5.3
CVE-2025-6859 - SourceCodester Best Salon Management System pro_sale.php sql injection
A vulnerability was found in SourceCodester Best Salon Management System 1.0. It has been classified as critical. This affects an unknown part of the file /panel/pro_sale.php. The manipulation of the argument fromdate/todate leads to sql injection. It is possible to initiate the attack remotely. Thβ¦
6.1
CVE-2024-24915 - SmartConsole Sensitive Credential Exposure via Memory Dump
Credentials are not cleared from memory after being used. A user with Administrator permissions can execute memory dump for SmartConsole process and fetch them.
6.9
CVE-2025-5878 - ESAPI esapi-java-legacy SQL Injection Defense Encoder.encodeForSQL special element
A vulnerability was found in ESAPI esapi-java-legacy and classified as problematic. This issue affects the interface Encoder.encodeForSQL of the SQL Injection Defense. An attack leads to an improper neutralization of special elements. The attack may be initiated remotely and an exploit has been disβ¦
4.8
CVE-2025-6858 - HDF5 H5Centry.c H5C__flush_single_entry null pointer dereference
A vulnerability was found in HDF5 1.14.6 and classified as problematic. Affected by this issue is the function H5C__flush_single_entry of the file src/H5Centry.c. The manipulation leads to null pointer dereference. The attack needs to be approached locally. The exploit has been disclosed to the pubβ¦
4.8
CVE-2025-6857 - HDF5 H5Gnode.c H5G__node_cmp3 stack-based overflow
A vulnerability has been found in HDF5 1.14.6 and classified as problematic. Affected by this vulnerability is the function H5G__node_cmp3 of the file src/H5Gnode.c. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on the local host. The exploit has been diβ¦
4.8
CVE-2025-6856 - HDF5 H5FL.c H5FL__reg_gc_list use after free
A vulnerability, which was classified as problematic, was found in HDF5 1.14.6. Affected is the function H5FL__reg_gc_list of the file src/H5FL.c. The manipulation leads to use after free. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.
5.1
CVE-2025-6855 - chatchat-space Langchain-Chatchat file path traversal
A vulnerability, which was classified as critical, has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This issue affects some unknown processing of the file /v1/file. The manipulation of the argument flag leads to path traversal. The exploit has been disclosed to the public and may beβ¦
5.3
CVE-2025-6854 - chatchat-space Langchain-Chatchat files path traversal
A vulnerability classified as problematic was found in chatchat-space Langchain-Chatchat up to 0.3.1. This vulnerability affects unknown code of the file /v1/files?purpose=assistants. The manipulation leads to path traversal. The attack can be initiated remotely. The exploit has been disclosed to tβ¦
5.3
CVE-2025-6853 - chatchat-space Langchain-Chatchat Backend upload_temp_docs path traversal
A vulnerability classified as critical has been found in chatchat-space Langchain-Chatchat up to 0.3.1. This affects the function upload_temp_docs of the file /knowledge_base/upload_temp_docs of the component Backend. The manipulation of the argument flag leads to path traversal. It is possible to β¦
5.3
CVE-2025-6850 - code-projects Simple Forum forum1.php sql injection
A vulnerability has been found in code-projects Simple Forum 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /forum1.php. The manipulation of the argument File leads to sql injection. The attack can be launched remotely. The exploit has been diβ¦