0.0
CVE-2025-11208 -
Inappropriate implementation in Media in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who convinced a user to engage in specific UI gestures to perform UI spoofing via a crafted HTML page. (Chromium security severity: Medium)
0.0
CVE-2025-11207 -
Side-channel information leakage in Storage in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to perform arbitrary read/write via a crafted HTML page. (Chromium security severity: Medium)
0.0
CVE-2025-11206 -
Heap buffer overflow in Video in Google Chrome prior to 141.0.7390.54 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. (Chromium security severity: High)
0.0
CVE-2025-11205 -
Heap buffer overflow in WebGPU in Google Chrome prior to 141.0.7390.54 allowed a remote attacker who had compromised the renderer process to potentially exploit heap corruption via a crafted HTML page. (Chromium security severity: High)
5.3
CVE-2025-64179 - lakeFS: Unauthenticated access to API usage metrics
lakeFS is an open-source tool that transforms object storage into a Git-like repositories. In versions 1.69.0 and below, missing authentication in the /api/v1/usage-report/summary endpoint allows anyone to retrieve aggregate API usage counts. While no sensitive data is disclosed, the endpoint may rβ¦
8.9
CVE-2025-64178 - Jellysweep uses uncontrolled data in image cache API endpoint
Jellysweep is a cleanup tool for the Jellyfin media server. In versions 0.12.1 and below, /api/images/cache, used to download media posters from the server, accepted a URL parameter that was directly passed to the cache package, which downloaded the poster from this URL. This URL parameter can be uβ¦
5.4
CVE-2025-64177 - ThinkDashboard: Stored XSS in Dashboard via Malicious Bookmark
ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, there is a stored Cross-Site Scripting (XSS) vulnerability in the dashboard, which can exploited when a user clicks on a malicious bookmark, made vulnerable by the lack of scheme fiβ¦
5.3
CVE-2025-64176 - ThinkDashboard: Arbitrary File Upload vulnerability in the Backup Import Feature
ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. In versions 0.6.7 and below, an attacker can upload any file they wish to the /data directory of the web application via the backup import feature. When importing a backup, an attacker can first choose a .zip fβ¦
7.4
CVE-2025-12790 - Rubygem-mqtt: rubygem-mqtt hostname validation
A flaw was found in Rubygem MQTT. By default, the package used to not have hostname validation, resulting in possible Man-in-the-Middle (MITM) attack.
5.3
CVE-2025-64327 - ThinkDashboard: Blind Server-Side Request Forgery (SSRF) vulnerability in /api/ping Endpoint
ThinkDashboard is a self-hosted bookmark dashboard built with Go and vanilla JavaScript. Versions 0.6.7 and below contain a Blind Server-Side Request Forgery (SSRF) vulnerability, in its `/api/ping?url= endpoint`. This allows an attacker to make arbitrary requests to internal or external hosts. Thiβ¦