9.8
CVE-2025-69809 - Unauthenticated WriteโWhatโWhere in p2r3 Bareiron Enables Arbitrary Code Execution
A write-what-where condition in p2r3 Bareiron commit 8e4d40 allows unauthenticated attackers to write arbitrary values to memory, enabling arbitrary code execution via a crafted packet.
7.5
CVE-2026-30405 -
An issue in GoBGP gobgpd v.4.2.0 allows a remote attacker to cause a denial of service via the NEXT_HOP path attribute
9.8
CVE-2025-69902 - Command Injection in kubectlโmcp-server Minimal Wrapper Vulnerability
A command injection vulnerability in the minimal_wrapper.py component of kubectl-mcp-server v1.2.0 allows attackers to execute arbitrary commands via injecting arbitrary shell metacharacters.
6.5
CVE-2025-68971 - forgejo: Forgejo: Denial of Service via large file attachment upload
In Forgejo through 13.0.3, the attachment component allows a denial of service by uploading a multi-gigabyte file attachment (e.g., to be associated with an issue or a release).
8.8
CVE-2025-50881 - Use It Flow Admin Remote Code Execution via Unsanitized eval in action Parameter
The `flow/admin/moniteur.php` script in Use It Flow administration website before 10.0.0 is vulnerable to Remote Code Execution. When handling GET requests, the script takes user-supplied input from the `action` URL parameter, performs insufficient validation, and incorporates this input into a strโฆ
7.5
CVE-2025-69768 - SQL Injection in Chyrp Admin Component Allows Remote Data Retrieval
SQL Injection vulnerability in Chyrp v.2.5.2 and before allows a remote attacker to obtain sensitive information via the Admin.php component
6.1
CVE-2025-57543 - CrossโSite Scripting via Comment Field in NetBox 4.3.5
Cross Site scripting vulnerability (XSS) in NetBox 4.3.5 "comment" field on object forms. An attacker can inject arbitrary HTML, which will be rendered in the web UI when viewed by other users. This could potentially lead to user interface redress attacks or be escalated to XSS in certain contexts.
7.5
CVE-2025-66687 - Directory Traversal Vulnerability in Doom Launcher 3.8.1.0 During Game File Extraction
Doom Launcher 3.8.1.0 is vulnerable to Directory Traversal due to missing file path validation during the extraction of game files
5.3
CVE-2025-69727 - Unauthenticated Retrieval of User Profile Images due to Missing Access Control in Prontรฉ
An Incorrect Access Control vulnerability exists in INDEX-EDUCATION PRONOTE prior to 2025.2.8. The affected components (index.js and composeUrlImgPhotoIndividu) allow the construction of direct URLs to user profile images based solely on predictable identifiers such as user IDs and names. Due to miโฆ
5.3
CVE-2026-4271 - Libsoup: libsoup: denial of service via use-after-free in http/2 server
A flaw was found in libsoup, a library for handling HTTP requests. This vulnerability, known as a Use-After-Free, occurs in the HTTP/2 server implementation. A remote attacker can exploit this by sending specially crafted HTTP/2 requests that cause authentication failures. This can lead to the applโฆ