5.3
CVE-2025-1225 - ywoa WXCallBack Interface XMLParse.java extract xml external entity reference
A vulnerability, which was classified as problematic, has been found in ywoa up to 2024.07.03. This issue affects the function extract of the file c-main/src/main/java/com/redmoon/weixin/aes/XMLParse.java of the component WXCallBack Interface. The manipulation leads to xml external entity referenceβ¦
5.3
CVE-2025-1224 - ywoa UserMapper.xml listNameBySql sql injection
A vulnerability classified as critical was found in ywoa up to 2024.07.03. This vulnerability affects the function listNameBySql of the file com/cloudweb/oa/mapper/xml/UserMapper.xml. The manipulation leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to thβ¦
5.3
CVE-2025-1216 - ywoa OaNoticeMapper.xml selectNoticeList sql injection
A vulnerability, which was classified as critical, has been found in ywoa up to 2024.07.03. This issue affects the function selectNoticeList of the file com/cloudweb/oa/mapper/xml/OaNoticeMapper.xml. The manipulation of the argument sort leads to sql injection. The attack may be initiated remotely.β¦
7.1
CVE-2025-0937 - Nomad Vulnerable To Event Stream Namespace ACL Policy Bypass Through Wildcard Namespace
Nomad Community and Nomad Enterprise ("Nomad") event stream configured with a wildcard namespace can bypass the ACL Policy allowing reads on other namespaces.
2.4
CVE-2025-1215 - vim main.c memory corruption
A vulnerability classified as problematic was found in vim up to 9.1.1096. This vulnerability affects unknown code of the file src/main.c. The manipulation of the argument --log leads to memory corruption. It is possible to launch the attack on the local host. Upgrading to version 9.1.1097 is able β¦
8.1
CVE-2025-1146 - CrowdStrike Falcon Sensor for Linux TLS Issue
CrowdStrike uses industry-standard TLS (transport layer security) to secure communications from the Falcon sensor to the CrowdStrike cloud. CrowdStrike has identified a validation logic error in the Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor where oβ¦
7.5
CVE-2025-25283 - parse-duraton vulnerable to Regex Denial of Service that results in event loop delay and out of memβ¦
parse-duraton is software that allows users to convert a human readable duration to milliseconds. Versions prior to 2.1.3 are vulnerable to an event loop delay due to the CPU-bound operation of resolving the provided string, from a 0.5ms and up to ~50ms per one operation, with a varying size from 0β¦
8.2
CVE-2025-25205 - Remote Authentication-Bypass can lead to server crash or limited information disclosure due to faulβ¦
Audiobookshelf is a self-hosted audiobook and podcast server. Starting in version 2.17.0 and prior to version 2.19.1, a flaw in the authentication bypass logic allows unauthenticated requests to match certain unanchored regex patterns in the URL. Attackers can craft URLs containing substrings like β¦
4
CVE-2025-25201 - Improper Validation of Admin Key in PIV Smartcard
Nitrokey 3 Firmware is the the firmware of Nitrokey 3 USB keys. For release 1.8.0, and test releases with PIV enabled prior to 1.8.0, the PIV application could accept invalid keys for authentication of the admin key. This could lead to compromise of the integrity of the data stored in the applicatiβ¦
5.3
CVE-2025-1214 - pihome-shc PiHome Role-Based Access Control user_accounts.php authorization
A vulnerability classified as critical has been found in pihome-shc PiHome 2.0. This affects an unknown part of the file /user_accounts.php?uid of the component Role-Based Access Control. The manipulation leads to missing authorization. It is possible to initiate the attack remotely. The exploit haβ¦