6.9
CVE-2025-24356 - UDP traffic amplification via fastd's fast reconnect feature
fastd is a VPN daemon which tunnels IP packets and Ethernet frames over UDP. When receiving a data packet from an unknown IP address/port combination, fastd will assume that one of its connected peers has moved to a new address and initiate a reconnect by sending a handshake packet. This "fast recoβ¦
5.3
CVE-2025-24354 - imgproxy is vulnerable to SSRF against 0.0.0.0
imgproxy is server for resizing, processing, and converting images. Imgproxy does not block the 0.0.0.0 address, even with IMGPROXY_ALLOW_LOOPBACK_SOURCE_ADDRESSES set to false. This can expose services on the local host. This vulnerability is fixed in 3.27.2.
6.5
CVE-2025-23197 - matrix-hookshot has a Potential Denial of Service when Hookshot is configured with GitHub support
matrix-hookshot is a Matrix bot for connecting to external services like GitHub, GitLab, JIRA, and more. When Hookshot 6 version 6.0.1 or below, or Hookshot 5 version 5.4.1 or below, is configured with GitHub support, it is vulnerable to a Denial of Service (DoS) whereby it can crash on restart dueβ¦
7
CVE-2024-12740 - Dependency on Vulnerable Third-Party Component exposes Vulnerabilities in NI Vision Software
Vision related software from NI used a third-party library for image processing that exposes several vulnerabilities. These vulnerabilities may result in arbitrary code execution. Successful exploitation requires an attacker to get a user to open a specially crafted file.
6.9
CVE-2025-24368 - Cacti has a SQL Injection vulnerability when using tree rules through Automation API
Cacti is an open source performance and fault management framework. Some of the data stored in automation_tree_rules.php is not thoroughly checked and is used to concatenate the SQL statement in build_rule_item_filter() function from lib/api_automation.php, resulting in SQL injection. This vulnerabβ¦
8.7
CVE-2025-24367 - Cacti allows Arbitrary File Creation leading to RCE
Cacti is an open source performance and fault management framework. An authenticated Cacti user can abuse graph creation and graph template functionality to create arbitrary PHP scripts in the web root of the application, leading to remote code execution on the server. This vulnerability is fixed iβ¦
9.1
CVE-2025-22604 - Cacti has Authenticated RCE via multi-line SNMP responses
Cacti is an open source performance and fault management framework. Due to a flaw in multi-line SNMP result parser, authenticated users can inject malformed OIDs in the response. When processed by ss_net_snmp_disk_io() or ss_net_snmp_disk_bytes(), a part of each OID will be used as a key in an arraβ¦
6.3
CVE-2024-54145 - Cacti has a SQL Injection vulnerability when request automation devices
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the get_discovery_results function of automation_devices.php using the network parameter. This vulnerability is fixed in 1.2.29.
7.6
CVE-2024-54146 - Cacti has a SQL Injection vulnerability when view host template
Cacti is an open source performance and fault management framework. Cacti has a SQL injection vulnerability in the template function of host_templates.php using the graph_template parameter. This vulnerability is fixed in 1.2.29.
6.3
CVE-2025-0730 - TP-Link TL-SG108E HTTP GET Request usr_account_set.cgi get request method with sensitive query striβ¦
A vulnerability classified as problematic has been found in TP-Link TL-SG108E 1.0.0 Build 20201208 Rel. 40304. Affected is an unknown function of the file /usr_account_set.cgi of the component HTTP GET Request Handler. The manipulation of the argument username/password leads to use of get request mβ¦