5.1
CVE-2025-5153 - CMS Made Simple Design Manager Module cross site scripting
A vulnerability, which was classified as problematic, has been found in CMS Made Simple 2.2.21. This issue affects some unknown processing of the component Design Manager Module. The manipulation of the argument Description leads to cross site scripting. The attack may be initiated remotely. The exโฆ
5.3
CVE-2025-5152 - Chanjet CRM newActivityedit.php sql injection
A vulnerability classified as critical was found in Chanjet CRM up to 20250510. This vulnerability affects unknown code of the file /activity/newActivityedit.php?DontCheckLogin=1&id=null&ret=mod1. The manipulation of the argument gblOrgID leads to sql injection. The attack can be initiated remotelyโฆ
4.8
CVE-2025-5151 - defog-ai introspect analysis_tools.py execute_analysis_code_safely code injection
A vulnerability classified as critical has been found in defog-ai introspect up to 0.1.4. This affects the function execute_analysis_code_safely of the file introspect/backend/tools/analysis_tools.py. The manipulation of the argument code leads to code injection. It is possible to launch the attackโฆ
5.3
CVE-2025-5150 - docarray Web API torch_dataset.py __getitem__ prototype pollution
A vulnerability was found in docarray up to 0.40.1. It has been rated as critical. Affected by this issue is the function __getitem__ of the file /docarray/data/torch_dataset.py of the component Web API. The manipulation leads to improperly controlled modification of object prototype attributes ('pโฆ
6.3
CVE-2025-5149 - WCMS Login getallcon getMemberByUid improper authentication
A vulnerability was found in WCMS up to 8.3.11. It has been declared as critical. Affected by this vulnerability is the function getMemberByUid of the file /index.php?articleadmin/getallcon of the component Login. The manipulation of the argument uid leads to improper authentication. The attack canโฆ
4.8
CVE-2025-5148 - FunAudioLLM InspireMusic Pickle Data model.py load_state_dict deserialization
A vulnerability was found in FunAudioLLM InspireMusic up to bf32364bcb0d136497ca69f9db622e9216b029dd. It has been classified as critical. Affected is the function load_state_dict of the file inspiremusic/cli/model.py of the component Pickle Data Handler. The manipulation leads to deserialization. Aโฆ
5.3
CVE-2025-5147 - Netcore NBR1005GPEV2/NBR200V2/B6V2 network_tools tools_ping command injection
A vulnerability was found in Netcore NBR1005GPEV2, NBR200V2 and B6V2 up to 20250508 and classified as critical. This issue affects the function tools_ping of the file /usr/bin/network_tools. The manipulation of the argument url leads to command injection. The attack may be initiated remotely. The eโฆ
5.3
CVE-2025-5146 - Netcore NBR200V2 HTTP Header routerd passwd_set command injection
A vulnerability has been found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2 and NBR200V2 up to 20250508 and classified as critical. This vulnerability affects the function passwd_set of the file /usr/bin/routerd of the component HTTP Header Handler. The manipulation of the argumeโฆ
5.3
CVE-2025-5145 - Netcore POWER13 Query String cgi-bin command injection
A vulnerability, which was classified as critical, was found in Netcore NBR1005GPEV2, B6V2, COVER5, NAP830, NAP930, NBR100V2, NBR200V2 and POWER13 up to 20250508. This affects an unknown part of the file /www/cgi-bin/ of the component Query String Handler. The manipulation leads to command injectioโฆ
5.3
CVE-2025-5140 - Seeyon Zhiyuan OA Web Application System ThirdMenuController.class this.oursNetService.getData servโฆ
A vulnerability classified as critical has been found in Seeyon Zhiyuan OA Web Application System up to 8.1 SP2. This affects the function this.oursNetService.getData of the file com\ours\www\ehr\openPlatform1\open4ClientType\controller\ThirdMenuController.class. The manipulation of the argument urโฆ