7.5
CVE-2025-32442 - Fastify vulnerable to invalid content-type parsing, which could lead to validation bypass
Fastify is a fast and low overhead web framework, for Node.js. In versions 5.0.0 to 5.3.0 as well as version 4.29.0, applications that specify different validation strategies for different content types have a possibility to bypass validation by providing a _slightly altered_ content type such as wβ¦
8.6
CVE-2025-32389 - NamelessMC Vulnerable to SQL Injections in /user/messaging and /panel/users/reports Pages
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. Prior to version 2.1.4, NamelessMC is vulnerable to SQL injection by providing an unexpected square bracket GET parameter syntax. Square bracket GET parameter syntax refers to the structure `?param[0]=a¶m[1]=b&β¦
5.3
CVE-2025-31120 - NamelessMC Vulnerable to Cookie-Based View Count Manipulation
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, an insecure view count mechanism in the forum page allows an unauthenticated attacker to artificially increase the view count. The application relies on a client-side cookie (nl-topic-[tβ¦
7.1
CVE-2025-31118 - NamelessMC Has Forum Reply Submission Time Limit Bypass
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, forum quick reply feature (view_topic.php) does not implement any spam prevention mechanism. This allows authenticated users to continuously post replies without any time restriction, reβ¦
7.3
CVE-2025-30357 - NamelessMC Forum Topic Deletion Triggered by Unrelated User Deletion
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, if a malicious user is leaving spam comments on many topics then an administrator, unable to manually remove each spam comment, may delete the malicious account. Once an administrator deβ¦
7.1
CVE-2025-30158 - NamelessMC Forum iframe width/height abuse causing UI-based Denial of Service
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the forum allows users to post iframe elements inside forum topics/comments/feed with no restriction on the iframe's width and height attributes. This allows an authenticated attacker toβ¦
7.5
CVE-2025-29784 - NamelessMC Has Lack of Length Validation for s Parameter in GET Requests
NamelessMC is a free, easy to use & powerful website software for Minecraft servers. In version 2.1.4 and prior, the s parameter in GET requests for forum search functionality lacks length validation, allowing attackers to submit excessively long search queries. This oversight can lead to performanβ¦
6.5
CVE-2025-27599 - Element X Android vulnerable to loading malicious web pages via received intent
Element X Android is a Matrix Android Client provided by element.io. Prior to version 25.04.2, a crafted hyperlink on a webpage, or a locally installed malicious app, can force Element X up to version 25.04.1 to load a webpage with similar permissions to Element Call and automatically grant it tempβ¦
9.3
CVE-2025-32434 - PyTorch: `torch.load` with `weights_only=True` leads to remote code execution
PyTorch is a Python package that provides tensor computation with strong GPU acceleration and deep neural networks built on a tape-based autograd system. In version 2.5.1 and prior, a Remote Command Execution (RCE) vulnerability exists in PyTorch when loading a model using torch.load with weights_oβ¦
9.8
CVE-2025-29953 - Apache ActiveMQ NMS OpenWire Client: deserialization allowlist bypass
Deserialization of Untrusted Data vulnerability in Apache ActiveMQ NMS OpenWire Client. This issue affects Apache ActiveMQ NMS OpenWire Client before 2.1.1 when performing connections to untrusted servers. Such servers could abuse the unbounded deserialization in the client to provide malicious reβ¦