5.3
CVE-2025-3009 - Jinher Network OA NetDiskProperty.aspx sql injection
A vulnerability classified as critical was found in Jinher Network OA C6. Affected by this vulnerability is an unknown functionality of the file /C6/JHSoft.Web.NetDisk/NetDiskProperty.aspx. The manipulation of the argument ID leads to sql injection. The attack can be launched remotely. The exploit β¦
8.8
CVE-2025-31129 - jooby-pac4j: deserialization of untrusted data
Jooby is a web framework for Java and Kotlin. The pac4j io.jooby.internal.pac4j.SessionStoreImpl#get module deserializes untrusted data. This vulnerability is fixed in 2.17.0 (2.x) and 3.7.0 (3.x).
5.1
CVE-2025-3008 - Novastar CX40 NetFilter Utility netconfig popen command injection
A vulnerability classified as critical has been found in Novastar CX40 up to 2.44.0. Affected is the function system/popen of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation leads to command injection. The exploit has been disclosed to the public and may be useβ¦
6.9
CVE-2025-31128 - gifplayer XSS vulnerability
gifplayer is a customizable jquery plugin to play and stop animated gifs. gifplayer contains a cross-site scripting (XSS) vulnerability. This vulnerability is fixed in 0.3.7.
5.3
CVE-2025-29908 - Netty QUIC hash collision DoS attack
Netty QUIC codec is a QUIC codec for netty which makes use of quiche. An issue was discovered in the codec. A hash collision vulnerability (in the hash map used to manage connections) allows remote attackers to cause a considerable CPU load on the server (a Hash DoS attack) by initiating connectionβ¦
5.1
CVE-2025-3007 - Novastar CX40 NetFilter Utility netconfig getopt stack-based overflow
A vulnerability was found in Novastar CX40 up to 2.44.0. It has been rated as critical. This issue affects the function getopt of the file /usr/nova/bin/netconfig of the component NetFilter Utility. The manipulation of the argument cmd/netmask/pipeout/nettask leads to stack-based buffer overflow. Tβ¦
6.9
CVE-2025-3006 - PHPGurukul e-Diary Management System edit-category.php sql injection
A vulnerability was found in PHPGurukul e-Diary Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /edit-category.php?id=8. The manipulation of the argument Category leads to sql injection. The attack can be initiated remotely. The exploit hβ¦
5.1
CVE-2025-3005 - Sayski ForestBlog Friend Link cross site scripting
A vulnerability was found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this issue is some unknown functionality of the component Friend Link Handler. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosedβ¦
5.3
CVE-2025-31125 - Vite has a `server.fs.deny` bypassed for `inline` and `raw` with `?import` query
Vite is a frontend tooling framework for javascript. Vite exposes content of non-allowed files using ?inline&import or ?raw?import. Only apps explicitly exposing the Vite dev server to the network (using --host or server.host config option) are affected. This vulnerability is fixed in 6.2.4, 6.1.3,β¦
5.1
CVE-2025-3004 - Sayski ForestBlog search cross site scripting
A vulnerability has been found in Sayski ForestBlog up to 20250321 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /search. The manipulation of the argument keywords leads to cross site scripting. The attack can be launched remotely. The exploitβ¦