Link Secondary System up to 20250609. This affects an unknown part of the file /storagework/custTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. It is possible to initiate the attack rβ¦
5.3
CVE-2025-6276 - Brilliance Golden Link Secondary System rentTakeInfoPage.htm sql injection
A vulnerability was found in Brilliance Golden Link Secondary System up to 20250609. It has been rated as critical. Affected by this issue is some unknown functionality of the file /storagework/rentTakeInfoPage.htm. The manipulation of the argument custTradeName leads to sql injection. The attack mβ¦
4.8
CVE-2025-6275 - WebAssembly wabt binary-reader-interp.cc GetFuncOffset use after free
A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been declared as problematic. Affected by this vulnerability is the function GetFuncOffset of the file src/interp/binary-reader-interp.cc. The manipulation leads to use after free. It is possible to launch the attack on the local hoβ¦
4.8
CVE-2025-6274 - WebAssembly wabt binary-reader-interp.cc OnDataCount resource consumption
A vulnerability was found in WebAssembly wabt up to 1.0.37. It has been classified as problematic. Affected is the function OnDataCount of the file src/interp/binary-reader-interp.cc. The manipulation leads to resource consumption. Attacking locally is a requirement. The exploit has been disclosed β¦
4.8
CVE-2025-6273 - WebAssembly wabt binary-reader-objdump.cc LogOpcode assertion
A vulnerability was found in WebAssembly wabt up to 1.0.37 and classified as problematic. This issue affects the function LogOpcode of the file src/binary-reader-objdump.cc. The manipulation leads to reachable assertion. Local access is required to approach this attack. The exploit has been disclosβ¦
4.8
CVE-2025-6272 - wasm3 m3_compile.c MarkSlotAllocated out-of-bounds write
A vulnerability has been found in wasm3 0.5.0 and classified as problematic. This vulnerability affects the function MarkSlotAllocated of the file source/m3_compile.c. The manipulation leads to out-of-bounds write. An attack has to be approached locally. The exploit has been disclosed to the publicβ¦
4.8
CVE-2025-6271 - swftools wav2swf wav.c wav_convert2mono out-of-bounds
A vulnerability, which was classified as problematic, was found in swftools up to 0.9.2. This affects the function wav_convert2mono in the library lib/wav.c of the component wav2swf. The manipulation leads to out-of-bounds read. The attack needs to be approached locally. The exploit has been discloβ¦
9.1
CVE-2025-33117 - IBM QRadar SIEM command execution
IBM QRadar SIEM 7.5 through 7.5.0 Update Package 12 could allow a privileged user to modify configuration files that would allow the upload of a malicious autoupdate file to execute arbitrary commands.