8.7
CVE-2025-23213 - Tandoor Recipes - Stored XSS through Unrestricted File Upload
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The file upload feature allows to upload arbitrary files, including html and svg. Both can contain malicious content (XSS Payloads). This vulnerability is fixed in 1.5.28.
7.7
CVE-2025-23212 - Tandoor Recipes - Local file disclosure - Users can read the content of any file on the server
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. The external storage feature allows any user to enumerate the name and content of files on the server. This vulnerability is fixed in 1.5.28.
10
CVE-2025-23211 - Tandoor Recipes - SSTI - Remote Code Execution
Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. A Jinja2 SSTI vulnerability allows any user to execute commands on the server. In the case of the provided Docker Compose file as root. This vulnerability is fixed in 1.5.24.
8.7
CVE-2025-23045 - CVAT allows remote code execution via tracker Nuclio functions
Computer Vision Annotation Tool (CVAT) is an interactive video and image annotation tool for computer vision. An attacker with an account on an affected CVAT instance is able to run arbitrary code in the context of the Nuclio function container. This vulnerability affects CVAT deployments that run β¦
7
CVE-2025-0659 - Path Traversal and Rockwell Automation Third-party Vulnerability in DataMosaixβ’ Private Cloud
A path traversal vulnerability exists in the Rockwell Automation DataEdge Platform DataMosaix Private Cloud. By specifying the character sequence in the body of the vulnerable endpoint, it is possible to overwrite files outside of the intended directory. A threat actor with admin privileges could lβ¦
5.1
CVE-2024-7881 -
An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced.
4.3
CVE-2024-6351 - Malformed packet leads to denial of service in NWK/APS layer
A malformed packet can cause a buffer overflow in the NWK/APS layer of the Ember ZNet stack and lead to an assert
5.1
CVE-2024-11956 - Pimcore customer-data-framework list sql injection
A vulnerability, which was classified as critical, has been found in Pimcore customer-data-framework up to 4.2.0. Affected by this issue is some unknown functionality of the file /admin/customermanagementframework/customers/list. The manipulation of the argument filterDefinition/filter leads to sqlβ¦
5.1
CVE-2024-11954 - Pimcore Search Document cross site scripting
A vulnerability classified as problematic was found in Pimcore 11.4.2. Affected by this vulnerability is an unknown functionality of the component Search Document. The manipulation leads to basic cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the publicβ¦
7.8
CVE-2025-0065 - Improper Neutralization of Argument Delimiters in TeamViewer Clients
Improper Neutralization of Argument Delimiters in the TeamViewer_service.exe component of TeamViewer Clients prior version 15.62 for Windows allows an attacker with local unprivileged access on a Windows system to elevate privileges via argument injection.