9.8

CVSS3.1

CVE-2025-29953 - Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass

Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious re…

📅 Published: April 18, 2025, 3:23 p.m. 🔄 Last Modified: July 9, 2025, 5:11 p.m.

5.1

CVSS4.0

CVE-2025-3792 - SeaCMS admin_link.php sql injection

A vulnerability, which was classified as critical, has been found in SeaCMS up to 13.3. This issue affects some unknown processing of the file /admin_link.php?action=delall. The manipulation of the argument e_id leads to sql injection. The attack may be initiated remotely. The exploit has been disc…

📅 Published: April 18, 2025, 3 p.m. 🔄 Last Modified: July 15, 2025, 8:06 p.m.

5.4

CVSS3.1

CVE-2025-2950 - IBM i improper HTTP header neutralization

IBM i 7.3, 7.4, 7.5, and 7.5 is vulnerable to a host header injection attack caused by improper neutralization of HTTP header content by IBM Navigator for i. An authenticated user can manipulate the host header in HTTP requests to change domain/IP address which may lead to unexpected behavior.

📅 Published: April 18, 2025, 2:50 p.m. 🔄 Last Modified: Aug. 28, 2025, 4:41 p.m.

0.0