9.1
CVE-2021-27289 -
A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee Gateway Module = v1.0.3, Door Sensor = v1.0.7, Motion Sensor = v1.0.12), where the Zigbee anti-replay mechanism - based on the frame counter field - is improperly implemented. As a result, an attackβ¦
5
CVE-2025-32103 -
CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions.
9
CVE-2025-32428 - Jupyter Remote Desktop Proxy makes TigerVNC accessible via the network and not just via a UNIX sockβ¦
Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still accessβ¦
9.4
CVE-2025-24797 - Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow
Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not rβ¦
3.5
CVE-2025-31494 - AutoGPT allows cross-user sharing of node execution results through WebSockets API
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graph_id+graph_version. Additionally, there was no cheβ¦
8.6
CVE-2025-31491 - AutoGPT allows leakage of cross-domain cookies and protected headers in requests redirect
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows of leakage of cross-domain cookies and protected headers in requests redirect. AutoGPT uses a wrapper around the requests pβ¦
7.5
CVE-2025-31490 - AutoGPT allows SSRF due to DNS Rebinding in requests wrapper
AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. Prior to 0.6.1, AutoGPT allows SSRF due to DNS Rebinding in requests wrapper. AutoGPT is built with a wrapper around Python's requests library, hardening β¦
5.3
CVE-2025-3593 - ZHENFENG13/code-projects My-Blog-layui authorImg upload unrestricted upload
A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been declared as critical. This vulnerability affects the function Upload of the file /admin/upload/authorImg/. The manipulation of the argument File leads to unrestricted upload. The attack can be initiated remotely. Tβ¦
5.1
CVE-2025-3592 - ZHENFENG13/code-projects My-Blog-layui edit cross site scripting
A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0. It has been classified as problematic. This affects an unknown part of the file /admin/v1/link/edit. The manipulation leads to cross site scripting. It is possible to initiate the attack remotely. The exploit has been discloseβ¦
5.1
CVE-2025-3591 - ZHENFENG13/code-projects My-Blog-layui edit cross site scripting
A vulnerability was found in ZHENFENG13/code-projects My-Blog-layui 1.0 and classified as problematic. Affected by this issue is some unknown functionality of the file /admin/v1/blog/edit. The manipulation leads to cross site scripting. The attack may be launched remotely. The exploit has been discβ¦