8.8

CVSS3.1

CVE-2025-29281 -

In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: June 24, 2025, 3:17 p.m.

8.3

CVSS3.1

CVE-2025-29471 -

Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: April 23, 2025, 4:30 p.m.

5.9

CVSS3.1

CVE-2025-28198 -

A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: April 22, 2025, 6:24 p.m.

6.5

CVSS3.1

CVE-2025-24948 -

In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: April 22, 2025, 6:41 p.m.

4

CVSS3.1

CVE-2025-32997 - http-proxy-middleware: Improper Check for Unusual or Exceptional Conditions in http-proxy-middleware

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: Oct. 21, 2025, 2:42 p.m.

5

CVSS3.1

CVE-2025-32103 -

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: Nov. 3, 2025, 8:18 p.m.

9

CVSS4.0

CVE-2025-32428 - Jupyter Remote Desktop Proxy makes TigerVNC accessible via the network and not just via a UNIX sock…

Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still access…

πŸ“… Published: April 14, 2025, 11:29 p.m. πŸ”„ Last Modified: April 15, 2025, 6:39 p.m.

9.4

CVSS3.1

CVE-2025-24797 - Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not r…

πŸ“… Published: April 14, 2025, 11:25 p.m. πŸ”„ Last Modified: Oct. 3, 2025, 3:31 p.m.

3.5

CVSS3.1

CVE-2025-31494 - AutoGPT allows cross-user sharing of node execution results through WebSockets API

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graph_id+graph_version. Additionally, there was no che…

πŸ“… Published: April 14, 2025, 11:21 p.m. πŸ”„ Last Modified: Aug. 25, 2025, 2:23 a.m.

8.6

CVSS3.1

CVE-2025-31491 - AutoGPT allows leakage of cross-domain cookies and protected headers in requests redirect

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests p…

πŸ“… Published: April 14, 2025, 11:15 p.m. πŸ”„ Last Modified: Aug. 5, 2025, 5:04 p.m.
Total resulsts: 342372
Page 5207 of 34,238
Β« previous page Β» next page
Filters