8.1
CVE-2024-58087 - ksmbd: fix racy issue from session lookup and expire
In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix racy issue from session lookup and expire Increment the session reference count within the lock for lookup to avoid racy issue with session expire.
5.1
CVE-2025-2215 - Doufox s=doudou path traversal
A vulnerability classified as critical was found in Doufox up to 0.2.0. Affected by this vulnerability is an unknown functionality of the file /?s=doudou&c=file&a=list. The manipulation of the argument dir leads to path traversal. The attack can be launched remotely. The exploit has been disclosed โฆ
5.1
CVE-2025-2214 - Microweber Settings index.php cross site scripting
A vulnerability was found in Microweber 2.0.19. It has been rated as problematic. This issue affects some unknown processing of the file userfiles/modules/settings/group/website_group/index.php of the component Settings Handler. The manipulation of the argument group leads to cross site scripting. โฆ
4.8
CVE-2025-2213 - Castlenet CBW383G2N Wireless Menu wlanPrimaryNetwork.asp cross site scripting
A vulnerability was found in Castlenet CBW383G2N up to 20250301. It has been declared as problematic. This vulnerability affects unknown code of the file /wlanPrimaryNetwork.asp of the component Wireless Menu. The manipulation of the argument SSID with the input <img/src/onerror=prompt(8)> leads toโฆ
4.8
CVE-2025-2212 - Castlenet CBW383G2N RgSwInfo.asp cross site scripting
A vulnerability was found in Castlenet CBW383G2N up to 20250301. It has been classified as problematic. This affects an unknown part of the file /RgSwInfo.asp. The manipulation of the argument Description with the input <img/src/onerror=prompt(8)> leads to cross site scripting. It is possible to inโฆ
8.8
CVE-2025-2233 - Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerabโฆ
Samsung SmartThings Improper Verification of Cryptographic Signature Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of Samsung SmartThings. Authentication is not required to exploit this vulnerability. Thโฆ
4.8
CVE-2025-2211 - aitangbao springboot-manager add cross site scripting
A vulnerability was found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /sysDictDetail/add. The manipulation of the argument name leads to cross site scripting. The attack may be launched remotely. The exploit hasโฆ
4.8
CVE-2025-2210 - aitangbao springboot-manager add cross site scripting
A vulnerability has been found in aitangbao springboot-manager 3.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /sysJob/add. The manipulation of the argument name leads to cross site scripting. The attack can be launched remotely. The exploitโฆ
7.7
CVE-2025-27792 - Opal vulnerable to CSRF protection bypass
Opal is OBiBaโs core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery (CSRF) were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referreโฆ
7.3
CVE-2025-27101 - Broken Access Control in Opal filesystem's copy functionality exposes all user data
Opal is OBiBaโs core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of theโฆ