7.8
CVE-2025-46723 - OpenVM byte decomposition of pc in AUIPC chip can overflow
OpenVM is a performant and modular zkVM framework built for customization and extensibility. In version 1.0.0, OpenVM is vulnerable to overflow through byte decomposition of pc in AUIPC chip. A typo results in the highest limb of pc being range checked to 8-bits instead of 6-bits. This results in tβ¦
7.8
CVE-2022-21546 - scsi: target: Fix WRITE_SAME No Data Buffer crash
In the Linux kernel, the following vulnerability has been resolved: scsi: target: Fix WRITE_SAME No Data Buffer crash In newer version of the SBC specs, we have a NDOB bit that indicates there is no data buffer that gets written out. If this bit is set using commands like "sg_write_same --ndob" wβ¦
6.1
CVE-2025-21572 -
OpenGrok 1.13.25 has a reflected Cross-Site Scripting (XSS) issue when producing the history view page. This happens through improper handling of path segments. The application reflects unsanitized user input into the HTML output.
4.8
CVE-2025-4218 - handrew browserpilot gpt_selenium_agent.py GPTSeleniumAgent code injection
A vulnerability was found in handrew browserpilot up to 0.2.51. It has been declared as critical. Affected by this vulnerability is the function GPTSeleniumAgent of the file browserpilot/browserpilot/agents/gpt_selenium_agent.py. The manipulation of the argument instructions leads to code injectionβ¦
2.3
CVE-2025-4215 - gorhill uBlock Origin UI 1p-filters.js currentStateChanged redos
A vulnerability was found in gorhill uBlock Origin up to 1.63.3b16. It has been classified as problematic. Affected is the function currentStateChanged of the file src/js/1p-filters.js of the component UI. The manipulation leads to inefficient regular expression complexity. It is possible to launchβ¦
0.0
CVE-2025-0782 -
This CVE ID has been rejected or withdrawn by its CVE Numbering Authority.
6.9
CVE-2025-4214 - PHPGuruku Online DJ Booking Management System booking-bwdates-reports-details.php sql injection
A vulnerability was found in PHPGuruku Online DJ Booking Management System 1.0 and classified as critical. This issue affects some unknown processing of the file /admin/booking-bwdates-reports-details.php. The manipulation of the argument fromdate leads to sql injection. The attack may be initiatedβ¦
6.9
CVE-2025-4213 - PHPGurukul Online Birth Certificate System search.php sql injection
A vulnerability has been found in PHPGurukul Online Birth Certificate System 1.0 and classified as critical. This vulnerability affects unknown code of the file /admin/search.php. The manipulation of the argument searchdata leads to sql injection. The attack can be initiated remotely. The exploit hβ¦
6.5
CVE-2025-46332 - Information Disclosure via Flags override link
Flags SDK is an open-source feature flags toolkit for Next.js and SvelteKit. Impacted versions include flags from 3.2.0 and prior and @vercel/flags from 3.1.1 and prior as certain circumstances allows a bad actor with detailed knowledge of the vulnerability to list all flags returned by the flags dβ¦
6.6
CVE-2025-3879 - Vaultβs Azure Authentication Method bound_location Restriction Could be Bypassed on Login
Vault Community, Vault Enterprise (βVaultβ) Azure Auth method did not correctly validate the claims in the Azure-issued token, resulting in the potential bypass of the bound_locations parameter on login. Fixed in Vault Community Edition 1.19.1 and Vault Enterprise 1.19.1, 1.18.7, 1.17.14, 1.16.18.