CVE Authored by @selmankon

6.5

CVSS3.1

CVE-2025-56007 -

CRLF-injection in KeeneticOS before 4.3 at "/auth" API endpoint allows attackers to take over the device via adding additional users with full permissions by managing the victim to open page with exploit.

📅 Published: Oct. 23, 2025, midnight 🔄 Last Modified: Nov. 4, 2025, 1:10 p.m.

6.5

CVSS3.1

CVE-2025-50949 - fontforge: Fontforge memory leak

FontForge v20230101 was discovered to contain a memory leak via the component DlgCreate8.

📅 Published: Oct. 23, 2025, midnight 🔄 Last Modified: Oct. 27, 2025, 8:18 p.m.

5.9

CVSS3.1

CVE-2025-62813 - lz4: LZ4 null handling error

DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.

📅 Published: Oct. 23, 2025, midnight 🔄 Last Modified: Oct. 29, 2025, 6:15 a.m.

4.9

CVSS3.1

CVE-2025-62820 -

Slack Nebula before 1.9.7 mishandles CIDR in some configurations and thus accepts arbitrary source IP addresses within the Nebula network.

📅 Published: Oct. 23, 2025, midnight 🔄 Last Modified: April 15, 2026, 12:35 a.m.

6.5

CVSS3.1

CVE-2025-50951 - fontforge: Fontforge memory leak

FontForge v20230101 was discovered to contain a memory leak via the utf7toutf8_copy function at /fontforge/sfd.c.

📅 Published: Oct. 23, 2025, midnight 🔄 Last Modified: Oct. 27, 2025, 8:17 p.m.

0.0