7.5
CVE-2025-32031 - Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Optimization Bypass
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically due to internal oβ¦
7.5
CVE-2025-32030 - Apollo Gateway Query Planner Vulnerable to Excessive Resource Consumption via Named Fragment Expansβ¦
Apollo Gateway provides utilities for combining multiple GraphQL microservices into a single GraphQL endpoint. Prior to 2.10.1, a vulnerability in Apollo Gateway allowed queries with deeply nested and reused named fragments to be prohibitively expensive to query plan, specifically during named fragβ¦
7.5
CVE-2025-31496 - apollo-compiler Named Fragment Processing Vulnerability
apollo-compiler is a query-based compiler for the GraphQL query language. Prior to 1.27.0, a vulnerability in Apollo Compiler allowed queries with deeply nested and reused named fragments to be prohibitively expensive to validate. Named fragments were being processed once per fragment spread in somβ¦
6.9
CVE-2025-3383 - SourceCodester Web-based Pharmacy Product Management System search_sales.php sql injection
A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /search/search_sales.php. The manipulation of the argument Name leads to sql injection. The attack may be initiated remotelβ¦
6.9
CVE-2025-32029 - ts-asn1-der has Incorrect DER Encoding of Numbers Leading to Denial of Service and Incorrect Value β¦
ts-asn1-der is a collection of utility classes to encode ASN.1 data following DER rule. Incorrect number DER encoding can lead to denial on service for absolute values in the range 2**31 -- 2**32 - 1. The arithmetic in the numBitLen didn't take into account that values in this range could result inβ¦
8.5
CVE-2025-29769 - libvips has a potential heap-based buffer overflow when attempting to convert multiband TIFF input β¦
libvips is a demand-driven, horizontally threaded image processing library. The heifsave operation could incorrectly determine the presence of an alpha channel in an input when it was not possible to determine the colour interpretation, known internally within libvips as "multiband". There aren't β¦
5.3
CVE-2025-3382 - joey-zhou xiaozhi-esp32-server-java update sql injection
A vulnerability has been found in joey-zhou xiaozhi-esp32-server-java up to a14fe8115842ee42ab5c7a51706b8a85db5200b7 and classified as critical. This vulnerability affects the function update of the file /api/user/update. The manipulation of the argument state leads to sql injection. The attack canβ¦
5.3
CVE-2025-3381 - zhangyanbo2007 youkefu File Upload WebIMController.java path traversal
A vulnerability, which was classified as critical, was found in zhangyanbo2007 youkefu 4.2.0. This affects an unknown part of the file WebIMController.java of the component File Upload. The manipulation of the argument ID leads to path traversal. It is possible to initiate the attack remotely. The β¦
6.9
CVE-2025-3380 - PCMan FTP Server FEAT Command buffer overflow
A vulnerability, which was classified as critical, has been found in PCMan FTP Server 2.0.7. Affected by this issue is some unknown functionality of the component FEAT Command Handler. The manipulation leads to buffer overflow. The attack may be launched remotely. The exploit has been disclosed to β¦
6.9
CVE-2025-3379 - PCMan FTP Server EPSV Command buffer overflow
A vulnerability classified as critical was found in PCMan FTP Server 2.0.7. Affected by this vulnerability is an unknown functionality of the component EPSV Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public β¦