6.3
CVE-2025-52599 - Inadequate account permissions management
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the manufactureβ¦
6.3
CVE-2025-52598 - Insufficient certificate validation
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the mβ¦
6.9
CVE-2025-15099 - simstudioai sim CRON Secret internal.ts improper authentication
A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper authentication. It is possible to initiate tβ¦
5.8
CVE-2025-68945 - gitea: Gitea: Information disclosure via anonymous access to private user projects
In Gitea before 1.21.2, an anonymous user can visit a private user's project.
5
CVE-2025-68944 - gitea: Gitea: Access control bypass in package registries
Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.
5.3
CVE-2025-68943 - gitea: Gitea: Information disclosure of user login times via sort order
Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.
5.3
CVE-2025-15098 - YunaiV yudao-cloud Business Process Management BpmSyncHttpRequestTrigger server-side request forgery
A vulnerability was determined in YunaiV yudao-cloud up to 2025.11. This affects the function BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger of the component Business Process Management. Executing manipulation of the argument url/header/body can lead to server-side request forgery. The attack mayβ¦
5.4
CVE-2025-68942 - gitea: Gitea: Cross-Site Scripting (XSS) vulnerability via search input
Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.
6.9
CVE-2025-15097 - Alteryx Server status improper authentication
A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrβ¦
4.9
CVE-2025-68941 - gitea: Gitea: Unauthorized access to private resources via public-scoped API tokens
Gitea before 1.22.3 mishandles access to a private resource upon receiving an API token with scope limited to public resources.