6.9
CVE-2025-52561 - HTMLSanitizer.jl Possible XSS
HTMLSanitizer.jl is a Whitelist-based HTML sanitizer. Prior to version 0.2.1, when adding the style tag to the whitelist, content inside the tag is incorrectly unescaped, and closing tags injected as content are interpreted as real HTML, enabling tag injection and JavaScript execution. This could rβ¦
2.3
CVE-2025-6524 - 70mai 1S Video Services improper authentication
A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects an unknown part of the component Video Services. The manipulation leads to improper authentication. Access to the local network is required for this attack to succeed. The complexity of an attack is raβ¦
7
CVE-2025-52558 - ChangeDetection.io XSS in watch overview
changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting (XSS) vulnerability. This β¦
10
CVE-2025-52562 - Convey Panel Directory Traversal in LocaleController leading to Remote Code Execution
Convoy is a KVM server management panel for hosting businesses. In versions 3.9.0-rc3 to before 4.4.1, there is a directory traversal vulnerability in the LocaleController component of Performave Convoy. An unauthenticated remote attacker can exploit this vulnerability by sending a specially crafteβ¦
10.0
CVE-2025-2828 - SSRF Vulnerability in RequestsToolkit in langchain-ai/langchain
A Server-Side Request Forgery (SSRF) vulnerability exists in the RequestsToolkit component of the langchain-community package (specifically, langchain_community.agent_toolkits.openapi.toolkit.RequestsToolkit) in langchain-ai/langchain version 0.0.27. This vulnerability occurs because the toolkit doβ¦
6.4
CVE-2025-49574 - Quarkus potential data leak when duplicating a duplicated context
Quarkus is a Cloud Native, (Linux) Container First framework for writing Java applications. In versions prior to 3.24.1, 3.20.2, and 3.15.6, there is a potential data leak when duplicating a duplicated context. Quarkus extensively uses the Vert.x duplicated context to implement context propagation.β¦
7.3
CVE-2025-49144 - Notepad++ Privilege Escalation in Installer via Uncontrolled Executable Search Path
Notepad++ is a free and open-source source code editor. In versions 8.8.1 and prior, a privilege escalation vulnerability exists in the Notepad++ v8.8.1 installer that allows unprivileged users to gain SYSTEM-level privileges through insecure executable search paths. An attacker could use social enβ¦
9.1
CVE-2025-6547 - On Node.js < 3, pbkdf2 silently disregards Uint8Array input, returning static keys
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation.This issue affects pbkdf2: <=3.1.2.
5.3
CVE-2025-6518 - PySpur-Dev pyspur Jinja2 Template single_llm_call.py SingleLLMCallNode special elements used in a tβ¦
A vulnerability was found in PySpur-Dev pyspur up to 0.1.18. It has been classified as critical. Affected is the function SingleLLMCallNode of the file backend/pyspur/nodes/llm/single_llm_call.py of the component Jinja2 Template Handler. The manipulation of the argument user_message leads to impropβ¦
9.1
CVE-2025-6545 - pbkdf2 silently returns predictable uninitialized/zero-filled memory for non-normalized or unimplemβ¦
Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2.