3.2
CVE-2025-29087 - sqlite: Integer Overflow in SQLite concat_ws Function
In SQLite 3.44.0 through 3.49.0 before 3.49.1, the concat_ws() SQL function can cause memory to be written beyond the end of a malloc-allocated buffer. If the separator argument is attacker-controlled and has a large string (e.g., 2MB or more), an integer overflow occurs in calculating the size of โฆ
9.8
CVE-2025-28405 -
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the changeStatus method
6.7
CVE-2025-28400 -
An issue in RUoYi v.4.8.0 allows a remote attacker to escalate privileges via the postID parameter in the edit method
3.7
CVE-2025-3360 - Glibc: glib prior to 2.82.5 is vulnerable to integer overflow and buffer under-read when parsing aโฆ
A flaw was found in GLib. An integer overflow and buffer under-read occur when parsing a long invalid ISO 8601 timestamp with the g_date_time_new_from_iso8601() function.
6.2
CVE-2025-2251 - Org.jboss.eap:wildfly-ejb3: improper deserialization in jboss marshalling allows remote code executโฆ
A security flaw exists in WildFly and JBoss Enterprise Application Platform (EAP) within the Enterprise JavaBeans (EJB) remote invocation mechanism. This vulnerability stems from untrusted data deserialization handled by JBoss Marshalling. This flaw allows an attacker to send a specially crafted seโฆ
5.1
CVE-2025-3326 - iteaj iboot ็ฉ่็ฝ็ฝๅ ณ File Upload upload cross site scripting
A vulnerability has been found in iteaj iboot ็ฉ่็ฝ็ฝๅ ณ 1.1.3 and classified as problematic. This vulnerability affects unknown code of the file /common/upload of the component File Upload. The manipulation of the argument File leads to cross site scripting. The attack can be initiated remotely. The exโฆ
5.3
CVE-2025-3325 - iteaj iboot ็ฉ่็ฝ็ฝๅ ณ Admin Password pwd access control
A vulnerability, which was classified as problematic, was found in iteaj iboot ็ฉ่็ฝ็ฝๅ ณ 1.1.3. This affects an unknown part of the file /core/admin/pwd of the component Admin Password Handler. The manipulation of the argument ID leads to improper access controls. It is possible to initiate the attack โฆ
5.3
CVE-2025-3324 - godcheese/code-projects Nimrod FileRestController.java unrestricted upload
A vulnerability, which was classified as critical, has been found in godcheese/code-projects Nimrod 0.8. Affected by this issue is some unknown functionality of the file FileRestController.java. The manipulation of the argument File leads to unrestricted upload. The attack may be launched remotely.โฆ
5.3
CVE-2025-3323 - godcheese/code-projects Nimrod ViewMenuCategoryRestController.java searchAllByName sql injection
A vulnerability classified as critical was found in godcheese/code-projects Nimrod 0.8. Affected by this vulnerability is the function searchAllByName of the file ViewMenuCategoryRestController.java. The manipulation of the argument Name leads to sql injection. The attack can be launched remotely. โฆ
9.3
CVE-2025-32013 - Server-Side Request Forgery via LNURL Authentication Callback in LNbits Lightning Network Payment Sโฆ
LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerability has been discovered in LNbits' LNURL authentication handling functionality. When processing LNURL authentication requests, the application accepts a callback URL parameter and makes an HTTP request โฆ