8.2
CVE-2025-5276 -
All versions of the package mcp-markdownify-server are vulnerable to Server-Side Request Forgery (SSRF) via the Markdownify.get() function. An attacker can craft a prompt that, once accessed by the MCP host, can invoke the webpage-to-markdown, bing-search-to-markdown, and youtube-to-markdown tools β¦
8.2
CVE-2025-5273 -
All versions of the package mcp-markdownify-server are vulnerable to Files or Directories Accessible to External Parties via the get-markdown-file tool. An attacker can craft a prompt that, once accessed by the MCP host, will allow it to read arbitrary files from the host running the server.
9.1
CVE-2025-3755 - Information Disclosure and Denial-of-Service(DoS) Vulnerability in MELSEC iQ-F Series CPU module
Improper Validation of Specified Index, Position, or Offset in Input vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules allows a remote unauthenticated attacker to read information in the product, to cause a Denial-of-Service (DoS) condition in MELSOFT connection, or toβ¦
5.4
CVE-2025-4583 - Smash Balloon Instagram Feed <= 6.9.0 (Free) & <= 6.8.0 (Pro) - Authenticated (Contributor+) Storedβ¦
The Smash Balloon Social Photo Feed β Easy Social Feeds Plugin plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the `data-plugin` attribute in all versions up to, and including, 6.9.0 (Free) and 6.8.0 (Pro) due to insufficient input sanitization and output escaping. This makes β¦
0.0
CVE-2025-5316 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
10
CVE-2025-48748 -
Netwrix Directory Manager (formerly Imanami GroupID) through v.10.0.7784.0 has a hard-coded password.
5.6
CVE-2024-53423 -
An issue in Open Network Foundation ONOS v2.7.0 allows attackers to cause a Denial of Service (DoS) via supplying crafted packets.
5.5
CVE-2025-37995 - module: ensure that kobject_put() is safe for module type kobjects
In the Linux kernel, the following vulnerability has been resolved: module: ensure that kobject_put() is safe for module type kobjects In 'lookup_or_create_module_kobject()', an internal kobject is created using 'module_ktype'. So call to 'kobject_put()' on error handling path causes an attempt tβ¦
5.5
CVE-2025-37997 - netfilter: ipset: fix region locking in hash types
In the Linux kernel, the following vulnerability has been resolved: netfilter: ipset: fix region locking in hash types Region locking introduced in v5.6-rc4 contained three macros to handle the region locks: ahash_bucket_start(), ahash_bucket_end() which gave back the start and end hash bucket vaβ¦
5.3
CVE-2025-46078 -
HuoCMS V3.5.1 and before is vulnerable to file upload, which allows attackers to take control of the target server