9.9
CVE-2025-68667 - Conduit-derived homeservers are affected by a Confused Deputy and Improper Input Validation issue
Conduit is a chat server powered by Matrix. A vulnerability that affects a number of Conduit-derived homeservers allows a remote, unauthenticated attacker to force the target server to cryptographically sign arbitrary membership events. Affected products include Conduit prior to version 0.10.10, coโฆ
7
CVE-2025-68617 - Use after free in fluidsynth
FluidSynth is a software synthesizer based on the SoundFont 2 specifications. From versions 2.5.0 to before 2.5.2, a race condition during unloading of a DLS file can trigger a heap-based use-after-free. A concurrently running thread may be pending to unload a DLS file, leading to use of freed memoโฆ
6.9
CVE-2025-15048 - Tenda WH450 HTTP Request CheckTools command injection
A vulnerability was determined in Tenda WH450 1.0.0.18. This impacts an unknown function of the file /goform/CheckTools of the component HTTP Request Handler. Executing a manipulation of the argument ipaddress can lead to command injection. The attack can be launched remotely. The exploit has been โฆ
9.4
CVE-2025-66213 - Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in File Storage Dirโฆ
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the File Storage Directory Mount Path functionality allows users with application/service management permissions tโฆ
9.4
CVE-2025-66212 - Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Dynamic Proxy Coโฆ
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Dynamic Proxy Configuration Filename handling allows users with application/service management permissions to โฆ
9.3
CVE-2025-15047 - Tenda WH450 HTTP Request PPTPDClient stack-based overflow
A vulnerability was found in Tenda WH450 1.0.0.18. This affects an unknown function of the file /goform/PPTPDClient of the component HTTP Request Handler. Performing a manipulation of the argument Username results in stack-based buffer overflow. The attack can be initiated remotely. The exploit hasโฆ
9.4
CVE-2025-66211 - Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in PostgreSQL Init โฆ
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in PostgreSQL Init Script Filename handling allows users with application/service management permissions to execute aโฆ
9.4
CVE-2025-66210 - Coolify Vulnerable to Authenticated Remote Code Execution via Command Injection in Database Import
Coolify is an open-source and self-hostable tool for managing servers, applications, and databases. Prior to version 4.0.0-beta.451, an authenticated command injection vulnerability in the Database Import functionality allows users with application/service management permissions to execute arbitrarโฆ
7.5
CVE-2025-12491 - Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability
Senstar Symphony FetchStoredLicense Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Senstar Symphony. Authentication is not required to exploit this vulnerability. The specific flaw exists within the imโฆ
7.2
CVE-2025-13700 - DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability
DreamFactory saveZipFile Command Injection Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of DreamFactory. Authentication is required to exploit this vulnerability. The specific flaw exists within the implementatiโฆ