5
CVE-2024-21935 -
Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to manipulate Redfishยฎ API commands to remove files from the local root directory, potentially resulting in data corruption.
5
CVE-2024-21927 -
Improper input validation in Satellite Management Controller (SMC) may allow an attacker with privileges to use certain special characters in manipulated Redfishยฎ API commands, causing service processes like OpenBMC to crash and reset, potentially resulting in denial of service.
6.9
CVE-2025-58354 - Kata Containers coco-tdx malicious host can circumvent initdata verification
Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines (VMs) that perform like containers. In Kata Containers versions from 3.20.0 and before, a malicious host can circumvent initdata verification. On TDX systems running confidential guests, โฆ
7.6
CVE-2025-59826 - FlagForgeCTF Vulnerable to Unauthorized Problem Creation
Flag Forge is a Capture The Flag (CTF) platform. In version 2.1.0, non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. This issue has been patched in version 2.2.0.
6.1
CVE-2025-59825 - astral-tokio-tar has a path traversal in tar extraction
astral-tokio-tar is a tar archive reading/writing library for async Rust. In versions 0.5.3 and earlier of astral-tokio-tar, tar archives may extract outside of their intended destination directory when using the Entry::unpack_in_raw API. Additionally, the Entry::allow_external_symlinks control (whโฆ
6.3
CVE-2025-59822 - Http4s vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section
Http4s is a Scala interface for HTTP services. In versions from 1.0.0-M1 to before 1.0.0-M45 and before 0.23.31, http4s is vulnerable to HTTP Request Smuggling due to improper handling of HTTP trailer section. This vulnerability could enable attackers to bypass front-end servers security controls, โฆ
5.9
CVE-2025-58674 - WordPress <= 6.8.2 - (Author+) Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in WordPress allows Stored XSS. WordPress core security team is aware of the issue and working on a fix. This is low severity vulnerability that requires an attacker to have Author or higher user privโฆ
7.3
CVE-2025-59534 - CryptoLib command Injection vulnerability in initialize_kerberos_keytab_file_login()
CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. Prior to version 1.4.2, there is a command Injection vulnerability iโฆ
6.7
CVE-2025-54081 - SunshineService Has Unquoted Service Path That Allows Local SYSTEM Code Execution
Sunshine is a self-hosted game stream host for Moonlight. Prior to version 2025.923.33222, the Windows service SunshineService is installed with an unquoted executable path. If Sunshine is installed in a directory whose name includes a space, the Service Control Manager (SCM) interprets the path inโฆ
5.9
CVE-2025-59548 - DNN Vulnerable to Reflected Cross-Site Scripting (XSS) in CKEditor File Browser
DNN (formerly DotNetNuke) is an open-source web content management platform (CMS) in the Microsoft ecosystem. Prior to version 10.1.0, specially crafted URLs to the FileBrowser are vulnerable to javascript injection, affecting any unsuspecting user clicking such link. This issue has been patched inโฆ