8
CVE-2025-32956 - ManageWiki has SQL injection vulnerability in NamespaceMigrationJob
ManageWiki is a MediaWiki extension allowing users to manage wikis. Versions before commit f504ed8, are vulnerable to SQL injection when renaming a namespace in Special:ManageWiki/namespaces when using a page prefix (namespace name, which is the current namespace you are renaming) with an injectionβ¦
9.8
CVE-2025-32958 - Adept exposed the GITHUB_TOKEN in workflow run artifact
Adept is a language for general purpose programming. Prior to commit a1a41b7, the remoteBuild.yml workflow file uses actions/upload-artifact@v4 to upload the mac-standalone artifact. This artifact is a zip of the current directory, which includes the automatically generated .git/config file containβ¦
5.3
CVE-2025-3842 - panhainan DS-Java FileUpload.java uploadUserPic.action code injection
A vulnerability was found in panhainan DS-Java 1.0 and classified as critical. This issue affects the function uploadUserPic.action of the file src/com/phn/action/FileUpload.java. The manipulation of the argument fileUpload leads to code injection. The attack may be initiated remotely. The exploit β¦
4.8
CVE-2025-3841 - wix-incubator jam Jinja2 Template jam.py special elements used in a template engine
A vulnerability, which was classified as problematic, was found in wix-incubator jam up to e87a6fd85cf8fb5ff37b62b2d68f917219d07ae9. This affects an unknown part of the file jam.py of the component Jinja2 Template Handler. The manipulation of the argument config['template'] leads to improper neutraβ¦
8.1
CVE-2025-27086 -
A vulnerability in the HPE Performance Cluster Manager (HPCM) GUI could allow an attacker to bypass authentication.
7.5
CVE-2025-23174 - Yoel Geva - CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
CWE-200: Exposure of Sensitive Information to an Unauthorized Actor
4
CVE-2025-32793 - Cilium packets from terminating endpoints may not be encrypted in Wireguard-enabled clusters
Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Versions 1.15.0 to 1.15.15, 1.16.0 to 1.16.8, and 1.17.0 to 1.17.2, are vulnerable when using Wireguard transparent encryption in a Cilium cluster, packets that originate from a terminating endpoint can leaveβ¦
8.8
CVE-2025-32431 - Traefik has a possible vulnerability with the path matchers
Traefik (pronounced traffic) is an HTTP reverse proxy and load balancer. In versions prior to 2.11.24, 3.3.6, and 3.4.0-rc2. There is a potential vulnerability in Traefik managing the requests using a PathPrefix, Path or PathRegex matcher. When Traefik is configured to route the requests to a backeβ¦
5.9
CVE-2024-12543 - A user enumeration and subsequent data integrity vulnerability affecting barcode functionality
User Enumeration and Data Integrity in Barcode functionality in OpenText Content Management versions 24.3-25.1on Windows and Linux allows a malicous authenticated attacker to potentially alter barcode attributes.
8.7
CVE-2025-3857 - Infinite loop condition in Amazon.IonDotnet
When reading binary Ion data through Amazon.IonDotnet using the RawBinaryReader class, Amazon.IonDotnet does not check the number of bytes read from the underlying stream while deserializing the binary format. If the Ion data is malformed or truncated, this triggers an infinite loop condition that β¦