7.5
CVE-2025-68953 - Certain Frappe requests are vulnerable to Path Traversal
Frappe is a full-stack web application framework. Versions 14.99.5 and below and 15.0.0 through 15.80.1 include requests that are vulnerable to path traversal attacks. Arbitrary files from the server could be retrieved due to a lack of proper sanitization on some requests. This issue is fixed in veβ¦
5
CVE-2025-68437 - Craft CMS vulnerable to Server-Side Request Forgery (SSRF) via GraphQL Asset Upload Mutation
Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, the Craft CMS GraphQL `save_<VolumeName>_Asset` mutation is vulnerable to Server-Side Request Forgery (SSRF). This vulnerability arises because the `_file` input, specifically iβ¦
4.9
CVE-2025-68436 - Craft CMS vulnerable to potential information disclosure via unchecked asset relocation
Craft is a platform for creating digital experiences. In versions 5.0.0-RC1 through 5.8.20 and 4.0.0-RC1 through 4.16.16, authenticated users on a Craft installation could potentially expose sensitive assets via their user profile photo via maliciously crafted requests. Users should update to the pβ¦
9.2
CVE-2025-68428 - jsPDF has Local File Inclusion/Path Traversal vulnerability
jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitized paths to the loadFile method, a user can retrieve file cβ¦
8.4
CVE-2025-67732 - Dify Vulnerable to Plaintext API Key Exposure via Model Provider Configuration Endpoint
Dify is an open-source LLM app development platform. Prior to version 1.11.0, the API key is exposed in plaintext to the frontend, allowing non-administrator users to view and reuse it. This can lead to unauthorized access to third-party services, potentially consuming limited quotas. Version 1.11.β¦
7.2
CVE-2025-66648 - `vega-functions` vulnerable to Cross-site Scripting via `setdata` function
vega-functions provides function implementations for the Vega expression language. Prior to version 6.1.1, for sites that allow users to supply untrusted user input, malicious use of an internal function (not part of the public API) could be used to run unintentional javascript (XSS). This issue isβ¦
8.1
CVE-2025-65110 - Vega Cross-Site Scripting (XSS) via expression abusing vlSelectionTuples function array map calls iβ¦
Vega is a visualization grammar, a declarative format for creating, saving, and sharing interactive visualization designs. Prior to versions 6.1.2 and 5.6.3, applications meeting two conditions are at risk of arbitrary JavaScript code execution, even if "safe mode" expressionInterpreter is used. Fiβ¦
9.3
CVE-2026-0625 - D-Link DSL/DIR/DNS Command Injection via DNS Configuration Endpoint
Multiple D-Link DSL/DIR/DNS devices contain an authentication bypass and improper access control vulnerability in the dnscfg.cgi endpoint that allows an unauthenticated attacker to access DNS configuration functionality. By directly requesting this endpoint, an attacker can modify the deviceβs DNS β¦
7.9
CVE-2025-61916 - Spinnaker vulnerable to SSRF due to improper restrictions on http from user input
Spinnaker is an open source, multi-cloud continuous delivery platform. Versions prior to 2025.1.6, 2025.2.3, and 2025.3.0 are vulnerable to server-side request forgery. The primary impact is allowing users to fetch data from a remote URL. This data can be then injected into spinnaker pipelines via β¦
8.7
CVE-2026-0621 - MCP TypeScript SDK UriTemplate Exploded Array Pattern ReDoS
Anthropic's MCP TypeScript SDK versions up to and including 1.25.1 contain a regular expression denial of service (ReDoS) vulnerability in the UriTemplate class when processing RFC 6570 exploded array patterns. The dynamically generated regular expression used during URI matching contains nested quβ¦