9.8
CVE-2025-29269 -
ALLNET ALL-RUT22GW v3.3.8 was discovered to contain an OS command injection vulnerability via the command parameter in the popen.cgi endpoint.
6.6
CVE-2025-40261 - nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl()
In the Linux kernel, the following vulnerability has been resolved: nvme: nvme-fc: Ensure ->ioerr_work is cancelled in nvme_fc_delete_ctrl() nvme_fc_delete_assocation() waits for pending I/O to complete before returning, and an error can cause ->ioerr_work to be queued after cancel_work_sync() haβ¦
7.5
CVE-2025-57213 -
Incorrect access control in the component orderService.queryObject of platform v1.0.0 allows attackers to access sensitive information via a crafted request.
5.5
CVE-2025-14010 - Ansible-collection-community-general: ansible-collection-community-general: keycloak user module leβ¦
A flaw was found in ansible-collection-community-general. This vulnerability allows for information exposure (IE) of sensitive credentials, specifically plaintext passwords, via verbose output when running Ansible with debug modes. Attackers with access to logs could retrieve these secrets and poteβ¦
4.3
CVE-2025-63681 -
open-webui v0.6.33 is vulnerable to Incorrect Access Control. The API /api/tasks/stop/ directly accesses and cancels tasks without verifying user ownership, enabling attackers (a normal user) to stop arbitrary LLM response tasks.
8.6
CVE-2025-62173 - Authenticated SQL Injection in Endpoint Module Rest API
## Summary Authenticated SQL Injection Vulnerability in Endpoint Module Rest API
6.4
CVE-2025-66404 - mcp-server-kubernetes potential security issue in exec_in_pod tool
MCP Server Kubernetes is an MCP Server that can connect to a Kubernetes cluster and manage it. Prior to 2.9.8, there is a security issue exists in the exec_in_pod tool of the mcp-server-kubernetes MCP Server. The tool accepts user-provided commands in both array and string formats. When a string foβ¦
7.1
CVE-2025-66293 - LIBPNG has an out-of-bounds read in png_image_read_composite
LIBPNG is a reference library for use in applications that read, create, and manipulate PNG (Portable Network Graphics) raster image files. Prior to 1.6.52, an out-of-bounds read vulnerability in libpng's simplified API allows reading up to 1012 bytes beyond the png_sRGB_base[512] array when procesβ¦
4.6
CVE-2025-13086 - OpenVPN: OpenVPN: Improper validation of source IP addresses leads to denial of service
Improper validation of source IP addresses in OpenVPN version 2.6.0 through 2.6.15 and 2.7_alpha1 through 2.7_rc1 allows an attacker to open a session from a different IP address which did not initiate the connection resulting in a denial of service for the originating client
9.9
CVE-2025-66489 - Cal.com Authentication Bypass via bad TOTP + password checks
Cal.com is open-source scheduling software. Prior to 5.9.8, A flaw in the login credentials provider allows an attacker to bypass password verification when a TOTP code is provided, potentially gaining unauthorized access to user accounts. This issue exists due to problematic conditional logic in tβ¦