4.9
CVE-2025-47951 - Weblate lacks rate limiting when verifying second factor
Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in versโฆ
7.2
CVE-2025-32800 - Conda-build vulnerable to supply chain attack vector due to pyproject.toml referring to dependencieโฆ
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.0, the pyproject.toml lists conda-index as a Python dependency. This package is not published in PyPI. An attacker could claim this namespace and upload arbitrary (malicious) code to the package, and then exploitโฆ
8.7
CVE-2025-6138 - TOTOLINK T10 HTTP POST Request cstecgi.cgi setWizardCfg buffer overflow
A vulnerability classified as critical was found in TOTOLINK T10 4.1.8cu.5207. Affected by this vulnerability is the function setWizardCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument ssid5g leads to buffer overflow. The attack can beโฆ
5.6
CVE-2025-32799 - Conda-build Vulnerable to Path Traversal via Malicious Tar File
Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build processing logic is vulnerable to path traversal (Tarslip) attacks due to improper sanitization of tar entry paths. Attackers can craft tar archives containing entries with directory traversal โฆ
8.2
CVE-2025-32798 - Conda-build Allows Arbitrary Code Execution via Malicious Recipe Selectors
Conda-build contains commands and tools to build conda packages. Prior to version 25.4.0, the conda-build recipe processing logic has been found to be vulnerable to arbitrary code execution due to unsafe evaluation of recipe selectors. Currently, conda-build uses the eval function to process embeddโฆ
8.7
CVE-2025-6137 - TOTOLINK T10 HTTP POST Request cstecgi.cgi setWiFiScheduleCfg buffer overflow
A vulnerability classified as critical has been found in TOTOLINK T10 4.1.8cu.5207. Affected is the function setWiFiScheduleCfg of the file /cgi-bin/cstecgi.cgi of the component HTTP POST Request Handler. The manipulation of the argument desc leads to buffer overflow. It is possible to launch the aโฆ
5.3
CVE-2025-6136 - Projectworlds Life Insurance Management System insertPayment.php sql injection
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been rated as critical. This issue affects some unknown processing of the file /insertPayment.php. The manipulation of the argument recipt_no leads to sql injection. The attack may be initiated remotely. The expโฆ
5.3
CVE-2025-6135 - Projectworlds Life Insurance Management System insertNominee.php sql injection
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been declared as critical. This vulnerability affects unknown code of the file /insertNominee.php. The manipulation of the argument client_id/nominee_id leads to sql injection. The attack can be initiated remoteโฆ
6
CVE-2025-32797 - Conda-build Insecure Build Script Permissions Enabling Arbitrary Code Execution
Conda-build contains commands and tools to build conda packages. Prior to version 25.3.1, the write_build_scripts function in conda-build creates the temporary build script conda_build.sh with overly permissive file permissions (0o766), allowing write access to all users. Attackers with filesystem โฆ
5.3
CVE-2025-6134 - Projectworlds Life Insurance Management System insertClient.php sql injection
A vulnerability was found in Projectworlds Life Insurance Management System 1.0. It has been classified as critical. This affects an unknown part of the file /insertClient.php. The manipulation of the argument client_id leads to sql injection. It is possible to initiate the attack remotely. The expโฆ