6.9
CVE-2025-31933 - Growatt Cloud Applications Authorization Bypass Through User-Controlled Key
An unauthenticated attacker can check the existence of usernames in the system by querying an API.
8.7
CVE-2025-30511 - Growatt Cloud Applications Cross-site Scripting
An authenticated attacker can achieve stored XSS by exploiting improper sanitization of the plant name value while adding or editing a plant.
4.6
CVE-2025-32012 - Jellyfin Vulnerable to Denial of Service (DoS) via IP Spoofing
Jellyfin is an open source self hosted media server. In versions 10.9.0 to before 10.10.7, the /System/Restart endpoint provides administrators the ability to restart their Jellyfin server. This endpoint is intended to be admins-only, but it also authorizes requests from any device in the same locaโฆ
7.5
CVE-2025-31497 - TEIGarage XML External Entity (XXE) Injection in Document Conversion Service
TEIGarage is a webservice and RESTful service to transform, convert and validate various formats, focussing on the TEI format. The Document Conversion Service contains a critical XML External Entity (XXE) Injection vulnerability in its document conversion functionality. The service processes XML fiโฆ
9.3
CVE-2025-2567 - Lantronix Xport Missing Authentication for Critical Function
An attacker could modify or disable settings, disrupt fuel monitoring and supply chain operations, leading to disabling of ATG monitoring. This would result in potential safety hazards in fuel storage and transportation.
8.8
CVE-2025-32438 - Local privilege escalation in make-initrd-ng
make-initrd-ng is a tool for copying binaries and their dependencies. Local privilege escalation affecting all NixOS users. With systemd.shutdownRamfs.enable enabled (the default) a local user is able to create a program that will be executed by root during shutdown. Patches exist for NixOS 24.11 aโฆ
6.7
CVE-2025-1122 -
Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 15753.50.0 stable on Cr50 Boards allows an attacker with root access to gain persistence and Bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.
6.7
CVE-2025-1292 - TPM2 Out-Of-Bounds Write Leading to Potential Operating System Verification Bypass in ChromeOS
Out-Of-Bounds Write in TPM2 Reference Library in Google ChromeOS 122.0.6261.132 stable on Cr50 Boards allows an attacker with root access to gain persistence and bypass operating system verification via exploiting the NV_Read functionality during the Challenge-Response process.
6.5
CVE-2025-32439 - pleezer allows resource exhaustion through uncollected hook script processes
pleezer is a headless Deezer Connect player. Hook scripts in pleezer can be triggered by various events like track changes and playback state changes. In versions before 0.16.0, these scripts were spawned without proper process cleanup, leaving zombie processes in the system's process table. Even dโฆ
0.0
CVE-2025-34998 -
This CVE ID was rejected because it was reserved but not used for a vulnerability disclosure.