CVE-2025-1247

HIGH Year: 2025
CVSS v3 Score
8.3
High
Weakness Type
CWE-488
View all →

Vulnerability Description

A flaw was found in Quarkus REST that allows request parameters to leak between concurrent requests if endpoints use field injection without a CDI scope. This vulnerability allows attackers to manipulate request data, impersonate users, or access sensitive information.

Related Vulnerabilities

CVE-2024-27935

HIGH
CVSS:8.3(High)

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Starting in version 1.35.1 and prior to version 1.36.3, a vulnerability in Deno's Node.js compatibility runtime allows for cross-session data...

CWE-4882024

CVE-2023-1907

HIGH
CVSS:8.0(High)

A vulnerability was found in pgadmin. Users logging into pgAdmin running in server mode using LDAP authentication may be attached to another user's session if multiple connection attempts occur simult...

CWE-4882023

CVE-2024-41977

HIGH
CVSS:8.0(High)

A vulnerability has been identified in RUGGEDCOM RM1224 LTE(4G) EU (6GK6108-4AM00-2BA2) (All versions < V8.1), RUGGEDCOM RM1224 LTE(4G) NAM (6GK6108-4AM00-2DA2) (All versions < V8.1), SCALANCE M804PB ...

CWE-4882024

CVE-2022-40210

HIGH
CVSS:7.8(High)

Exposure of data element to wrong session in the Intel DCM software before version 5.0.1 may allow an authenticated user to potentially enable escalation of privilege via local access.

CWE-4882022

CVE-2024-27455

CRITICAL
CVSS:9.1(Critical)

In the Bentley ALIM Web application, certain configuration settings can cause exposure of a user's ALIM session token when the user attempts to download files. This is fixed in Assetwise ALIM Web 23.0...

CWE-4882024

CVE-2025-47928

CRITICAL
CVSS:9.1(Critical)

Spotipy is a Python library for the Spotify Web API. As of commit 4f5759dbfb4506c7b6280572a4db1aabc1ac778d, using `pull_request_target` on `.github/workflows/integration_tests.yml` followed by the che...

CWE-4882025