4.3

CVSS3.1

CVE-2025-29705 -

code-gen <=2.0.6 is vulnerable to Incorrect Access Control. The project does not have permission control allowing anyone to access such projects.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: April 22, 2025, 5:46 p.m.

8.8

CVSS3.1

CVE-2025-29281 -

In PerfreeBlog version 4.0.11, regular users can exploit the arbitrary file upload vulnerability in the attach component to upload arbitrary files and execute code within them.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: June 24, 2025, 3:17 p.m.

5.9

CVSS3.1

CVE-2025-28198 -

A SQL injection vulnerability in Hitout car sale 1.0 allows a remote attacker to obtain sensitive information via the orderBy parameter of the StoreController.java component.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: April 22, 2025, 6:24 p.m.

6.5

CVSS3.1

CVE-2025-24948 -

In JotUrl 2.0, passwords are sent via HTTP GET-type requests, potentially exposing credentials to eavesdropping or insecure records.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: April 22, 2025, 6:41 p.m.

4

CVSS3.1

CVE-2025-32997 - http-proxy-middleware: Improper Check for Unusual or Exceptional Conditions in http-proxy-middleware

In http-proxy-middleware before 2.0.9 and 3.x before 3.0.5, fixRequestBody proceeds even if bodyParser has failed.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: Oct. 21, 2025, 2:42 p.m.

9.1

CVSS3.1

CVE-2021-27289 -

A replay attack vulnerability was discovered in a Zigbee smart home kit manufactured by Ksix (Zigbee Gateway Module = v1.0.3, Door Sensor = v1.0.7, Motion Sensor = v1.0.12), where the Zigbee anti-replay mechanism - based on the frame counter field - is improperly implemented. As a result, an attack…

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

5

CVSS3.1

CVE-2025-32103 -

CrushFTP 9.x and 10.x through 10.8.4 and 11.x through 11.3.1 allows directory traversal via the /WebInterface/function/ URI to read files accessible by SMB at UNC share pathnames, bypassing SecurityManager restrictions.

πŸ“… Published: April 15, 2025, midnight πŸ”„ Last Modified: Nov. 3, 2025, 8:18 p.m.

9

CVSS4.0

CVE-2025-32428 - Jupyter Remote Desktop Proxy makes TigerVNC accessible via the network and not just via a UNIX sock…

Jupyter Remote Desktop Proxy allows you to run a Linux Desktop on a JupyterHub. jupyter-remote-desktop-proxy was meant to rely on UNIX sockets readable only by the current user since version 3.0.0, but when used with TigerVNC, the VNC server started by jupyter-remote-desktop-proxy were still access…

πŸ“… Published: April 14, 2025, 11:29 p.m. πŸ”„ Last Modified: April 15, 2026, 12:35 a.m.

9.4

CVSS3.1

CVE-2025-24797 - Meshtastic incorrectly hands malformed packets leads to controlled buffer overflow

Meshtastic is an open source mesh networking solution. A fault in the handling of mesh packets containing invalid protobuf data can result in an attacker-controlled buffer overflow, allowing an attacker to hijack execution flow, potentially resulting in remote code execution. This attack does not r…

πŸ“… Published: April 14, 2025, 11:25 p.m. πŸ”„ Last Modified: Oct. 3, 2025, 3:31 p.m.

3.5

CVSS3.1

CVE-2025-31494 - AutoGPT allows cross-user sharing of node execution results through WebSockets API

AutoGPT is a platform that allows users to create, deploy, and manage continuous artificial intelligence agents that automate complex workflows. The AutoGPT Platform's WebSocket API transmitted node execution updates to subscribers based on the graph_id+graph_version. Additionally, there was no che…

πŸ“… Published: April 14, 2025, 11:21 p.m. πŸ”„ Last Modified: Aug. 25, 2025, 2:23 a.m.
Total resulsts: 346614
Page 5631 of 34,662
Β« previous page Β» next page
Filters