8.2
CVE-2025-31492 - mod_auth_openidc allows OIDCProviderAuthRequestMethod POSTs to leak protected data
mod_auth_openidc is an OpenID Certified authentication and authorization module for the Apache 2.x HTTP server that implements the OpenID Connect Relying Party functionality. Prior to 2.4.16.11, a bug in a mod_auth_openidc results in disclosure of protected content to unauthenticated users. The con…
4.9
CVE-2025-31488 - Plain Craft Launcher's custom homepage can use Internet Explorer to load web pages with the help of…
Plain Craft Launcher (PCL) is a launcher for Minecraft. PCL allows users to use homepages provided by third parties. If controls such as WebBrowser are used in the homepage, WPF will use Internet Explorer to load the specified webpage. If the user uses a malicious homepage, the attacker can use IE …
5.3
CVE-2025-2259 - Eclipse ThreadX NetX Duo component HTTP server single PUT request integer underflow
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length in one packet smaller than the data request size of th…
7.1
CVE-2025-2260 - Eclipse ThreadX NetX Duo HTTP component server denial of service
In NetX HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause a denial of service by specially crafted packets. The core issue is missing closing of a file in case of an error condition, resulting in the 404 error for each further file request. Users …
5.3
CVE-2025-2258 - Eclipse ThreadX NetX Duo HTTP server single PUT request integer underflow
In NetX Duo component HTTP server functionality of Eclipse ThreadX NetX Duo before version 6.4.3, an attacker can cause an integer underflow and a subsequent denial of service by writing a very large file, by specially crafted packets with Content-Length smaller than the data request size. A po…
5.3
CVE-2025-3318 - Kenj_Frog 肯尼基蛙 company-financial-management 公司财务管理系统 ShangpinleixingController.java page sql inject…
A vulnerability classified as critical was found in Kenj_Frog 肯尼基蛙 company-financial-management 公司财务管理系统 1.0. Affected by this vulnerability is the function page of the file src/main/java/com/controller/ShangpinleixingController.java. The manipulation of the argument sort leads to sql injection. Th…
5.3
CVE-2025-3317 - fumiao opencms dataPage.jsp path traversal
A vulnerability classified as problematic has been found in fumiao opencms up to a0fafa5cff58719e9b27c2a2eec204cc165ce14f. Affected is an unknown function of the file opencms-dev/src/main/webapp/view/admin/document/dataPage.jsp. The manipulation of the argument path leads to path traversal. It is p…
6.9
CVE-2025-3316 - PHPGurukul Men Salon Management System search-invoices.php sql injection
A vulnerability was found in PHPGurukul Men Salon Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /admin/search-invoices.php. The manipulation of the argument searchdata leads to sql injection. The attack may be initiated remotely. The ex…
6.9
CVE-2025-3315 - SourceCodester Apartment Visitor Management System view-report.php sql injection
A vulnerability was found in SourceCodester Apartment Visitor Management System 1.0 and classified as critical. Affected by this issue is some unknown functionality of the file /view-report.php. The manipulation of the argument fromdate/todate leads to sql injection. The attack may be launched remo…
6.9
CVE-2025-3314 - SourceCodester Apartment Visitor Management System forgotpw.php sql injection
A vulnerability has been found in SourceCodester Apartment Visitor Management System 1.0 and classified as critical. Affected by this vulnerability is an unknown functionality of the file /forgotpw.php. The manipulation of the argument secode leads to sql injection. The attack can be launched remot…