Security Vulnerabilities - CVEs Published In May 2025
A vulnerability, which was classified as critical, has been found in JeeWMS up to 20250504. Affected by this issue is the function dogenerateOne2Many of the file /generateController.do?dogenerateOne2Many of the component File Handler. The manipulation leads to improper access controls. The attack may be launched remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-05-31
A vulnerability, which was classified as critical, was found in JeeWMS up to 20250504. This affects the function filedeal of the file /systemController/filedeal.do of the component File Handler. The manipulation leads to improper access controls. It is possible to initiate the attack remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-05-31
A vulnerability classified as critical was found in JeeWMS up to 20250504. Affected by this vulnerability is the function dogenerate of the file /generateController.do?dogenerate. The manipulation leads to sql injection. The attack can be launched remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-05-31
A vulnerability classified as critical has been found in JeeWMS up to 20250504. Affected is the function dogenerate of the file /generateController.do?dogenerate of the component File Handler. The manipulation leads to improper access controls. It is possible to launch the attack remotely. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-05-31
A vulnerability was found in JeeWMS up to 20250504. It has been rated as critical. This issue affects the function transEditor of the file /cgformTransController.do?transEditor. The manipulation leads to sql injection. The attack may be initiated remotely. This product does not use versioning. This is why information about affected and unaffected releases are unavailable.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-05-31
A vulnerability was found in JeeWMS up to 20250504. It has been declared as critical. This vulnerability affects the function doAdd of the file /cgformTemplateController.do?doAdd. The manipulation leads to path traversal. The attack can be initiated remotely. Continious delivery with rolling releases is used by this product. Therefore, no version details of affected nor updated releases are available.
CVSS Score
6.3
EPSS Score
0.001
Published
2025-05-31
A vulnerability was found in JeeWMS up to 20250504. It has been classified as critical. This affects the function CgAutoListController of the file /cgAutoListController.do?datagrid. The manipulation leads to sql injection. It is possible to initiate the attack remotely. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-05-31
A vulnerability, which was classified as problematic, was found in Yifang CMS up to 2.0.2. Affected is the function downloadFile of the file /api/File/downloadFile of the component Admin Panel. The manipulation of the argument File leads to path traversal. It is possible to launch the attack remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
2.7
EPSS Score
0.002
Published
2025-05-31
A vulnerability was found in Yifang CMS up to 2.0.2 and classified as problematic. Affected by this issue is some unknown functionality of the component Article Management Module. The manipulation of the argument Default Value leads to cross site scripting. The attack may be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
2.4
EPSS Score
0.0
Published
2025-05-31
A vulnerability was found in SourceCodester Health Center Patient Record Management System 1.0. It has been declared as critical. Affected by this vulnerability is an unknown functionality of the file /patient.php. The manipulation of the argument itr_no leads to sql injection. The attack can be launched remotely. The exploit has been disclosed to the public and may be used.
CVSS Score
7.3
EPSS Score
0.0
Published
2025-05-31
Page 1