5.5
CVE-2025-40274 - KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying
In the Linux kernel, the following vulnerability has been resolved: KVM: guest_memfd: Remove bindings on memslot deletion when gmem is dying When unbinding a memslot from a guest_memfd instance, remove the bindings even if the guest_memfd file is dying, i.e. even if its file refcount has gone to β¦
7.0
CVE-2025-40272 - mm/secretmem: fix use-after-free race in fault handler
In the Linux kernel, the following vulnerability has been resolved: mm/secretmem: fix use-after-free race in fault handler When a page fault occurs in a secret memory file created with `memfd_secret(2)`, the kernel will allocate a new folio for it, mark the underlying page as not-present in the dβ¦
3.7
CVE-2025-66629 - HedgeDoc is missing state parameter in OAuth2 flows could lead to CSRF
HedgeDoc is an open source, real-time, collaborative, markdown notes application. Prior to 1.10.4, some of HedgeDoc's OAuth2 endpoints for social login providers such as Google, GitHub, GitLab, Facebook or Dropbox lack CSRF protection, since they don't send a state parameter and verify the responseβ¦
5.1
CVE-2025-14116 - xerrors Yuxi-Know embed.py OtherEmbedding.aencode server-side request forgery
A vulnerability was detected in xerrors Yuxi-Know up to 0.4.0. This vulnerability affects the function OtherEmbedding.aencode of the file /src/models/embed.py. Performing manipulation of the argument health_url results in server-side request forgery. The attack can be initiated remotely. The exploiβ¦
2.3
CVE-2025-14111 - Rarlab RAR App com.rarlab.rar path traversal
A security vulnerability has been detected in Rarlab RAR App up to 7.11 Build 127 on Android. This affects an unknown part of the component com.rarlab.rar. Such manipulation leads to path traversal. It is possible to launch the attack remotely. Attacks of this nature are highly complex. It is indicβ¦
9.4
CVE-2025-34291 - Langflow <= 1.6.9 CORS Misconfiguration to Token Hijack & RCE
Langflow versions up to and including 1.6.9 contain a chained vulnerability that enables account takeover and remote code execution. An overly permissive CORS configuration (allow_origins='*' with allow_credentials=True) combined with a refresh token cookie configured as SameSite=None allows a maliβ¦
8.7
CVE-2025-14108 - ZSPACE Q2C NAS HTTP POST Request open zfilev2_api.OpenSafe command injection
A weakness has been identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this issue is the function zfilev2_api.OpenSafe of the file /v2/file/safe/open of the component HTTP POST Request Handler. This manipulation of the argument safe_dir causes command injection. It is possible to initiate β¦
8.7
CVE-2025-14107 - ZSPACE Q2C NAS HTTP POST Request status zfilev2_api.SafeStatus command injection
A security flaw has been discovered in ZSPACE Q2C NAS up to 1.1.0210050. Affected by this vulnerability is the function zfilev2_api.SafeStatus of the file /v2/file/safe/status of the component HTTP POST Request Handler. The manipulation of the argument safe_dir results in command injection. The attβ¦
8.7
CVE-2025-14106 - ZSPACE Q2C NAS HTTP POST Request close zfilev2_api.CloseSafe command injection
A vulnerability was identified in ZSPACE Q2C NAS up to 1.1.0210050. Affected is the function zfilev2_api.CloseSafe of the file /v2/file/safe/close of the component HTTP POST Request Handler. The manipulation of the argument safe_dir leads to command injection. The attack is possible to be carried oβ¦
8.7
CVE-2025-13426 - Improper Sandboxing in Google Apigee's JavaCallout Policy Allows for Remote Code Execution
A vulnerability exists in Google Apigee's JavaCallout policy https://docs.apigee.com/api-platform/reference/policies/java-callout-policy that allows for remote code execution. It is possible for a user to write a JavaCallout that injected a malicious object into the MessageContext to execute arbβ¦