6.5
CVE-2025-1499 - IBM InfoSphere Information Server information disclosure
IBM InfoSphere Information Server 11.7 stores credential information for database authentication in a cleartext parameter file that could be viewed by an authenticated user.
6.9
CVE-2025-5400 - chaitak-gorai Blogbook GET Parameter user.php sql injection
A vulnerability was found in chaitak-gorai Blogbook up to 92f5cf90f8a7e6566b576fe0952e14e1c6736513. It has been classified as critical. Affected is an unknown function of the file /user.php of the component GET Parameter Handler. The manipulation of the argument u_id leads to sql injection. It is pβ¦
5.3
CVE-2025-5390 - JeeWMS File filedeal.do filedeal access control
A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedeal.do of the component File Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. Thisβ¦
5.3
CVE-2025-5389 - JeeWMS File generateController.do dogenerateOne2Many access control
A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulation leads to improper access controls. The attack mβ¦
5.3
CVE-2025-5388 - JeeWMS generateController.do dogenerate sql injection
A vulnerability classified as critical was found in JeeWMS up to 20250504. Affected by this vulnerability is the function dogenerate of the file /generateController.do?dogenerate. The manipulation leads to sql injection. The attack can be launched remotely. This product takes the approach of rollinβ¦
5.3
CVE-2025-5387 - JeeWMS File generateController.do dogenerate access control
A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. This proβ¦
5.3
CVE-2025-5386 - JeeWMS cgformTransController.do transEditor sql injection
A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. Thisβ¦
5.3
CVE-2025-5385 - JeeWMS cgformTemplateController.do doAdd path traversal
A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation leads to path traversal. The attack can be initiated remotely. Continious delivery with rolling releasβ¦
5.3
CVE-2025-5384 - JeeWMS cgAutoListController.do CgAutoListController sql injection
A vulnerability was found in JeeWMS up to 20250504. It has been classified as critical. This affects the function CgAutoListController of the file /cgAutoListController.do?datagrid. The manipulation leads to sql injection. It is possible to initiate the attack remotely. This product takes the approβ¦
4.8
CVE-2025-5383 - Yifang CMS Article Management Module cross site scripting
A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default Value leads to cross site scripting. The attack may be launched remotely. The β¦