8.6
CVE-2025-21612 - Cross-site Scripting in TabberTransclude in Extension:TabberNeue
TabberNeue is a MediaWiki extension that allows the wiki to create tabs. Prior to 2.7.2, TabberTransclude.php doesn't escape the user-supplied page name when outputting, so an XSS payload as the page name can be used here. This vulnerability is fixed in 2.7.2.
8.8
CVE-2025-21611 - tgstation-server's role authorization incorrectly OR'd with user's enabled status
tgstation-server is a production scale tool for BYOND server management. Prior to 6.12.3, roles used to authorize API methods were incorrectly OR'd instead of AND'ed with the role used to determine if a user was enabled. This allows enabled users access to most, but not all, authorized actions regaβ¦
6.9
CVE-2025-21604 - LangChain4j-AIDeepin Using MD5 to Hash files may cause file upload conflicts
LangChain4j-AIDeepin is a Retrieval enhancement generation (RAG) project. Prior to 3.5.0, LangChain4j-AIDeepin uses MD5 to hash files, which may cause file upload conflicts. This issue is fixed in 3.5.0.
7.5
CVE-2024-8474 -
OpenVPN Connect before version 3.5.0 can contain the configuration profile's clear-text private key which is logged in the application log, which an unauthorized actor can use to decrypt the VPN traffic
9.1
CVE-2024-5594 -
OpenVPN before 2.6.11 does not santize PUSH_REPLY messages properly which an attacker controlling the server can use to inject unexpected arbitrary data ending up in client logs.
3.9
CVE-2024-12970 - OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerability in TUBITAK BILGEM Pardus OS My Computer allows OS Command Injection.This issue affects Pardus OS My Computer: before 0.7.2.
5.5
CVE-2024-45559 - Buffer Over-read in Automotive OS Platform
Transient DOS can occur when GVM sends a specific message type to the Vdev-FastRPC backend.
7.5
CVE-2024-45558 - Buffer Over-read in WLAN Host Cmn
Transient DOS can occur when the driver parses the per STA profile IE and tries to access the EXTN element ID without checking the IE length.
8.4
CVE-2024-45555 - Integer Overflow to Buffer Overflow in Automotive OS Platform
Memory corruption can occur if an already verified IFS2 image is overwritten, bypassing boot verification. This allows unauthorized programs to be injected into security-sensitive images, enabling the booting of a tampered IFS2 system image.
7.8
CVE-2024-45553 - Use After Free in DSP Services
Memory corruption can occur when process-specific maps are added to the global list. If a map is removed from the global list while another thread is using it for a process-specific task, issues may arise.