5.3
CVE-2025-5885 - Konica Minolta bizhub cross-site request forgery
A vulnerability has been found in Konica Minolta bizhub up to 20250202 and classified as problematic. This vulnerability affects unknown code. The manipulation leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
5.1
CVE-2025-5884 - Konica Minolta bizhub Display MFP Information List cross site scripting
A vulnerability, which was classified as problematic, was found in Konica Minolta bizhub up to 20250202. This affects an unknown part of the component Display MFP Information List. The manipulation of the argument Model Name leads to cross site scripting. It is possible to initiate the attack remotβ¦
5.3
CVE-2025-5881 - code-projects Chat System confirm_password.php sql injection
A vulnerability was found in code-projects Chat System up to 1.0 and classified as critical. This issue affects some unknown processing of the file /user/confirm_password.php. The manipulation of the argument cid leads to sql injection. The attack may be initiated remotely. The exploit has been disβ¦
5.3
CVE-2025-5880 - Whistle get-temp-file path traversal
A vulnerability has been found in Whistle 2.9.98 and classified as problematic. This vulnerability affects unknown code of the file /cgi-bin/sessions/get-temp-file. The manipulation of the argument filename leads to path traversal. The exploit has been disclosed to the public and may be used. The vβ¦
5.1
CVE-2025-5879 - WuKongOpenSource WukongCRM File Upload AdminSysConfigController.java cross site scripting
A vulnerability, which was classified as problematic, was found in WuKongOpenSource WukongCRM 9.0. This affects an unknown part of the file AdminSysConfigController.java of the component File Upload. The manipulation of the argument File leads to cross site scripting. It is possible to initiate theβ¦
6
CVE-2025-49130 - Laravel Translation Manager Vulnerable to Stored Cross-site Scripting
Laravel Translation Manager is a package to manage Laravel translation files. Prior to version 0.6.8, the application is vulnerable to Cross-Site Scripting (XSS) attacks due to incorrect input validation and sanitization of user-input data. An attacker can inject arbitrary HTML code, including Javaβ¦
10
CVE-2025-49013 - WilderForge vulnerable to code Injection via GitHub Actions Workflows
WilderForge is a Wildermyth coremodding API. A critical vulnerability has been identified in multiple projects across the WilderForge organization. The issue arises from unsafe usage of `${{ github.event.review.body }}` and other user controlled variables directly inside shell script contexts in Giβ¦
6.3
CVE-2025-49131 - FastGPT Sandbox Vulnerable to Sandbox Bypass
FastGPT is an open-source project that provides a platform for building, deploying, and operating AI-driven workflows and conversational agents. The Sandbox container (fastgpt-sandbox) is a specialized, isolated environment used by FastGPT to safely execute user-submitted or dynamically generated cβ¦
8.2
CVE-2025-49006 - Wasp has case insensitive OAuth ID vulnerability
Wasp (Web Application Specification) is a Rails-like framework for React, Node.js, and Prisma. Prior to version 0.16.6, Wasp authentication has a vulnerability in the OAuth authentication implementation (affecting only Keycloak with a specific config). Wasp currently lowercases OAuth user IDs beforβ¦
8.1
CVE-2025-48877 - Discourse vulnerable to auto-executing of third-party code in embedded CodePen iframe
Discourse is an open-source discussion platform. Prior to version 3.4.4 of the `stable` branch, version 3.5.0.beta5 of the `beta` branch, and version 3.5.0.beta6-dev of the `tests-passed` branch, Codepen is present in the default `allowed_iframes` site setting, and it can potentially auto-run arbitβ¦