6.1
CVE-2025-68474 - ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Vendor Command Handling
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the avrc_vendor_msg() function of the ESP-IDF BlueDroid AVRCP stack, the allocated buffer size was validated using AVRC_MIN_CMD_LEN (20 bytes). However, the actual…
0
CVE-2025-68473 - ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. In versions 5.5.1, 5.4.3, 5.3.4, 5.2.6, 5.1.6, and earlier, in the ESP-IDF Bluetooth host stack (BlueDroid), the function bta_dm_sdp_result() used a fixed-size array uuid_list[32][MAX_UUID_SIZE] to store discovered service UUI…
4.3
CVE-2025-68148 - FreshRSS globally denies access to feed via proxy modifying to 429 Retry-After
FreshRSS is a free, self-hostable RSS aggregator. From version 1.27.0 to before 1.28.0, An attacker could globally deny access to feeds via proxy modifying to 429 Retry-After for a large list of feeds on given instance, making it unusable for majority of users. This issue has been patched in versio…
2.9
CVE-2025-68932 - FreshRSS has weak cryptographic randomness in remember-me token and nonce generation
FreshRSS is a free, self-hostable RSS aggregator. Prior to version 1.28.0, FreshRSS uses cryptographically weak random number generators (mt_rand() and uniqid()) to generate remember-me authentication tokens and challenge-response nonces. This allows attackers to predict valid session tokens, leadi…
10
CVE-2025-66203 - StreamVault is Vulnerable to Authenticated Remote Code Execution (RCE) via ytdlpargs Configuration …
StreamVault is a video download integration solution. Prior to version 251126, a Remote Code Execution (RCE) vulnerability exists in the stream-vault application (SpiritApplication). The application allows administrators to configure yt-dlp arguments via the /admin/api/saveConfig endpoint without s…
8.8
CVE-2025-67729 - lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()
LMDeploy is a toolkit for compressing, deploying, and serving LLMs. Prior to version 0.11.1, an insecure deserialization vulnerability exists in lmdeploy where torch.load() is called without the weights_only=True parameter when loading model checkpoint files. This allows an attacker to execute arbi…
7.1
CVE-2025-68697 - Self-hosted n8n has Legacy Code node that enables arbitrary file read/write
n8n is an open source workflow automation platform. Prior to version 2.0.0, in self-hosted n8n instances where the Code node runs in legacy (non-task-runner) JavaScript execution mode, authenticated users with workflow editing access can invoke internal helper functions from within the Code node. T…
9.9
CVE-2025-68668 - n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node
n8n is an open source workflow automation platform. From version 1.0.0 to before 2.0.0, a sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide. An authenticated user with permission to create or modify workflows can exploit this vulnerability to execute arbitrary commands o…
7.3
CVE-2025-61914 - n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox
n8n is an open source workflow automation platform. Prior to version 1.114.0, a stored Cross-Site Scripting (XSS) vulnerability may occur in n8n when using the “Respond to Webhook” node. When this node responds with HTML content containing executable scripts, the payload may execute directly in the…
9.3
CVE-2025-13158 - apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permissi…
Prototype pollution vulnerability in apidoc-core versions 0.2.0 and all subsequent versions allows remote attackers to modify JavaScript object prototypes via malformed data structures, including the “define” property processed by the application, potentially leading to denial of service or uninten…