4.8
CVE-2025-6773 - HKUDS LightRAG File Upload document_routes.py upload_to_input_dir path traversal
A vulnerability was found in HKUDS LightRAG up to 1.3.8. It has been declared as critical. Affected by this vulnerability is the function upload_to_input_dir of the file lightrag/api/routers/document_routes.py of the component File Upload. The manipulation of the argument file.filename leads to patโฆ
6.9
CVE-2025-6772 - eosphoros-ai db-gpt import import_flow path traversal
A vulnerability was found in eosphoros-ai db-gpt up to 0.7.2. It has been classified as critical. Affected is the function import_flow of the file /api/v2/serve/awel/flow/import. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploitโฆ
8.6
CVE-2025-53093 - TabberNeue vulnerable to Stored XSS through wikitext
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Starting in version 3.0.0 and prior to version 3.1.1, any user can insert arbitrary HTMLinto the DOM by inserting a payload into any allowed attribute of the `<tabber>` tag. Version 3.1.1 contains a patch for the bug.
9.3
CVE-2025-5310 - Dover Fueling Solutions ProGauge MagLink LX Consoles Missing Authentication for Critical Function
Dover Fueling Solutions ProGauge MagLink LX Consolesย expose an undocumented and unauthenticated target communication framework (TCF) interface on a specific port. Files can be created, deleted, or modified, potentially leading to remote code execution.
5.2
CVE-2025-6522 - TrendMakers Sight Bulb Pro Command Injection
Unauthenticated users on an adjacent network with the Sight Bulb Pro can run shell commands as root through a vulnerable proprietary TCP protocol available on Port 16668. This vulnerability allows an attacker to run arbitrary commands on the Sight Bulb Pro by passing a well formed JSON string.
6.8
CVE-2025-6521 - TrendMakers Sight Bulb Pro Use of a Broken or Risky Cryptographic Algorithm
During the initial setup of the device the user connects to an access point broadcast by the Sight Bulb Pro. During the negotiation, AES Encryption keys are passed in cleartext. If captured, an attacker may be able to decrypt communications between the management app and the Sight Bulb Pro whicโฆ
4.3
CVE-2025-46708 - GPU DDK - Guest VM can delay the FW and GPU from processing workloads from other VMs
Software installed and running inside a Guest VM may conduct improper GPU system calls to prevent other Guests from running work on the GPU.
9.8
CVE-2024-12143 - SQLi in Mobilteg Mobile Informatics' Mikro Hand Terminal - MikroDB
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Mobilteg Mobile Informatics Mikro Hand Terminal - MikroDB allows SQL Injection.This issue affects Mikro Hand Terminal - MikroDB.ย NOTE: The vendor did not inform about the completion of the fixingโฆ
5.2
CVE-2025-46707 - GPU DDK - Guest VM can override its own FW VZ connection state after the FW has close it
Software installed and running inside a Guest VM may override Firmware's state and gain access to the GPU.
9.8
CVE-2024-12150 - SQLi in Eron Software's Wowwo CRM
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Eron Software Wowwo CRM allows Blind SQL Injection.This issue affects Wowwo CRM.ย NOTE: The vendor did not inform about the completion of the fixing process within the specified time. The CVE willโฆ