Total
6645 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-4547 | 2025-05-11 | 3.3 LOW | 2.4 LOW | ||
| A vulnerability was found in SourceCodester Web-based Pharmacy Product Management System 1.0. It has been rated as problematic. Affected by this issue is some unknown functionality of the component Add User Page. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. Multiple parameters might be affected. | |||||
| CVE-2025-4542 | 2025-05-11 | 2.6 LOW | 3.1 LOW | ||
| A vulnerability, which was classified as problematic, has been found in Freeebird Hotel 酒店管理系统 API up to 1.2. Affected by this issue is some unknown functionality of the file /src/main/java/cn/mafangui/hotel/tool/SessionInterceptor.java. The manipulation leads to permissive cross-domain policy with untrusted domains. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4537 | 2025-05-11 | 2.6 LOW | 3.1 LOW | ||
| A vulnerability was found in yangzongzhuan RuoYi-Vue up to 3.8.9 and classified as problematic. Affected by this issue is some unknown functionality of the file ruoyi-ui/jsencrypt.js and ruoyi-ui/login.vue of the component Password Handler. The manipulation leads to cleartext storage of sensitive information in a cookie. The attack may be launched remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4534 | 2025-05-11 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability, which was classified as problematic, has been found in SunGrow Logger1000 01_A. This issue affects some unknown processing. The manipulation leads to weak password requirements. The attack may be initiated remotely. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-4533 | 2025-05-11 | 3.3 LOW | 2.7 LOW | ||
| A vulnerability classified as problematic was found in JeecgBoot up to 3.8.0. This vulnerability affects the function unzipFile of the file /jeecg-boot/airag/knowledge/doc/import/zip of the component Document Library Upload. The manipulation of the argument File leads to resource consumption. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-4527 | 2025-05-11 | 2.6 LOW | 3.7 LOW | ||
| A vulnerability has been found in Dígitro NGC Explorer 3.44.15 and classified as problematic. This vulnerability affects unknown code of the component Password Transmission Handler. The manipulation leads to client-side enforcement of server-side security. The attack can be initiated remotely. The complexity of an attack is rather high. The exploitation appears to be difficult. The vendor was contacted early about this disclosure but did not respond in any way. | |||||
| CVE-2025-47816 | 2025-05-10 | N/A | 2.9 LOW | ||
| libpspp-core.a in GNU PSPP through 2.0.1 allows attackers to cause an spvxml-helpers.c spvxml_parse_attributes out-of-bounds read, related to extra content at the end of a document. | |||||
| CVE-2025-4495 | 2025-05-10 | 4.0 MEDIUM | 3.5 LOW | ||
| A vulnerability has been found in JAdmin-JAVA JAdmin 1.0 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /memoAjax/save. The manipulation of the argument ID leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. | |||||
| CVE-2025-46326 | 1 Snowflake | 1 Snowflake Connector | 2025-05-10 | N/A | 3.3 LOW |
| snowflake-connector-net is the Snowflake Connector for .NET. Versions starting from 2.1.2 to before 4.4.1, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Connector reads logging configuration from a user-provided file. On Linux and macOS, the Connector verifies that the configuration file can be written to only by its owner. That check was vulnerable to a TOCTOU race condition and failed to verify that the file owner matches the user running the Connector. This could allow a local attacker with write access to the configuration file or the directory containing it to overwrite the configuration and gain control over logging level and output location. This issue has been patched in version 4.4.1. | |||||
| CVE-2025-0049 | 1 Fortra | 1 Goanywhere Managed File Transfer | 2025-05-10 | N/A | 3.5 LOW |
| When a Web User without Create permission on subfolders attempts to upload a file to a non-existent directory, the error message includes the absolute server path which may allow Fuzzing for application mapping. This issue affects GoAnywhere: before 7.8.0. | |||||
| CVE-2025-46327 | 1 Snowflake | 1 Gosnowflake | 2025-05-09 | N/A | 3.3 LOW |
| gosnowflake is the Snowflake Golang driver. Versions starting from 1.7.0 to before 1.13.3, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS, the Driver reads logging configuration from a user-provided file. On Linux and macOS the Driver verifies that the configuration file can be written to only by its owner. That check was vulnerable to a TOCTOU race condition and failed to verify that the file owner matches the user running the Driver. This could allow a local attacker with write access to the configuration file or the directory containing it to overwrite the configuration and gain control over logging level and output location. This issue has been patched in version 1.13.3. | |||||
| CVE-2025-46328 | 1 Snowflake | 1 Snowflake Connector | 2025-05-09 | N/A | 3.3 LOW |
| snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided file. On Linux and macOS the Driver verifies that the configuration file can be written to only by its owner. That check was vulnerable to a TOCTOU race condition and failed to verify that the file owner matches the user running the Driver. This could allow a local attacker with write access to the configuration file or the directory containing it to overwrite the configuration and gain control over logging level and output location. This issue has been patched in version 2.0.4. | |||||
| CVE-2025-46329 | 1 Snowflake | 1 Connector For C\/c\+\+ | 2025-05-09 | N/A | 3.3 LOW |
| libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, are vulnerable to local logging of sensitive information. When the logging level was set to DEBUG, the Connector would log locally the client-side encryption master key of the target stage during the execution of GET/PUT commands. This key by itself does not grant access to any sensitive data without additional access authorizations, and is not logged server-side by Snowflake. This issue has been patched in version 2.2.0. | |||||
| CVE-2025-46330 | 1 Snowflake | 1 Connector For C\/c\+\+ | 2025-05-09 | N/A | 3.3 LOW |
| libsnowflakeclient is the Snowflake Connector for C/C++. Versions starting from 0.5.0 to before 2.2.0, incorrectly treat malformed requests that caused the HTTP response status code 400, as able to be retried. This could hang the application until SF_CON_MAX_RETRY requests were sent. This issue has been patched in version 2.2.0. | |||||
| CVE-2025-27132 | 1 Openatom | 1 Openharmony | 2025-05-09 | N/A | 3.8 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker arbitrary code execution in pre-installed apps through out-of-bounds write. This vulnerability can be exploited only in restricted scenarios. | |||||
| CVE-2025-27241 | 1 Openatom | 1 Openharmony | 2025-05-09 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. | |||||
| CVE-2025-27248 | 1 Openatom | 1 Openharmony | 2025-05-09 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. | |||||
| CVE-2025-22886 | 1 Openatom | 1 Openharmony | 2025-05-09 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through missing release of memory. | |||||
| CVE-2025-25052 | 1 Openatom | 1 Openharmony | 2025-05-09 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker cause DOS through buffer overflow. | |||||
| CVE-2025-25218 | 1 Openatom | 1 Openharmony | 2025-05-09 | N/A | 3.3 LOW |
| in OpenHarmony v5.0.3 and prior versions allow a local attacker case DOS through NULL pointer dereference. | |||||