7.5
CVE-2025-32947 - PeerTube ActivityPub Crawl Infinite Loop DoS
This vulnerability allows any attacker to cause the PeerTube server to stop responding to requests due to an infinite loop in the "inbox" endpoint whenΒ receiving crafted ActivityPub activities.
0.0
CVE-2025-33022 -
The reporter agreed to not assign CVE ID
5.3
CVE-2025-32946 - PeerTube Arbitrary Playlist Creation via ActivityPub Protocol
This vulnerability allows any attacker to add playlists to a different userβs channel using the ActivityPub protocol. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request, withβ¦
6.5
CVE-2025-3608 - Race condition in nsHttpTransaction could lead to memory corruption
A race condition existed in nsHttpTransaction that could have been exploited to cause memory corruption, potentially leading to an exploitable condition. This vulnerability was fixed in Firefox 137.0.2.
4.3
CVE-2025-32945 - PeerTube Arbitrary Playlist Creation via REST API
The vulnerability allows an existing user to add playlists to a different userβs channel using the PeerTube REST API. The vulnerable code sets the owner of the new playlist to be the user who performed the request, and then sets the associated channel to the channel ID supplied by the request, withβ¦
6.5
CVE-2025-32944 - PeerTube User Import Authenticated Persistent Denial of Service
The vulnerability allows any authenticated user to cause the PeerTube server to stop functioning in a persistent manner.Β Β If user import is enabled (which is the default setting), any registered user can upload an archive for importing. The code uses the yauzl library for reading the archive. If thβ¦
0.0
CVE-2025-31011 - WordPress SimplyRETS Real Estate IDX plugin <= 3.2.2 - Cross Site Scripting (XSS) vulnerability
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in ReichertBrothers SimplyRETS Real Estate IDX simply-rets allows Reflected XSS.This issue affects SimplyRETS Real Estate IDX: from n/a through <= 3.2.2.
0.0
CVE-2025-30985 - WordPress GNUCommerce plugin <= 1.5.4 - PHP Object Injection vulnerability
Deserialization of Untrusted Data vulnerability in kagla GNUCommerce gnucommerce allows Object Injection.This issue affects GNUCommerce: from n/a through <= 1.5.4.
4.3
CVE-2025-30965 - WordPress WPJobBoard plugin < 5.11.1 - Multiple Cross Site Request Forgery (CSRF) vulnerabilities vβ¦
Cross-Site Request Forgery (CSRF) vulnerability in NotFound WPJobBoard allows Cross Site Request Forgery. This issue affects WPJobBoard: from n/a through n/a.
0.0
CVE-2025-30964 - WordPress Photography theme < 7.7.6 - Server Side Request Forgery (SSRF) vulnerability
Server-Side Request Forgery (SSRF) vulnerability in ThemeGoods Photography photography allows Server Side Request Forgery.This issue affects Photography: from n/a through < 7.7.6.