8.5
CVE-2025-49619 -
Skyvern through 0.1.85 is vulnerable to server-side template injection (SSTI) in the Prompt field of workflow blocks such as the Navigation v2 Block. Improper sanitization of Jinja2 template input allows authenticated users to inject crafted expressions that are evaluated on the server, leading to β¦
4
CVE-2025-49128 - Jackson-core Vulnerable to Memory Disclosure via Source Snippet in JsonLocation
Jackson-core contains core low-level incremental ("streaming") parser and generator abstractions used by Jackson Data Processor. Starting in version 2.0.0 and prior to version 2.13.0, a flaw in jackson-core's `JsonLocation._appendSourceDesc` method allows up to 500 bytes of unintended memory contenβ¦
8.9
CVE-2025-49127 - Kafbat UI vulnerable to Remote Code Execution by JMX in Metrices Configuration
Kafbat UI is a web user interface for managing Apache Kafka clusters. An unsafe deserialization vulnerability in version 1.0.0 allows any unauthenticated user to execute arbitrary code on the server. Version 1.1.0 fixes the issue.
8.7
CVE-2025-5799 - Tenda AC8 WifiExtraSet fromSetWirelessRepeat stack-based overflow
A vulnerability was found in Tenda AC8 16.03.34.09. It has been declared as critical. Affected by this vulnerability is the function fromSetWirelessRepeat of the file /goform/WifiExtraSet. The manipulation of the argument wpapsk_crypto leads to stack-based buffer overflow. The attack can be launcheβ¦
8.7
CVE-2025-5798 - Tenda AC8 SetSysTimeCfg fromSetSysTime stack-based overflow
A vulnerability was found in Tenda AC8 16.03.34.09. It has been classified as critical. Affected is the function fromSetSysTime of the file /goform/SetSysTimeCfg. The manipulation of the argument timeType leads to stack-based buffer overflow. It is possible to launch the attack remotely. The exploiβ¦
5.1
CVE-2025-5797 - code-projects Laundry System insert_type.php cross site scripting
A vulnerability was found in code-projects Laundry System 1.0 and classified as problematic. This issue affects some unknown processing of the file /data/insert_type.php. The manipulation of the argument Type leads to cross site scripting. The attack may be initiated remotely. The exploit has been β¦
5.1
CVE-2025-5796 - code-projects Laundry System edit_type.php cross site scripting
A vulnerability has been found in code-projects Laundry System 1.0 and classified as problematic. This vulnerability affects unknown code of the file /data/edit_type.php. The manipulation of the argument Type leads to cross site scripting. The attack can be initiated remotely. The exploit has been β¦
8.8
CVE-2025-2766 - 70mai A510 Use of Default Password Authentication Bypass Vulnerability
70mai A510 Use of Default Password Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of 70mai A510. Authentication is not required to exploit this vulnerability. The specific flaw exists within the default cβ¦
8.8
CVE-2025-3485 - Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability
Allegra extractFileFromZip Directory Traversal Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Allegra. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementatioβ¦
7.8
CVE-2025-5481 - Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
Sante DICOM Viewer Pro DCM File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Sante DICOM Viewer Pro. User interaction is required to exploit this vulnerability in that the target muβ¦