2.3
CVE-2025-59829 - Claude Code: Permission deny bypass is possible through symlink
Claude Code is an agentic coding tool. Versions below 1.0.120 failed to account for symlinks when checking permission deny rules. If a user explicitly denied Claude Code access to a file and Claude Code had access to a symlink pointing to that file, it was possible for Claude Code to access the filβ¦
8.8
CVE-2025-54374 - Eidos: One-click Remote Code Execution through Custom URL Handling
Eidos is an extensible framework for Personal Data Management. Versions 0.21.0 and below contain a one-click remote code execution vulnerability. An attacker can exploit this vulnerability by embedding a specially crafted eidos: URL on any website, including a malicious one they control. When a vicβ¦
6.1
CVE-2025-53354 - NiceGUI is vulnerable to Reflected XSS attack
NiceGUI is a Python-based UI framework. Versions 2.24.2 and below are at risk for Cross-Site Scripting (XSS) when developers render unescaped user input into the DOM using ui.html(). NiceGUI did not enforce HTML or JavaScript sanitization, so applications that directly combine components like ui.inβ¦
10
CVE-2025-49844 - Redis Lua Use-After-Free may lead to remote code execution
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate the garbage collector, trigger a use-after-free and potentially lead to remote code execution. The problem exists in all versioβ¦
6.3
CVE-2025-46819 - Redis is vulnerable to DoS via specially crafted LUA scripts
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scriptinβ¦
6
CVE-2025-46818 - Redis: Authenticated users can execute LUA scripts as a different user
Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted Lua script to manipulate different LUA objects and potentially run their own code in the context of another user. The problem exists in all versions of β¦
7.6
CVE-2025-52656 - HCL MyXalytics product is affected by Mass Assignment vulnerability
HCL MyXalytics: 6.6.Β Β is affected by Mass Assignment vulnerability. Mass Assignment occurs when user input is automatically bound to application objects without proper validation or access controls, potentially allowing unauthorized modification of sensitive fields.
3.5
CVE-2025-52658 - HCL MyXalytics is affected by the use of vulnerable/outdated versions
HCL MyXalytics is affected by the use of vulnerable/outdated versions which can expose the application to known security risks that could be exploited.
8.5
CVE-2025-57714 - NetBak Replicator
An unquoted search path or element vulnerability has been reported to affect NetBak Replicator. If a local attacker gains a user account, they can then exploit the vulnerability to execute unauthorized code or commands. We have already fixed the vulnerability in the following version: NetBak Repliβ¦
6.9
CVE-2025-54154 - QNAP Authenticator
An improper authentication vulnerability has been reported to affect QNAP Authenticator. If an attacker gains physical access, they can then exploit the vulnerability to compromise the security of the system. We have already fixed the vulnerability in the following version: QNAP Authenticator 1.3.β¦