Aggregator

CVE-2025-6109 | javahongxi whatsmars 2021.4.0 InitializrController.java initialize artifactId path traversal (EUVD-2025-18365)

VulDB Recent Entries
6 months ago
A vulnerability was found in javahongxi whatsmars 2021.4.0. It has been rated as problematic. Affected by this issue is the function initialize of the file /whatsmars-archetypes/whatsmars-initializr/src/main/java/org/hongxi/whatsmars/initializr/controller/InitializrController.java. The manipulation of the argument artifactId leads to path traversal. This vulnerability is handled as CVE-2025-6109. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-6108 | hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa File Upload ImageUploadService.java watermarkTest filename path traversal (EUVD-2025-18362)

VulDB Recent Entries
6 months ago
A vulnerability was found in hansonwang99 Spring-Boot-In-Action up to 807fd37643aa774b94fd004cc3adbd29ca17e9aa. It has been declared as critical. Affected by this vulnerability is the function watermarkTest of the file /springbt_watermark/src/main/java/cn/codesheep/springbt_watermark/service/ImageUploadService.java of the component File Upload. The manipulation of the argument filename leads to path traversal. This vulnerability is known as CVE-2025-6108. The attack can be launched remotely. Furthermore, there is an exploit available. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-6107 | comfyanonymous comfyui 0.3.40 /comfy/utils.py set_attr dynamically-determined object attributes (EUVD-2025-18364)

VulDB Recent Entries
6 months ago
A vulnerability was found in comfyanonymous comfyui 0.3.40. It has been classified as problematic. Affected is the function set_attr of the file /comfy/utils.py. The manipulation leads to dynamically-determined object attributes. This vulnerability is traded as CVE-2025-6107. It is possible to launch the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-6106 | WuKongOpenSource WukongCRM 9.0 AdminRoleController.java cross-site request forgery (EUVD-2025-18361)

VulDB Recent Entries
6 months ago
A vulnerability was found in WuKongOpenSource WukongCRM 9.0 and classified as problematic. This issue affects some unknown processing of the file AdminRoleController.java. The manipulation leads to cross-site request forgery. The identification of this vulnerability is CVE-2025-6106. The attack may be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-6105 | jflyfox jfinal_cms 5.0.1 HOME.java Logout cross-site request forgery (EUVD-2025-18363)

VulDB Recent Entries
6 months ago
A vulnerability has been found in jflyfox jfinal_cms 5.0.1 and classified as problematic. This vulnerability affects unknown code of the file HOME.java. The manipulation of the argument Logout leads to cross-site request forgery. This vulnerability was named CVE-2025-6105. The attack can be initiated remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-6104 | Wifi-soft UniBox Controller up to 20250506 /billing/pms_check.php ipaddress os command injection (EUVD-2025-18360)

VulDB Recent Entries
6 months ago
A vulnerability, which was classified as critical, was found in Wifi-soft UniBox Controller up to 20250506. This affects an unknown part of the file /billing/pms_check.php. The manipulation of the argument ipaddress leads to os command injection. This vulnerability is uniquely identified as CVE-2025-6104. It is possible to initiate the attack remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-6103 | Wifi-soft UniBox Controller up to 20250506 test_accesscodelogin.php Password os command injection (EUVD-2025-18357)

VulDB Recent Entries
6 months ago
A vulnerability, which was classified as critical, has been found in Wifi-soft UniBox Controller up to 20250506. Affected by this issue is some unknown functionality of the file /billing/test_accesscodelogin.php. The manipulation of the argument Password leads to os command injection. This vulnerability is handled as CVE-2025-6103. The attack may be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

CVE-2025-6102 | Wifi-soft UniBox Controller up to 20250506 logout.php mac_address os command injection (EUVD-2025-18358)

VulDB Recent Entries
6 months ago
A vulnerability classified as critical was found in Wifi-soft UniBox Controller up to 20250506. Affected by this vulnerability is an unknown functionality of the file /authentication/logout.php. The manipulation of the argument mac_address leads to os command injection. This vulnerability is known as CVE-2025-6102. The attack can be launched remotely. Furthermore, there is an exploit available. The vendor was contacted early about this disclosure but did not respond in any way.
vuldb.com

Managed ad