5.2
CVE-2025-52600 - Improper Input Validation
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered a vulnerability in camera video analytics that Improper input validation. This vulnerability could allow an attacker to execute specific commands on theβ¦
5.4
CVE-2025-68946 - gitea: Gitea: Cross-Site Scripting (XSS) via forbidden URL scheme in links
In Gitea before 1.20.1, a forbidden URL scheme such as javascript: can be used for a link, aka XSS.
6.3
CVE-2025-52599 - Inadequate account permissions management
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has discovered Inadequate of permission management for camera guest account. The manufacturer has released patch firmware for the flaw, please refer to the manufactureβ¦
6.3
CVE-2025-52598 - Insufficient certificate validation
Cybersecurity Nozomi Networks Labs, a specialized security company focused on Industrial Control Systems (ICS) and OT/IoT security, has found a flaw that camera's client service does not perform certificate validation. The manufacturer has released patch firmware for the flaw, please refer to the mβ¦
6.9
CVE-2025-15099 - simstudioai sim CRON Secret internal.ts improper authentication
A vulnerability was identified in simstudioai sim up to 0.5.27. This vulnerability affects unknown code of the file apps/sim/lib/auth/internal.ts of the component CRON Secret Handler. The manipulation of the argument INTERNAL_API_SECRET leads to improper authentication. It is possible to initiate tβ¦
5.8
CVE-2025-68945 - gitea: Gitea: Information disclosure via anonymous access to private user projects
In Gitea before 1.21.2, an anonymous user can visit a private user's project.
5
CVE-2025-68944 - gitea: Gitea: Access control bypass in package registries
Gitea before 1.22.2 sometimes mishandles the propagation of token scope for access control within one of its own package registries.
5.3
CVE-2025-68943 - gitea: Gitea: Information disclosure of user login times via sort order
Gitea before 1.21.8 inadvertently discloses users' login times by allowing (for example) the lastlogintime explore/users sort order.
5.3
CVE-2025-15098 - YunaiV yudao-cloud Business Process Management BpmSyncHttpRequestTrigger server-side request forgery
A vulnerability was determined in YunaiV yudao-cloud up to 2025.11. This affects the function BpmHttpCallbackTrigger/BpmSyncHttpRequestTrigger of the component Business Process Management. Executing manipulation of the argument url/header/body can lead to server-side request forgery. The attack mayβ¦
5.4
CVE-2025-68942 - gitea: Gitea: Cross-Site Scripting (XSS) vulnerability via search input
Gitea before 1.22.2 allows XSS because the search input box (for creating tags and branches) is v-html instead of v-text.