9.3
CVE-2025-53391 -
The Debian zuluPolkit/CMakeLists.txt file for zuluCrypt through the zulucrypt_6.2.0-1 package has insecure PolicyKit allow_any/allow_inactive/allow_active settings that allow a local user to escalate their privileges to root.
6
CVE-2025-53393 -
In Akka through 2.10.6, akka-cluster-metrics uses Java serialization for cluster metrics.
8.1
CVE-2025-53098 - Roo Code Vulnerable to Potential Remote Code Execution via Model Context Protocol
Roo Code is an AI-powered autonomous coding agent. The project-specific MCP configuration for the Roo Code agent is stored in the `.roo/mcp.json` file within the VS Code workspace. Because the MCP configuration format allows for execution of arbitrary commands, prior to version 3.20.3, it would havβ¦
5.9
CVE-2025-53097 - Roo Code extension vulnerable to Potential Information Leakage via JSON Schema
Roo Code is an AI-powered autonomous coding agent. Prior to version 3.20.3, there was an issue where the Roo Code agent's `search_files` tool did not respect the setting to disable reads outside of the VS Code workspace. This means that an attacker who was able to inject a prompt into the agent couβ¦
4.8
CVE-2025-6778 - code-projects Food Distributor Site save_settings.php cross site scripting
A vulnerability, which was classified as problematic, was found in code-projects Food Distributor Site 1.0. Affected is an unknown function of the file /admin/save_settings.php. The manipulation of the argument site_phone/site_email/address leads to cross site scripting. It is possible to launch thβ¦
6.9
CVE-2025-6777 - code-projects Food Distributor Site process_login.php sql injection
A vulnerability, which was classified as critical, has been found in code-projects Food Distributor Site 1.0. This issue affects some unknown processing of the file /admin/process_login.php. The manipulation of the argument username/password leads to sql injection. The attack may be initiated remotβ¦
6.9
CVE-2025-6776 - xiaoyunjie openvpn-cms-flask File Upload controller.py upload path traversal
A vulnerability classified as critical was found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This vulnerability affects the function Upload of the file app/plugins/oss/app/controller.py of the component File Upload. The manipulation of the argument image leads to path traversal. The attack can be β¦
5.3
CVE-2025-6775 - xiaoyunjie openvpn-cms-flask User Creation Endpoint openvpn.py create_user command injection
A vulnerability classified as critical has been found in xiaoyunjie openvpn-cms-flask up to 1.2.7. This affects the function create_user of the file /app/api/v1/openvpn.py of the component User Creation Endpoint. The manipulation of the argument Username leads to command injection. It is possible tβ¦
8.7
CVE-2025-53094 - ESPAsyncWebServer Vulnerable to CRLF Injection in AsyncWebHeader.cpp
ESPAsyncWebServer is an asynchronous HTTP and WebSocket server library for ESP32, ESP8266, RP2040 and RP2350. In versions up to and including 3.7.8, a CRLF (Carriage Return Line Feed) injection vulnerability exists in the construction and output of HTTP headers within `AsyncWebHeader.cpp`. Unsanitiβ¦
5.3
CVE-2025-6774 - gooaclok819 sublinkX template.go AddTemp path traversal
A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been rated as critical. Affected by this issue is the function AddTemp of the file api/template.go. The manipulation of the argument filename leads to path traversal. The attack may be launched remotely. The exploit has been discloβ¦