Security Vulnerabilities
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability requires commons-collections 4.x and aspectjweaver-1.9.22.jar. The vulnerability has been fixed in version 2.10.12.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-08-25
PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-08-25
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-08-25
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.
CVSS Score
8.5
EPSS Score
0.0
Published
2025-08-25
A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.002
Published
2025-08-25
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-08-25
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-08-25
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in contact.php via the pagetitle parameter.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-08-25
A memory corruption vulnerability exists in the WebP Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .webp animation an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-08-25
A memory corruption vulnerability exists in the BMPv3 RLE Decoding functionality of the SAIL Image Decoding Library v0.9.8. When decompressing the image data from a specially crafted .bmp file, a heap-based buffer overflow can occur which allows for remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-08-25