8.8
CVE-2025-2765 - CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability
CarlinKit CPC200-CCPA Wireless Hotspot Hard-Coded Credentials Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerability. β¦
8
CVE-2025-2764 - CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vuβ¦
CarlinKit CPC200-CCPA update.cgi Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Although authentication is required to exploit tβ¦
6.8
CVE-2025-2763 - CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability
CarlinKit CPC200-CCPA Improper Verification of Cryptographic Signature Code Execution Vulnerability. This vulnerability allows physically present attackers to execute arbitrary code on affected installations of CarlinKit CPC200-CCPA devices. Authentication is not required to exploit this vulnerabilβ¦
7.8
CVE-2025-2762 - CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability
CarlinKit CPC200-CCPA Missing Root of Trust Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of CarlinKit CPC200-CCPA devices. An attacker must first obtain the ability to execute low-privileged code on the target sβ¦
7.8
CVE-2025-2761 - GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability
GIMP FLI File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a β¦
7.8
CVE-2025-2760 - GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability
GIMP XWD File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of GIMP. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malβ¦
6.5
CVE-2025-1522 - PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability
PostHog database_schema Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within theβ¦
6.5
CVE-2025-1521 - PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability
PostHog slack_incoming_webhook Server-Side Request Forgery Information Disclosure Vulnerability. This vulnerability allows remote attackers to disclose sensitive information on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists witβ¦
8.0
CVE-2025-1520 - PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability
PostHog ClickHouse Table Functions SQL Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of PostHog. Authentication is required to exploit this vulnerability. The specific flaw exists within the iβ¦
8.8
CVE-2025-1050 - Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability
Sonos Era 300 Out-of-Bounds Write Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected Sonos Era 300 speakers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing ofβ¦