9.8
CVE-2024-13239 - Two-factor Authentication (TFA) - Moderately critical - Access bypass - SA-CONTRIB-2024-003
Weak Authentication vulnerability in Drupal Two-factor Authentication (TFA) allows Authentication Abuse.This issue affects Two-factor Authentication (TFA): from 0.0.0 before 1.5.0.
5.4
CVE-2024-13238 - Typogrify - Moderately critical - Cross Site Scripting - SA-CONTRIB-2024-002
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal Typogrify allows Cross-Site Scripting (XSS).This issue affects Typogrify: from 0.0.0 before 1.3.0.
8.2
CVE-2025-21598 - Junos OS and Junos OS Evolved: When BGP traceoptions are configured, receipt of malformed BGP packe…
An Out-of-bounds Read vulnerability in Juniper Networks Junos OS and Junos OS Evolved's routing protocol daemon (rpd) allows an unauthenticated, network-based attacker to send malformed BGP packets to a device configured with packet receive trace options enabled to crash rpd. This issue affects: J…
5.4
CVE-2024-13237 - File Entity (fieldable files) - Moderately critical - Cross Site Scripting, Access bypass - SA-CONT…
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Drupal File Entity (fieldable files) allows Cross-Site Scripting (XSS).This issue affects File Entity (fieldable files): from 7.X-* before 7.X-2.38.
2.1
CVE-2025-22149 - JWK Set's HTTP client only overwrites and appends JWK to local cache during refresh
JWK Set (JSON Web Key Set) is a JWK and JWK Set Go implementation. Prior to 0.6.0, the project's provided HTTP client's local JWK Set cache should do a full replacement when the goroutine refreshes the remote JWK Set. The current behavior is to overwrite or append. This is a security issue for use …
9.1
CVE-2025-21628 - Chatwoot has a Blind SQL-injection in Conversation and Contacts filters
Chatwoot is a customer engagement suite. Prior to 3.16.0, conversation and contact filters endpoints did not sanitize the input of query_operator passed from the frontend or the API. This provided any actor who is authenticated, an attack vector to run arbitrary SQL within the filter query by addin…
7.1
CVE-2025-21600 - Junos OS and Junos OS Evolved: With certain BGP options enabled, receipt of specifically malformed …
An Out-of-Bounds Read vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated, logically adjacent BGP peer sending a specifically malformed BGP packet to cause rpd to crash and restart, resulting in a Denial of Service (DoS)…
7.1
CVE-2025-21602 - Junos OS and Junos OS Evolved: Receipt of specially crafted BGP update packet causes RPD crash
An Improper Handling of Exceptional Conditions vulnerability in the routing protocol daemon (rpd) of Juniper Networks Junos OS and Junos OS Evolved allows an unauthenticated adjacent attacker sending a specific BGP update packet to cause rpd to crash and restart, resulting in a Denial of Service (D…
8.7
CVE-2025-21599 - Junos OS Evolved: Receipt of specifically malformed IPv6 packets causes kernel memory exhaustion le…
A Missing Release of Memory after Effective Lifetime vulnerability in the Juniper Tunnel Driver (jtd) of Juniper Networks Junos OS Evolved allows an unauthenticated network-based attacker to cause Denial of Service. Receipt of specifically malformed IPv6 packets, destined to the device, causes ke…
6.8
CVE-2025-21596 - Junos OS: SRX1500,SRX4100,SRX4200: Execution of low-privileged CLI command results in chassisd crash
An Improper Handling of Exceptional Conditions vulnerability in the command-line processing of Juniper Networks Junos OS on SRX1500, SRX4100, and SRX4200 devices allows a local, low-privileged authenticated attacker executing the 'show chassis environment pem' command to cause the chassis daemon (c…