Security Vulnerabilities - CVEs Published In May 2025
IBM Db2 for Linux, UNIX and Windows 12.1.0 and 12.1.1 is vulnerable to a denial of service as the server may crash under certain conditions with a specially crafted query.
CVSS Score
5.3
EPSS Score
0.002
Published
2025-05-01
A vulnerability was found in PCMan FTP Server 2.0.7. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the component SEND Command Handler. The manipulation leads to buffer overflow. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-05-01
A vulnerability was found in xiaowei1118 java_server up to 11a5bac8f4ba1c17e4bc1b27cad6d24868500e3a on Windows and classified as critical. This issue affects some unknown processing of the file /src/main/java/com/changyu/foryou/controller/FoodController.java of the component File Upload API. The manipulation leads to path traversal. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
CVSS Score
5.4
EPSS Score
0.001
Published
2025-05-01
A vulnerability was found in PCMan FTP Server 2.0.7. It has been classified as critical. Affected is an unknown function of the component TRACE Command Handler. The manipulation leads to buffer overflow. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-05-01
IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10
Client connecting to a MQ Queue Manager can cause a SIGSEGV in the AMQRMPPA channel process terminating it.
CVSS Score
6.5
EPSS Score
0.001
Published
2025-05-01
A vulnerability has been found in PHPGurukul Blood Bank & Donor Management System 2.4 and classified as critical. This vulnerability affects unknown code of the file /admin/request-received-bydonar.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.001
Published
2025-05-01
IBM MQ Container when used with the IBM MQ Operator LTS 2.0.0 through 2.0.29, MQ Operator CD 3.0.0, 3.0.1, 3.1.0 through 3.1.3, 3.3.0, 3.4.0, 3.4.1, 3.5.0, 3.5.1, and MQ Operator SC2 3.2.0 through 3.2.10 and configured with Cloud Pak for Integration Keycloak could disclose sensitive information to a privileged user.
CVSS Score
6.0
EPSS Score
0.0
Published
2025-05-01
Sematell ReplyOne 7.4.3.0 has Insecure Permissions for the /rest/sessions endpoint.
CVSS Score
9.1
EPSS Score
0.001
Published
2025-05-01
Sematell ReplyOne 7.4.3.0 allows XSS via a ReplyDesk e-mail attachment name.
CVSS Score
6.1
EPSS Score
0.001
Published
2025-05-01
Sematell ReplyOne 7.4.3.0 allows SSRF via the application server API.
CVSS Score
7.5
EPSS Score
0.001
Published
2025-05-01