5.1
CVE-2025-64116 - Movary vulnerable to an open redirect
Movary is a web application to track, rate and explore your movie watch history. Prior to 0.69.0, the login page accepts a redirect parameter without validation, allowing attackers to redirect authenticated users to arbitrary external sites. This vulnerability is fixed in 0.69.0.
8.9
CVE-2025-12060 - Keras keras.utils.get_file Utility Path Traversal Vulnerability
The keras.utils.get_file API in Keras, when used with the extract=True option for tar archives, is vulnerable to a path traversal attack. The utility uses Python's tarfile.extractall function without the filter="data" feature. A remote attacker can craft a malicious tar archive containing special sβ¦
8.8
CVE-2025-64096 - CryptoLib vulnerable to Stack Buffer Overflow in Crypto_Key_Update due to missing TLV length check
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prier to 1.4.2, there is a missing bounds check in Crypto_Key_updateβ¦
7.1
CVE-2025-62795 - JumpServer Unauthorized LDAP Configuration Access via WebSocket
JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket endβ¦
8.8
CVE-2025-62726 - n8n Vulnerable to Remote Code Execution via Git Node Pre-Commit Hook
n8n is an open source workflow automation platform. Prior to 1.113.0, a remote code execution vulnerability exists in the Git Node component available in both Cloud and Self-Hosted versions of n8n. When a malicious actor clones a remote repository containing a pre-commit hook, the subsequent use ofβ¦
9.6
CVE-2025-62712 - JumpServer Connection Token Leak Vulnerability
JumpServer is an open source bastion host and an operation and maintenance security audit system. In JumpServer versions prior to v3.10.20-lts and v4.10.11-lts, an authenticated, non-privileged user can retrieve connection tokens belonging to other users via the super-connection API endpoint (/api/β¦
6.8
CVE-2025-11998 - HP Card Readers (B Models) β Potential Information Disclosure
The following HP Card Readers B ModelsΒ (X3D03B & Y7C05B) are potentially vulnerable to information disclosure, allowing prior user identity to be inherited under certain conditions βe.g., when an NFC device (such as a smartphone/smartwatches) is in proximity during a card swipe event.
2.1
CVE-2025-12517 - Credits Page not Matching Versions in Use in the Firmware
Credits Page not Matching Versions in Use in the FirmwareThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
10
CVE-2025-12516 - Lack of Graceful Error Handling - HTTP 5xx Error
Lack of Graceful Error Handling - HTTP 5xx ErrorThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .
10
CVE-2025-12515 - Systemic Internal Server Errors - HTTP 500 Response
Systemic Internal Server Errors - HTTP 500 ResponseThis issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5 .