6.9
CVE-2025-0842 - needyamin Library Card System Login admin.php sql injection
A vulnerability was found in needyamin Library Card System 1.0 and classified as critical. This issue affects some unknown processing of the file admin.php of the component Login. The manipulation of the argument email/password leads to sql injection. The attack may be initiated remotely. The exploβ¦
9.3
CVE-2025-0851 - Path traversal issue in Deep Java Library
A path traversal issue in ZipUtils.unzip and TarUtils.untar in Deep Java Library (DJL) on all platforms allows a bad actor to write files to arbitrary locations.
6.9
CVE-2025-0841 - Aridius XYZ News loadMore deserialization
A vulnerability has been found in Aridius XYZ up to 20240927 on OpenCart and classified as critical. This vulnerability affects the function loadMore of the component News. The manipulation leads to deserialization. The attack can be initiated remotely. The exploit has been disclosed to the public β¦
4.4
CVE-2025-24795 - The Snowflake Connector for Python uses insecure cache files permissions
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. On Linux systems, when temporary credential cachiβ¦
6.7
CVE-2025-24794 - The Snowflake Connector for Python uses insecure deserialization of the OCSP response cache
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. The OCSP response cache uses pickle as the serialβ¦
7
CVE-2025-24793 - Snowflake Connector for Python has an SQL Injection in write_pandas
The Snowflake Connector for Python provides an interface for developing Python applications that can connect to Snowflake and perform all standard operations. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for Python. A function from the snowflake.connector.pandas_toβ¦
5
CVE-2025-24788 - Snowflake Connector for .NET has weak temporary files permissions
snowflake-connector-net is the Snowflake Connector for .NET. Snowflake discovered and remediated a vulnerability in the Snowflake Connector for .NET in which files downloaded from stages are temporarily placed in a world-readable local directory, making them accessible to unauthorized users on the β¦
5.1
CVE-2025-24884 - kube-audit-rest's example logging configuration could disclose secret values in the audit log
kube-audit-rest is a simple logger of mutation/creation requests to the k8s api. If the "full-elastic-stack" example vector configuration was used for a real cluster, the previous values of kubernetes secrets would have been disclosed in the audit messages. This vulnerability is fixed in 1.0.16.
6.3
CVE-2025-0840 - GNU Binutils objdump.c disassemble_bytes stack-based overflow
A vulnerability, which was classified as problematic, was found in GNU Binutils up to 2.43. This affects the function disassemble_bytes of the file binutils/objdump.c. The manipulation of the argument buf leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The compβ¦
9.3
CVE-2025-20061 - mySCADA myPRO Manager OS Command Injection
mySCADA myPRO does not properly neutralize POST requests sent to a specific port with email information. This vulnerability could be exploited by an attacker to execute arbitrary commands on the affected system.