5.1
CVE-2025-0709 - Dcat-Admin Roles Page roles cross site scripting
A vulnerability was found in Dcat-Admin 2.2.1-beta. It has been rated as problematic. This issue affects some unknown processing of the file /admin/auth/roles of the component Roles Page. The manipulation leads to cross site scripting. The attack may be initiated remotely. The exploit has been discβ¦
5.3
CVE-2025-0708 - fumiao opencms Add Model Management Page addOrUpdate cross site scripting
A vulnerability was found in fumiao opencms 2.2. It has been declared as problematic. This vulnerability affects unknown code of the file /admin/model/addOrUpdate of the component Add Model Management Page. The manipulation of the argument 樑ζΏεηΌ leads to cross site scripting. The attack can be initiβ¦
8.5
CVE-2025-0707 - Rise Group Rise Mode Temp CPU Startup CRYPTBASE.dll untrusted search path
A vulnerability was found in Rise Group Rise Mode Temp CPU 2.1. It has been classified as critical. This affects an unknown part in the library CRYPTBASE.dll of the component Startup. The manipulation leads to untrusted search path. The attack needs to be approached locally.
5.1
CVE-2025-0706 - JoeyBling bootplus admin.html cross site scripting
A vulnerability was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/sys/admin.html. The manipulation leads to cross site scripting. The attack may be launched remotely. β¦
6.9
CVE-2025-0705 - JoeyBling bootplus QrCodeController.java qrCode redirect
A vulnerability has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d and classified as problematic. Affected by this vulnerability is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument text leads β¦
4.2
CVE-2025-24363 - The HL7 FHIR IG publisher may potentially expose GitHub repo user and credential information
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.8.9, in CI contexts, the IG Publisher CLI uses git commands to determine the URL of the originating repo. If the repo was cloned, or otherwise set to use a repo that uses a username and creβ¦
8.6
CVE-2024-52807 - XXE vulnerability in XSLT parsing in `org.hl7.fhir.publisher`
The HL7 FHIR IG publisher is a tool to take a set of inputs and create a standard FHIR IG. Prior to version 1.7.4, XSLT transforms performed by various components are vulnerable to XML external entity injections. A processed XML file with a malicious DTD tag `( ]>` could produce XML containing dataβ¦
6.9
CVE-2025-0704 - JoeyBling bootplus QrCodeController.java qrCode resource consumption
A vulnerability, which was classified as problematic, was found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. Affected is the function qrCode of the file src/main/java/io/github/controller/QrCodeController.java. The manipulation of the argument w/h leads to resource consumptβ¦
5.3
CVE-2025-0703 - JoeyBling bootplus SysFileController.java path traversal
A vulnerability, which was classified as problematic, has been found in JoeyBling bootplus up to 247d5f6c209be1a5cf10cd0fa18e1d8cc63cf55d. This issue affects some unknown processing of the file src/main/java/io/github/controller/SysFileController.java. The manipulation of the argument name leads toβ¦
7.1
CVE-2025-24362 - CodeQL GitHub Action failed workflow writes GitHub PAT to debug artifacts
In some circumstances, debug artifacts uploaded by the CodeQL Action after a failed code scanning workflow run may contain the environment variables from the workflow run, including any secrets that were exposed as environment variables to the workflow. Users with read access to the repository woulβ¦