Security Vulnerabilities - CVEs Published In May 2025
A command injection vulnerability in the component /cgi-bin/qos.cgi of Wavlink WL-WN579A3 v1.0 allows attackers to execute arbitrary commands via a crafted input.
CVSS Score
9.8
EPSS Score
0.011
Published
2025-05-20
FW-WGS-804HPT v1.305b241111 was discovered to contain a stack overflow via the web_sys_infoContact_post function.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-20
In JetBrains TeamCity before 2025.03.2 stored XSS via GitHub Checks Webhook was possible
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-20
In JetBrains TeamCity before 2025.03.2 stored XSS via YouTrack integration was possible
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-20
In JetBrains TeamCity before 2025.03.2 stored XSS via Jira integration was possible
CVSS Score
4.8
EPSS Score
0.0
Published
2025-05-20
In JetBrains TeamCity before 2025.03.2 open redirect was possible on editing VCS Root page
CVSS Score
4.3
EPSS Score
0.0
Published
2025-05-20
Langroid is a Python framework to build large language model (LLM)-powered applications. Prior to version 0.53.15, `TableChatAgent` uses `pandas eval()`. If fed by untrusted user input, like the case of a public-facing LLM application, it may be vulnerable to code injection. Langroid 0.53.15 sanitizes input to `TableChatAgent` by default to tackle the most common attack vectors, and added several warnings about the risky behavior in the project documentation.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-20
This High severity PrivEsc (Privilege Escalation) vulnerability was introduced in versions:
9.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Core Data Center and Server
5.12.0, 10.3.0, 10.4.0, and 10.5.0 of Jira Service Management Data Center and Server
This PrivEsc (Privilege Escalation) vulnerability, with a CVSS Score of 7.2, allows an attacker to perform actions as a higher-privileged user.
Atlassian recommends that Jira Core Data Center and Server and Jira Service Management Data Center and Server customers upgrade to latest version, if you are unable to do so, upgrade your instance to one of the specified supported fixed versions:
Jira Core Data Center and Server 9.12: Upgrade to a release greater than or equal to 9.12.20
Jira Service Management Data Center and Server 5.12: Upgrade to a release greater than or equal to 5.12.20
Jira Core Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5
Jira Service Management Data Center 10.3: Upgrade to a release greater than or equal to 10.3.5
Jira Core Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0
Jira Service Management Data Center 10.4: Upgrade to a release greater than or equal to 10.6.0
Jira Core Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1
Jira Service Management Data Center 10.5: Upgrade to a release greater than or equal to 10.5.1
See the release notes. You can download the latest version of Jira Core Data Center and Jira Service Management Data Center from the download center.
This vulnerability was reported via our Atlassian (Internal) program.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-05-20
D-link DI-8100 16.07.26A1 is vulnerable to Command Injection. An attacker can exploit this vulnerability by crafting specific HTTP requests, triggering the command execution flaw and gaining the highest privilege shell access to the firmware system.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-05-20
IBM Security ReaQta EDR 3.12 could allow an attacker to perform unauthorized actions due to improper SSL certificate validation.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-05-20