10
CVE-2025-53833 - LaRecipe is vulnerable to Server-Side Template Injection attacks
LaRecipe is an application that allows users to create documentation with Markdown inside a Laravel app. Versions prior to 2.8.1 are vulnerable to Server-Side Template Injection (SSTI), which could potentially lead to Remote Code Execution (RCE) in vulnerable configurations. Attackers could executeβ¦
6.3
CVE-2025-53834 - Caido Toast Vulnerable to Reflected Cross-site Scripting
Caido is a web security auditing toolkit. A reflected cross-site scripting (XSS) vulnerability was discovered in Caidoβs toast UI component in versions prior to 0.49.0. Toast messages may reflect unsanitized user input in certain tools such as Match&Replace and Scope. This could allow an attacker tβ¦
9.4
CVE-2025-53825 - Dokploy's Preview Deployments are vulnerable to Remote Code Execution
Dokploy is a free, self-hostable Platform as a Service (PaaS). Prior to version 0.24.3, an unauthenticated preview deployment vulnerability in Dokploy allows any user to execute arbitrary code and access sensitive environment variables by simply opening a pull request on a public repository. This eβ¦
6.4
CVE-2025-53824 - WeGIA ReflectedCross-Site Scripting (XSS) vulnerability in endpoint 'cadastro_pet.php' parameter 'mβ¦
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the editar_permissoes.php endpoint of the WeGIA application prior to version 3.4.4. This vulnerability allows attackers to β¦
10
CVE-2025-53823 - WeGIA vulnerable to SQL Injection (Blind Time-Based) in `processa_deletar_socio.php` parameter `id_β¦
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Versions prior to 3.4.5 have a SQL Injection vulnerability in the endpoint `/WeGIA/html/socio/sistema/processa_deletar_socio.php`, in the `id_socio` parameter. This vulnerability allows the execβ¦
6.5
CVE-2025-53822 - WeGIA vulnerable to Reflected Cross-Site Scripting in endpoint 'relatorio_geracao.php' parameter 'tβ¦
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `relatorio_geracao.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers tβ¦
4.7
CVE-2025-53821 - WeGIA vulnerable to Open Redirect in endpoint 'control.php' parameter 'nextPage'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the `nextPage` parameter, leading to an unconβ¦
6.5
CVE-2025-53820 - WeGIA vulnerable to Cross-Site Scripting (XSS) Reflected via endpoint 'index.php' parameter 'erro'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. A Reflected Cross-Site Scripting (XSS) vulnerability was identified in the `index.php` endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows attackers to inject malβ¦
7.9
CVE-2025-53819 - Nix's privilege dropping to build user broke for macOS
Nix is a package manager for Linux and other Unix systems. Builds with Nix 2.30.0 on macOS were executed with elevated privileges (root), instead of the build users. The fix was applied to Nix 2.30.1. No known workarounds are available.
8.9
CVE-2025-53818 - github-kanban-mcp-server Command Injection vulnerability
GitHub Kanban MCP Server is a Model Context Protocol (MCP) server for managing GitHub issues in Kanban board format and streamlining LLM task management. Version 0.3.0 of the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Servβ¦