8.3
CVE-2025-29471 -
Cross Site Scripting vulnerability in Nagios Log Server v.2024R1.3.1 allows a remote attacker to execute arbitrary code via a payload into the Email field.
5.9
CVE-2025-28198 -
A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component.
6.5
CVE-2025-24948 -
In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records.
4
CVE-2025-32997 - http-proxy-middleware: Improper Check for Unusual or Exceptional Conditions in http-proxy-middleware
In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.
5
CVE-2025-32103 -
CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions.
9
CVE-2025-32428 - Jupyter Remote Desktop Proxy makes TigerVNC accessible via the network and not just via a UNIX sockβ¦
Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessβ¦
9.4
CVE-2025-24797 - Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow
Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not rβ¦
3.5
CVE-2025-31494 - AutoGPT allows cross-user sharing of node execution results through WebSockets API
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graph_id+graph_version. Additionally, there was no cheβ¦
8.6
CVE-2025-31491 - AutoGPT allows leakage of cross-domain cookies and protected headers in requests redirect
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests pβ¦
7.5
CVE-2025-31490 - AutoGPT allows SSRF due to DNS Rebinding in requests wrapper
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows SSRF due to DNS Rebinding in requests wrapper. AutoGPT is built with a wrapper around Python's requests library, hardening β¦