4.2
CVE-2025-52880 - Komga Vulnerable to Arbitrary Code Execution via Crafted EPUB File
Komga is a media server for comics, mangas, BDs, magazines and eBooks. A Cross-Site Scripting (XSS) vulnerability has been discovered in versions 1.8.0 through 1.21.3 when serving EPUB resources, either directly from the API, or when reading using the epub reader. The vulnerability lets an attackerβ¦
7.2
CVE-2025-52471 - ESP-NOW Integer Underflow Vulnerability Advisory
ESF-IDF is the Espressif Internet of Things (IOT) Development Framework. An integer underflow vulnerability has been identified in the ESP-NOW protocol implementation within the ESP Wi-Fi component of versions 5.4.1, 5.3.3, 5.2.5, and 5.1.6 of the ESP-IDF framework. This issue stems from insufficieβ¦
7.5
CVE-2025-52888 - Allure 2's xunit-xml-plugin Vulnerable to Improper XXE Restriction
Allure 2 is the version 2.x branch of Allure Report, a multi-language test reporting tool. A critical XML External Entity (XXE) vulnerability exists in the xunit-xml-plugin used by Allure 2 prior to version 2.34.1. The plugin fails to securely configure the XML parser (`DocumentBuilderFactory`) andβ¦
9.3
CVE-2025-49853 - Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in ControlID iβ¦
ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to SQL injections which could allow an attacker to leak arbitrary information and insert arbitrary SQL syntax into SQL queries.
8.7
CVE-2025-49852 - Server-Side Request Forgery (SSRF) in ControlID iDSecure On-premises
ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to a server-side request forgery vulnerability which could allow an unauthenticated attacker to retrieve information from other servers.
8.7
CVE-2025-49851 - Improper Authentication in ControlID iDSecure On-premises
ControlID iDSecure On-premises versions 4.7.48.0 and prior are vulnerable to an improper authentication vulnerability which could allow an attacker to bypass authentication and gain permissions in the product.
6
CVE-2025-5087 - Cleartext Transmission of Sensitive Information in Kaleris Navis N4
Kaleris NAVIS N4 ULC (Ultra Light Client) communicates insecurely using zlib-compressed data over HTTP. An attacker capable of observing network traffic between Ultra Light Clients and N4 servers can extract sensitive information, including plaintext credentials.
9.3
CVE-2025-2566 - Deserialization of Untrusted Data in Kaleris Navis N4
Kaleris NAVIS N4 ULC (Ultra Light Client) contains an unsafe Java deserialization vulnerability. An unauthenticated attacker can make specially crafted requests to execute arbitrary code on the server.
5.3
CVE-2025-49147 - Umbraco.Cms Vulnerable to Disclosure of Configured Password Requirements
Umbraco, a free and open source .NET content management system, has a vulnerability in versions 10.0.0 through 10.8.10 and 13.0.0 through 13.9.1. Via a request to an anonymously authenticated endpoint it's possible to retrieve information about the configured password requirements. The information β¦
5
CVE-2025-23260 -
NVIDIA AIStore contains a vulnerability in the AIS Operator where a user may gain elevated k8s cluster access by using the ServiceAccount attached to the ClusterRole. A successful exploit of this vulnerability may lead to information disclosure.