5.3
CVE-2025-3571 - Fannuo Enterprise Content Management System 凡诺企业网站管理系统 cms_chip.php sql injection
A vulnerability was found in Fannuo Enterprise Content Management System 凡诺企业网站管理系统 1.1/4.0. It has been declared as critical. This vulnerability affects unknown code of the file admin/cms_chip.php. The manipulation of the argument del leads to sql injection. The attack can be initiated remotely. T…
6.3
CVE-2024-49825 - IBM Robotic Process Automation session fixation
IBM Robotic Process Automation and Robotic Process Automation for Cloud Pak 21.0.0 through 21.0.7.20 and 23.0.0 through 23.0.20 does not invalidate session after a logout which could allow an authenticated user to impersonate another user on the system.
5.4
CVE-2025-2475 - Unauthorized Bot Login Using Credentials
Mattermost versions 10.5.x <= 10.5.1, 10.4.x <= 10.4.3, 9.11.x <= 9.11.9 fail to invalidate the cache when a user account is converted to a bot which allows an attacker to login to the bot exactly one time via normal credentials.
3.1
CVE-2025-2424 - Leaked Metadata of Deleted Files via Bookmark Creation
Mattermost versions 10.5.x <= 10.5.1, 9.11.x <= 9.11.9 fail to check if a file has been deleted when creating a bookmark which allows an attacker who knows the IDs of deleted files to obtain metadata of the files via bookmark creation.
5.1
CVE-2025-3570 - JamesZBL/code-projects db-hospital-drug ContentController.java save cross site scripting
A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0. It has been classified as problematic. This affects the function Save of the file ContentController.java. The manipulation of the argument content leads to cross site scripting. It is possible to initiate the attack remotely.…
7.1
CVE-2025-2161 -
Pega Platform versions 7.2.1 to Infinity 24.2.1 are affected by an XSS issue with Mashup
8.1
CVE-2025-2160 -
Pega Platform versions 8.4.3 to Infinity 24.2.1 are affected by an XSS issue with Mashup
5.3
CVE-2025-3569 - JamesZBL/code-projects db-hospital-drug ShiroConfig.java improper authorization
A vulnerability was found in JamesZBL/code-projects db-hospital-drug 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file ShiroConfig.java. The manipulation leads to improper authorization. The attack may be launched remotely. The exploit has been disclos…
5.1
CVE-2025-3568 - Webkul Krayin CRM SVG File edit cross site scripting
A vulnerability has been found in Webkul Krayin CRM up to 2.1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /admin/settings/users/edit/ of the component SVG File Handler. The manipulation leads to cross site scripting. The attack can be laun…
5.3
CVE-2025-3567 - veal98 小牛肉 Echo 开源社区系统 Ticket LoginTicketInterceptor.java preHandle improper authorization
A vulnerability, which was classified as problematic, was found in veal98 小牛肉 Echo 开源社区系统 4.2. Affected is the function preHandle of the file src/main/java/com/greate/community/controller/interceptor/LoginTicketInterceptor.java of the component Ticket Handler. The manipulation leads to improper aut…