0.0
CVE-2025-2333 -
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage.
6.9
CVE-2025-2320 - 274056675 springboot-openai-chatgpt User submit improper authorization
A vulnerability has been found in 274056675 springboot-openai-chatgpt e84f6f5 and classified as critical. Affected by this vulnerability is the function submit of the file /api/blade-user/submit of the component User Handler. The manipulation leads to improper authorization. The attack can be launcโฆ
3.5
CVE-2025-2295 - Potential iSCSI R2T PDU Vulnerability
EDK2 contains a vulnerability in BIOS where a user may cause an Integer Overflow or Wraparound by network means. A successful exploitation of this vulnerability may lead to denial of service.
4.8
CVE-2025-2310 - HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow
A vulnerability was found in HDF5 1.14.6 and classified as critical. This issue affects the function H5MM_strndup of the component Metadata Attribute Decoder. The manipulation leads to heap-based buffer overflow. Attacking locally is a requirement. The exploit has been disclosed to the public and mโฆ
4.8
CVE-2025-2309 - HDF5 Type Conversion Logic H5T__bit_copy heap-based overflow
A vulnerability has been found in HDF5 1.14.6 and classified as critical. This vulnerability affects the function H5T__bit_copy of the component Type Conversion Logic. The manipulation leads to heap-based buffer overflow. Local access is required to approach this attack. The exploit has been discloโฆ
4.8
CVE-2025-2308 - HDF5 Scale-Offset Filter H5Z__scaleoffset_decompress_one_byte heap-based overflow
A vulnerability, which was classified as critical, was found in HDF5 1.14.6. This affects the function H5Z__scaleoffset_decompress_one_byte of the component Scale-Offset Filter. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been discloโฆ
6.4
CVE-2025-29782 - WeGIA Cross-Site Scripting (XSS) Stored in endpoint `adicionar_tipo_docs_atendido.php` parameter `tโฆ
WeGIA is Web manager for charitable institutions A Stored Cross-Site Scripting (XSS) vulnerability was identified in the `adicionar_tipo_docs_atendido.php` endpoint in versions of the WeGIA application prior to 3.2.17. This vulnerability allows attackers to inject malicious scripts into the `tipo` โฆ
5.3
CVE-2025-29771 - HtmlSanitizer vulnerable to XSS when used with contentEditable
HtmlSanitizer is a client-side HTML Sanitizer. Versions prior to 2.0.3 have a cross-site scripting vulnerability when the sanitizer is used with a `contentEditable` element to set the elements `innerHTML` to a sanitized string produced by the package. If the code is particularly crafted to abuse thโฆ
8.7
CVE-2024-12245 - Blind SQL Injection in Logout
Logout functionality contains a blind SQL injection that can be exploited by unauthenticated attackers.ย Using a time-based blind SQLi technique the attacker can disclose all database contents. Account takeover is a potential outcome depending on the presence or lack thereof entries in certain databโฆ
6.4
CVE-2024-12020 - Reflected Cross-Site Scripting (XSS)
There is a reflected cross-site scripting (XSS) within JSP files used to control application appearance. An unauthenticated attacker could deceive a user into clicking a crafted link to trigger the vulnerability.ย Stealing the session cookie is not possible due to cookie security flags, however the โฆ