8.6
CVE-2025-62173 - Authenticated SQL Injection in Endpoint Module Rest API
## Summary Authenticated SQL Injection Vulnerability in Endpoint Module Rest API
6.4
CVE-2025-66404 - mcp-server-kubernetes potential security issue in exec_in_pod tool
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string foβ¦
7.1
CVE-2025-66293 - LIBPNG has an out-of-bounds read in png_image_read_composite
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when procesβ¦
4.6
CVE-2025-13086 - OpenVPN: OpenVPN: Improper validation of source IP addresses leads to denial of service
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client
9.9
CVE-2025-66489 - Cal.com Authentication Bypass via bad TOTP + password checks
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in tβ¦
7.1
CVE-2025-65097 - Insecure Direct Object Reference (IDOR) Allows Unauthorized Deletion of User Collections
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, an Authenticated User can delete collections belonging to other users by directly sending a DELETE request to the collection endpoint. No oβ¦
5.3
CVE-2025-65096 - RomM Insecure Direct Object Reference (IDOR) Allows Unauthorized Access to Private Collections
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. Prior to 4.4.1 and 4.4.1-beta.2, users can read private collections / smart collections belonging to other users by directly accessing their IDs via API. No ownership verifβ¦
8.7
CVE-2025-12385 - Improper validation of <img> tag size in Text component parser
Allocation of Resources Without Limits or Throttling, Improper Validation of Specified Quantity in Input vulnerability in The Qt Company Qt on Windows, MacOS, Linux, iOS, Android, x86, ARM, 64 bit, 32 bit allows Excessive Allocation. This issue affects users of the Text component in Qt Quick. Missiβ¦
6.5
CVE-2025-61727 - Improper application of excluded DNS name constraints when verifying wildcard names in crypto/x509
An excluded subdomain constraint in a certificate chain does not restrict the usage of wildcard SANs in the leaf certificate. For example a constraint that excludes the subdomain test.example.com does not prevent a leaf certificate from claiming the SAN *.example.com.
7.6
CVE-2025-65027 - RomM Chained XSS and CSRF Vulnerabilities Enable Admin Account Takeover
RomM (ROM Manager) allows users to scan, enrich, browse and play their game collections with a clean and responsive interface. RomM contains multiple unrestricted file upload vulnerabilities that allow authenticated users to upload malicious SVG or HTML files. When these files are accessed the browβ¦