5.3
CVE-2025-67901 -
openrsync through 0.5.0, as used in OpenBSD through 7.8 and on other platforms, allows a client to cause a server SIGSEGV by specifying a length of zero for block data, because the relationship between p->rem and p->len is not checked.
5.3
CVE-2025-14692 - Mayan EDMS authentication redirect
A flaw has been found in Mayan EDMS up to 4.10.1. The impacted element is an unknown function of the file /authentication/. This manipulation causes open redirect. It is possible to initiate the attack remotely. The exploit has been published and may be used. Upgrading to version 4.10.2 is sufficieβ¦
5.3
CVE-2025-14691 - Mayan EDMS authentication cross site scripting
A vulnerability was detected in Mayan EDMS up to 4.10.1. The affected element is an unknown function of the file /authentication/. The manipulation results in cross site scripting. The attack may be performed from remote. The exploit is now public and may be used. Upgrading to version 4.10.2 is sufβ¦
8.1
CVE-2025-67900 -
NXLog Agent before 6.11 can load a file specified by the OPENSSL_CONF environment variable.
2.9
CVE-2025-67899 - uriparser: uriparser: Unbounded recursion and stack consumption via large input
uriparser through 0.9.9 allows unbounded recursion and stack consumption, as demonstrated by ParseMustBeSegmentNzNc with large input containing many commas.
4.5
CVE-2025-67898 -
MJML through 4.18.0 allows mj-include directory traversal to test file existence and (in the type="css" case) read files. NOTE: this issue exists because of an incomplete fix for CVE-2020-12827.
5.8
CVE-2025-13281 - Portworx Half-Blind SSRF in kube-controller-manager
A half-blind Server Side Request Forgery (SSRF) vulnerability exists in kube-controller-manager when using the in-tree Portworx StorageClass. This vulnerability allows authorized users to leak arbitrary information from unprotected endpoints in the control planeβs host network (including link-localβ¦
5.3
CVE-2025-14674 - aizuda snail-job QLExpressEngine.java QLExpressEngine.doEval injection
A vulnerability was found in aizuda snail-job up to 1.6.0. Affected by this vulnerability is the function QLExpressEngine.doEval of the file snail-job-common/snail-job-common-core/src/main/java/com/aizuda/snailjob/common/core/expression/strategy/QLExpressEngine.java. The manipulation results in injβ¦
6.9
CVE-2025-14673 - gmg137 snap7-rs client.rs as_ct_write heap-based overflow
A vulnerability has been found in gmg137 snap7-rs up to 1.142.1. Affected is the function snap7_rs::client::S7Client::as_ct_write of the file /tests/snap7-rs/src/client.rs. The manipulation leads to heap-based buffer overflow. The attack can be initiated remotely. The exploit has been disclosed to β¦
6.9
CVE-2025-14672 - gmg137 snap7-rs s7_micro_client.cpp opWriteArea heap-based overflow
A flaw has been found in gmg137 snap7-rs up to 1.142.1. This impacts the function TSnap7MicroClient::opWriteArea of the file s7_micro_client.cpp. Executing a manipulation can lead to heap-based buffer overflow. It is possible to launch the attack remotely. The exploit has been published and may be β¦