10
CVE-2025-54322 -
Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code in the chkid parameter to vLogin.py. The title and oIP parameters are also used.
6.1
CVE-2025-68474 - ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Vendor Command Handling
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrc_vendor_msg() function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRC_MIN_CMD_LEN (20 bytes). However, the actualโฆ
0
CVE-2025-68473 - ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack (BlueDroid), the function bta_dm_sdp_result() used a fixed-size array uuid_list[32][MAX_UUID_SIZE] to store discovered service UUIโฆ
4.3
CVE-2025-68148 - FreshRSS globally denies access to feed via proxy modifying to 429 Retry-After
FreshRSS is a free, self-hostable RSS aggregator. From version 1.27.0 to before 1.28.0, An attacker could globally deny access to feeds via proxy modifying to 429 Retry-After for a large list of feeds on given instance, making it unusable for majority of users. This issue has been patched in versioโฆ
2.9
CVE-2025-68932 - FreshRSS has weak cryptographic randomness in remember-me token and nonce generation
FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators (mt_rand() and uniqid()) to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leadiโฆ
10
CVE-2025-66203 - StreamVault is Vulnerable to Authenticated Remote Code Execution (RCE) via ytdlpargs Configuration โฆ
StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution (RCE) vulnerability exists in the stream-vault application (SpiritApplication). The application allows administrators to configure yt-dlp arguments via the /admin/api/saveConfig endpoint without sโฆ
8.8
CVE-2025-67729 - lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load() is called without the weights_only=True parameter when loading model checkpoint files. This allows an attacker to execute arbiโฆ
7.1
CVE-2025-68697 - Self-hosted n8n has Legacy Code node that enables arbitrary file read/write
n8n is an open source workflow automation platform. Prior to version 2.0.0, in self-hosted n8n instances where the Code node runs in legacy (non-task-runner) JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node. Tโฆ
9.9
CVE-2025-68668 - n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node
n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands oโฆ
7.3
CVE-2025-61914 - n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox
n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting (XSS) vulnerability may occur in n8n when using the โRespond to Webhookโ node. When this node responds with HTML content containing executable scripts, the payload may execute directly in theโฆ