8.7
CVE-2025-4987 - Stored Cross-site Scripting (XSS) vulnerability affecting Opportunity Management in Project Portfolβ¦
A stored Cross-site Scripting (XSS) vulnerability affecting Opportunity Management in Project Portfolio Manager from Release 3DEXPERIENCE R2023x through Release 3DEXPERIENCE R2025x allows an attacker to execute arbitrary script code in user's browser session.
8.7
CVE-2025-6111 - Tenda FH1205 VirtualSer fromVirtualSer stack-based overflow
A vulnerability classified as critical was found in Tenda FH1205 2.0.0.7(775). This vulnerability affects the function fromVirtualSer of the file /goform/VirtualSer. The manipulation of the argument page leads to stack-based buffer overflow. The attack can be initiated remotely. The exploit has beeβ¦
8.7
CVE-2025-6110 - Tenda FH1201 SafeMacFilter stack-based overflow
A vulnerability classified as critical has been found in Tenda FH1201 1.2.0.14(408). This affects an unknown part of the file /goform/SafeMacFilter. The manipulation of the argument page leads to stack-based buffer overflow. It is possible to initiate the attack remotely. The exploit has been disclβ¦
9.3
CVE-2025-6169 - HAMASTAR Technology WIMP website co-construction management platform - SQL Injection
The WIMP website co-construction management platform from HAMASTAR Technology has a SQL Injection vulnerability, allowing unauthenticated remote attackers to inject arbitrary SQL commands to read, modify, and delete database contents.
5.3
CVE-2025-6109 - javahongxi whatsmars InitializrController.java initialize path traversal
A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java. The manipulationβ¦
5.3
CVE-2025-6108 - hansonwang99 Spring-Boot-In-Action File Upload ImageUploadService.java watermarkTest path traversal
A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file /springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUβ¦
2.3
CVE-2025-6107 - comfyanonymous comfyui utils.py set_attr dynamically-determined object attributes
A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function set_attr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. It is possible to launch the attack remotely. The complexity of an atβ¦
5.3
CVE-2025-6106 - WuKongOpenSource WukongCRM AdminRoleController.java cross-site request forgery
A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cross-site request forgery. The attack may be initiated remotely. The exploit has been disclosed to tβ¦
5.3
CVE-2025-6105 - jflyfox jfinal_cms HOME.java cross-site request forgery
A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. The attack can be initiated remotely. The exploit has been disclosed β¦
8.7
CVE-2025-6104 - Wifi-soft UniBox Controller pms_check.php os command injection
A vulnerability, which was classified as critical, was found in Wifi-soft UniBox Controller up to 20250506. This affects an unknown part of the file /billing/pms_check.php. The manipulation of the argument ipaddress leads to os command injection. It is possible to initiate the attack remotely. The β¦