7.5
CVE-2025-66507 - 1Panel β CAPTCHA Bypass via Client-Controlled Flag
1Panel is an open-source, web-based control panel for Linux server management. Versions 2.0.13 and below allow an unauthenticated attacker to disable CAPTCHA verification by abusing a client-controlled parameter. Because the server previously trusted this value without proper validation, CAPTCHA prβ¦
6.9
CVE-2025-14285 - code-projects Employee Profile Management System edit_personnel.php sql injection
A vulnerability was found in code-projects Employee Profile Management System 1.0. Affected is an unknown function of the file edit_personnel.php. The manipulation of the argument per_id results in sql injection. The attack can be launched remotely. The exploit has been made public and could be useβ¦
5.9
CVE-2025-66491 - Traefik has Inverted TLS Verification Logic in its ingress-nginx Provider
Traefik is an HTTP reverse proxy and load balancer. Versions 3.5.0 through 3.6.2 have inverted TLS verification logic in the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. Setting the annotation to "on" (intending to enable backend TLS certificate verification) actually disables verificatβ¦
6.9
CVE-2025-66490 - Traefik doesn't Prevent Path Normalization Bypass in Router + Middleware Rules
Traefik is an HTTP reverse proxy and load balancer. For versions prior to 2.11.32 and 2.11.31 through 3.6.2, requests using PathPrefix, Path or PathRegex matchers can bypass path normalization. When Traefik uses path-based routing, requests containing URL-encoded restricted characters (/, \, Null, β¦
9.7
CVE-2025-66481 - DeepChat's Incomplete XSS Fix Allows RCE through Mermaid Content
DeepChat is an open-source AI chat platform that supports cloud models and LLMs. Versions 0.5.1 and below are vulnerable to XSS attacks through improperly sanitized Mermaid content. The recent security patch for MermaidArtifact.vue is insufficient and can be bypassed using unquoted HTML attributes β¦
7.5
CVE-2013-10031 - Plack::Middleware::Session versions before 0.17 for Perl may be vulnerable to HMAC comparison timinβ¦
Plack-Middleware-Session versions before 0.17 may be vulnerable to HMAC comparison timing attacks
6.1
CVE-2025-66470 - NiceGUI Stored/Reflected XSS in ui.interactive_image via unsanitized SVG content
NiceGUI is a Python-based UI framework. Versions 3.3.1 and below are subject to a XSS vulnerability through the ui.interactive_image component of NiceGUI. The component renders SVG content using Vue's v-html directive without any sanitization. This allows attackers to inject malicious HTML or JavaSβ¦
5.5
CVE-2023-53864 - drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable()
In the Linux kernel, the following vulnerability has been resolved: drm/mxsfb: Disable overlay plane in mxsfb_plane_overlay_atomic_disable() When disabling overlay plane in mxsfb_plane_overlay_atomic_update(), overlay plane's framebuffer pointer is NULL. So, dereferencing it would cause a kernelβ¦
7.0
CVE-2023-53861 - ext4: correct grp validation in ext4_mb_good_group
In the Linux kernel, the following vulnerability has been resolved: ext4: correct grp validation in ext4_mb_good_group Group corruption check will access memory of grp and will trigger kernel crash if grp is NULL. So do NULL check before corruption check.
7.0
CVE-2023-53811 - RDMA/irdma: Cap MSIX used to online CPUs + 1
In the Linux kernel, the following vulnerability has been resolved: RDMA/irdma: Cap MSIX used to online CPUs + 1 The irdma driver can use a maximum number of msix vectors equal to num_online_cpus() + 1 and the kernel warning stack below is shown if that number is exceeded. The kernel throws a waβ¦