EUVD-2025-12226

Malicious code in bioql PyPI...

EUVD-2025-12224

Malicious code in bioql PyPI...

EUVD-2025-12225

Malicious code in bioql PyPI...

Vulnerability of the io.jmix.localfs package from the Jmix corporate web application framework: This package allows a attacker to cause a service failure.

The vulnerability of the io.jmix.localfs package, part of the Jmix framework for corporate web applications, involves unlimited distribution of resources. Exploiting this vulnerability could allow a remote attacker to cause service interruptions...

CVE-2025-32951

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

CVE-2025-32952

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files...

CVE-2025-32950

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server...

CVE-2025-32952

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files...

CVE-2025-32951

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

CVE-2025-32950

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, attackers could manipulate the FileRef parameter to access files on the system where the Jmix application is deployed, provided the application server...

CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

CVE-2025-32960 CUBA Generic REST API Vulnerable to Cross-Site Scripting (XSS) in the /files Endpoint

The CUBA REST API add-on performs operations on data and entities. Prior to version 7.2.7, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends with .html. This could allow malicious JavaScript code ...

CVE-2025-32959 CUBA Vulnerable to Denial of Service (DoS) in the File Storage

CUBA Platform is a high level framework for enterprise applications development. Prior to version 7.2.23, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files, potentially causing the server to run...

CVE-2025-32951

CVE-2025-32951 affects io.jmix.rest:jmix-rest via the /files endpoint, enabling XSS when an attacker manipulates a file-path/name input so the Content-Type becomes text/html for names ending with .html. Impact is cross-site scripting in browsers when a malicious file is uploaded beforehand. Affec...

CVE-2025-32951 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

CVE-2025-32951 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

CVE-2025-32951 io.jmix.rest:jmix-rest allows XSS in the /files Endpoint of the Generic REST API

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the input parameter, which consists of a file path and name, can be manipulated to return the Content-Type header with text/html if the name part ends...

CVE-2025-32952 io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files...

CVE-2025-32952 io.jmix.localfs:jmix-localfs affected by DoS in the Local File Storage

Jmix is a set of libraries and tools to speed up Spring Boot data-centric application development. In versions 1.0.0 to 1.6.1 and 2.0.0 to 2.3.4, the local file storage implementation does not restrict the size of uploaded files. An attacker could exploit this by uploading excessively large files...

CVE-2025-32952

The CVE-2025-32952 affects Jmix local file storage (io.jmix.localfs:jmix-localfs) across Jmix 1.x and 2.x releases: versions 1.0.0–1.6.1 and 2.0.0–2.3.4 fail to enforce file size limits on uploads, enabling an attacker to upload excessively large files and potentially exhaust server disk space, c...