Security Vulnerabilities
Craft is a platform for creating digital experiences. From versions 4.0.0-RC1 to 4.16.5 and 5.0.0-RC1 to 5.8.6, there is a potential remote code execution vulnerability via Twig SSTI (Server-Side Template Injection). This is a follow-up to CVE-2024-52293. This vulnerability has been patched in versions 4.16.6 and 5.8.7.
CVSS Score
7.2
EPSS Score
0.004
Published
2025-08-25
Langflow is a tool for building and deploying AI-powered agents and workflows. A privilege escalation vulnerability exists in Langflow containers where an authenticated user with RCE access can invoke the internal CLI command langflow superuser to create a new administrative user. This results in full superuser access, even if the user initially registered through the UI as a regular (non-admin) account. A patched version has not been made public at this time.
CVSS Score
8.8
EPSS Score
0.0
Published
2025-08-25
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, there is a H2 JDBC RCE bypass in DataEase. If the JDBC URL meets criteria, the getJdbcUrl method is returned, which acts as the getter for the JdbcUrl parameter provided. This bypasses H2's filtering logic and returns the H2 JDBC URL, allowing the "driver":"org.h2.Driver" to specify the H2 driver for the JDBC connection. The vulnerability has been fixed in version 2.10.12.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-08-25
DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.12, because DB2 parameters are not filtered, a JNDI injection attack can be directly launched. JNDI triggers an AspectJWeaver deserialization attack, writing to various files. This vulnerability requires commons-collections 4.x and aspectjweaver-1.9.22.jar. The vulnerability has been fixed in version 2.10.12.
CVSS Score
9.8
EPSS Score
0.001
Published
2025-08-25
PerfreeBlog v4.0.11 has a directory traversal vulnerability in the getThemeFilesByName function.
CVSS Score
7.5
EPSS Score
0.004
Published
2025-08-25
PerfreeBlog v4.0.11 has an arbitrary file read vulnerability in the getThemeFileContent function.
CVSS Score
7.5
EPSS Score
0.0
Published
2025-08-25
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.
CVSS Score
8.5
EPSS Score
0.0
Published
2025-08-25
A memory corruption vulnerability exists in the PSD Image Decoding functionality of the SAIL Image Decoding Library v0.9.8. When loading a specially crafted .psd file, an integer overflow can be made to occur when calculating the stride for decoding. Afterwards, this will cause a heap-based buffer to overflow when decoding the image which can lead to remote code execution. An attacker will need to convince the library to read a file to trigger this vulnerability.
CVSS Score
8.8
EPSS Score
0.001
Published
2025-08-25
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in add-doctor.php via the docname parameter.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-08-25
phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in index.php via the username parameter.
CVSS Score
9.8
EPSS Score
0.0
Published
2025-08-25