7.5

CVSS3.1

CVE-2025-50681 -

igmpproxy 0.4 before commit 2b30c36 allows remote attackers to cause a denial of service (application crash) via a crafted IGMPv3 membership report packet with a malicious source address. Due to insufficient validation in the `recv_igmp()` function in src/igmpproxy.c, an invalid group record type c…

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 2:45 p.m.

6.4

CVSS3.1

CVE-2025-67845 -

A Directory Traversal vulnerability in the Static Asset Proxy Endpoint in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via a crafted URL containing path traversal sequences.

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 3:52 p.m.

8.3

CVSS3.1

CVE-2025-67843 -

A Server-Side Template Injection (SSTI) vulnerability in the MDX Rendering Engine in Mintlify Platform before 2025-11-15 allows remote attackers to execute arbitrary code via inline JSX expressions in an MDX file.

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 4:07 p.m.

6.4

CVSS3.1

CVE-2025-67842 -

The Static Asset API in Mintlify Platform before 2025-11-15 allows remote attackers to inject arbitrary web script or HTML via the subdomain parameter because any tenant's assets can be served on any other tenant's documentation site.

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 4:01 p.m.

9.8

CVSS3.1

CVE-2025-63665 -

An issue in GT Edge AI Community Edition Versions before v2.0.12 allows attackers to execute arbitrary code via injecting a crafted JSON payload into the Prompt window.

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 5, 2026, 5:58 p.m.

6.1

CVSS3.1

CVE-2025-66906 -

Cross Site Request Forgery (CSRF) vulnerability in Turms Admin API thru v0.10.0-SNAPSHOT allows attackers to gain escalated privileges.

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 7:57 p.m.

7.6

CVSS3.1

CVE-2025-67442 -

EVE-NG 6.4.0-13-PRO is vulnerable to Directory Traversal. The /api/export interface allows authenticated users to export lab files. This interface lacks effective input validation and filtering when processing file path parameters submitted by users.

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 4:57 p.m.

5

CVSS3.1

CVE-2025-67844 -

The GitHub Integration API in Mintlify Platform before 2025-11-15 allows remote attackers to obtain sensitive repository metadata via the repository owner and name fields. It fails to validate that the repository owner and name fields provided during configuration belong to the specific GitHub App …

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 4:10 p.m.

6

CVSS3.1

CVE-2025-66910 -

Turms Server v0.10.0-SNAPSHOT and earlier contains a plaintext password storage vulnerability in the administrator authentication system. The BaseAdminService class caches administrator passwords in plaintext within AdminInfo objects to optimize authentication performance. Upon successful login, ra…

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 7:50 p.m.

7.5

CVSS3.1

CVE-2025-66909 -

Turms AI-Serving module v0.10.0-SNAPSHOT and earlier contains an image decompression bomb denial of service vulnerability. The ExtendedOpenCVImage class in ai/djl/opencv/ExtendedOpenCVImage.java loads images using OpenCV's imread() function without validating dimensions or pixel count before decomp…

πŸ“… Published: Dec. 19, 2025, midnight πŸ”„ Last Modified: Jan. 2, 2026, 7:50 p.m.
Total resulsts: 343921
Page 1977 of 34,393
Β« previous page Β» next page
Filters