8.7
CVE-2025-11339 - D-Link DI-7100G C1 jhttpd hi_block.asp sub_4BD4F8 buffer overflow
A vulnerability has been found in D-Link DI-7100G C1 up to 20250928. This issue affects the function sub_4BD4F8 of the file /webchat/hi_block.asp of the component jhttpd. The manipulation of the argument popupId leads to buffer overflow. The attack can be initiated remotely. The exploit has been diβ¦
2.1
CVE-2025-61769 - Emlog vulnerable to stored XSS in file upload functionality in emlog
Emlog is an open source website building system. A cross-site scripting (XSS) vulnerability in emlog up to and including version 2.5.22 allows authenticated remote attackers to inject arbitrary web script or HTML via the file upload functionality. As an authenticated user it is possible to upload .β¦
6.6
CVE-2025-0038 -
In AMD Zynq UltraScale+ devices, the lack of address validation when executing CSU runtime services through the PMU Firmware can allow access to isolated or protected memory spaces resulting in the loss of integrity and confidentiality.
6.5
CVE-2025-61766 - Bucket vulnerable to infinite recursion when querying a bucket using the != operator
Bucket is a MediaWiki extension to store and retrieve structured data on articles. Prior to version 1.0.0, infinite recursion can occur if a user queries a bucket using the `!=` comparator. This will result in PHP's call stack limit exceeding, and/or increased memory consumption, potentially leadinβ¦
6.4
CVE-2025-61765 - python-socketio vulnerable to arbitrary Python code execution (RCE) through malicious pickle deseriβ¦
python-socketio is a Python implementation of the Socket.IO realtime client and server. A remote code execution vulnerability in python-socketio versions prior to 5.14.0 allows attackers to execute arbitrary Python code through malicious pickle deserialization in multi-server deployments on which tβ¦
8.7
CVE-2025-11338 - D-Link DI-7100G C1 jhttpd login.cgi sub_4C0990 buffer overflow
A flaw has been found in D-Link DI-7100G C1 up to 20250928. This vulnerability affects the function sub_4C0990 of the file /webchat/login.cgi of the component jhttpd. Executing manipulation of the argument openid can lead to buffer overflow. It is possible to launch the attack remotely. The exploitβ¦
8.3
CVE-2025-61687 - FlowiseAI/Flosise has File Upload vulnerability
Flowise is a drag & drop user interface to build a customized large language model flow. A file upload vulnerability in version 3.0.7 of FlowiseAI allows authenticated users to upload arbitrary files without proper validation. This enables attackers to persistently store malicious Node.js web shellβ¦
9.7
CVE-2025-59159 - SillyTavern Web Interface Vulnerable to DNS Rebinding
SillyTavern is a locally installed user interface that allows users to interact with text generation large language models, image generation engines, and text-to-speech voice models. In versions prior to 1.13.4, the web user interface for SillyTavern is susceptible to DNS rebinding, allowing attackβ¦
7.5
CVE-2025-59152 - X-Forwarded-For Header Spoofing Bypasses Litestar Rate Limiting
Litestar is an Asynchronous Server Gateway Interface (ASGI) framework. In version 2.17.0, rate limits can be completely bypassed by manipulating the X-Forwarded-For header. This renders IP-based rate limiting ineffective against determined attackers. Litestar's RateLimitMiddleware uses `cache_key_fβ¦
9.3
CVE-2025-52472 - XWiki Platform vulnerable to HQL injection via wiki and space search REST API
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Starting in version 4.3-milestone-1 and prior to versions 16.10.9, 17.4.2, and 17.5.0, the REST search URL is vulnerable to HQL injection via the `orderField` parameter. The specified value is aβ¦