9.8
CVE-2025-59827 - FlagForgeCTF is Missing Authorization in main-v2
Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, the /api/admin/assign-badge endpoint lacks proper access control, allowing any authenticated user to assign high-privilege badges (e.g., Staff) to themselves. This could lead to privilege escalation and impersonation of administratiโฆ
0.5
CVE-2025-59824 - Omni Wireguard SideroLink potential escape
Omni manages Kubernetes on bare metal, virtual machines, or in a cloud. Prior to version 0.48.0, Omni Wireguard SideroLink has the potential to escape. Omni and each Talos machine establish a peer-to-peer (P2P) SideroLink connection using WireGuard to mutually authenticate and authorize access. Theโฆ
7.7
CVE-2025-59828 - Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versioโฆ
Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to theโฆ
7.6
CVE-2025-59251 - Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
Microsoft Edge (Chromium-based) Remote Code Execution Vulnerability
7.3
CVE-2025-55322 - OmniParser Remote Code Execution Vulnerability
Binding to an unrestricted ip address in GitHub allows an unauthorized attacker to execute code over a network.
5.3
CVE-2025-55178 - llama-stack: llama stack unverified input
Llama Stack prior to version v0.2.20 accepted unverified parameters in the resolve_ast_by_type function which could potentially allow for remote code execution.
7.7
CVE-2025-59525 - Horilla has Improper Input Sanitization Leading to XSS and Admin Account Takeover
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, improper sanitization across the application allows XSS via uploaded SVG (and via allowed <embed>), which can be chained to execute JavaScript whenever users view impacted content (e.g., announcementsโฆ
7.7
CVE-2025-59524 - Horilla Stored XSS Vulnerability via File Upload in Reimbursement Panel
Horilla is a free and open source Human Resource Management System (HRMS). Prior to version 1.4.0, the file upload flow performs validation only in the browser and does not enforce server-side checks. An attacker can bypass the client-side validation (for example, with an intercepting proxy or by sโฆ
7.3
CVE-2025-52907 - TOTOLINK X6000R Security Bypass Vulnerability
Improper Input Validation vulnerability in TOTOLINK X6000R allows Command Injection, File Manipulation.This issue affects X6000R: through V9.4.0cu.1360_B20241207.
6.7
CVE-2025-20314 -
A vulnerability in Cisco IOS XE Software could allow an authenticated, local attacker with level-15 privileges or an unauthenticated attacker with physical access to an affected device to execute persistent code at boot time and break the chain of trust. This vulnerability is due to improper validaโฆ