Skip to main content
CVE-2025-29446 LOW POC Monitor

open-webui v0.5.16 is vulnerable to SSRF in routers/ollama.py in function verify_connection. Rated low severity (CVSS 3.3), this vulnerability is low attack complexity. Public exploit code available and no vendor patch available.

SSRF Open Webui Ollama AI / ML
NVD GitHub VulDB
CVSS 3.1
3.3
EPSS
0.1%
CVE-2025-43967 LOW POC PATCH Monitor

libheif before 1.19.6 has a NULL pointer dereference in ImageItem_Grid::get_decoder in image-items/grid.cc because a grid image can reference a nonexistent image item. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. Public exploit code available.

Null Pointer Dereference Denial Of Service Libheif
NVD GitHub
CVSS 3.1
2.9
EPSS
0.2%
CVE-2025-25228 LOW Monitor

A SQL injection in VirtueMart component 1.0.0 - 4.4.7 for Joomla allows authenticated attackers (administrator) to execute arbitrary SQL commands in the product management area in backend. Rated low severity (CVSS 3.8), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.

SQLi Virtuemart Joomla
NVD GitHub
CVSS 3.1
3.8
EPSS
0.2%
CVE-2025-43916 LOW Monitor

Sonos api.sonos.com through 2025-04-21, when the /login/v3/oauth endpoint is used, accepts a redirect_uri containing userinfo in the authority component, which is not consistent with RFC 6819 section. Rated low severity (CVSS 3.4), this vulnerability is remotely exploitable, no authentication required. No vendor patch available.

Information Disclosure
NVD GitHub
CVSS 3.1
3.4
EPSS
0.2%
CVE-2025-43963 LOW PATCH Monitor

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp allows out-of-buffer access because split_col and split_row values are not checked in 0x041f tag processing. Rated low severity (CVSS 2.9), this vulnerability is no authentication required. This Out-of-bounds Read vulnerability could allow attackers to read data from memory outside the intended buffer boundaries.

Information Disclosure Buffer Overflow Libraw
NVD GitHub
CVSS 3.1
2.9
EPSS
0.3%
CVE-2025-43962 LOW PATCH Monitor

In LibRaw before 0.21.4, phase_one_correct in decoders/load_mfbacks.cpp has out-of-bounds reads for tag 0x412 processing, related to large w0 or w1 values or the frac and mult calculations. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.

Information Disclosure Buffer Overflow Libraw
NVD GitHub
CVSS 3.1
2.9
EPSS
0.3%
CVE-2025-43961 LOW PATCH Monitor

In LibRaw before 0.21.4, metadata/tiff.cpp has an out-of-bounds read in the Fujifilm 0xf00c tag parser. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.

Information Disclosure Buffer Overflow Libraw
NVD GitHub
CVSS 3.1
2.9
EPSS
0.3%
CVE-2025-43964 LOW PATCH Monitor

In LibRaw before 0.21.4, tag 0x412 processing in phase_one_correct in decoders/load_mfbacks.cpp does not enforce minimum w0 and w1 values. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.

Information Disclosure Libraw
NVD GitHub
CVSS 3.1
2.9
EPSS
0.2%
CVE-2025-43966 LOW PATCH Monitor

libheif before 1.19.6 has a NULL pointer dereference in ImageItem_iden in image-items/iden.cc. Rated low severity (CVSS 2.9), this vulnerability is no authentication required.

Null Pointer Dereference Denial Of Service Libheif
NVD GitHub
CVSS 3.1
2.9
EPSS
0.2%
CVE-2025-32408 LOW Monitor

In Soffid Console 3.6.31 before 3.6.32, authorization to use the pam service is mishandled. Rated low severity (CVSS 2.5). No vendor patch available.

Authentication Bypass
NVD
CVSS 3.1
2.5
EPSS
0.1%
CVE-2025-2517 LOW Monitor

Reference to Expired Domain Vulnerability in OpenText™ ArcSight Enterprise Security Manager. Rated low severity (CVSS 2.3), this vulnerability is remotely exploitable, no authentication required, low attack complexity. No vendor patch available.

Information Disclosure
NVD
CVSS 4.0
2.3
EPSS
0.4%
CVE-2025-3840 LOW Monitor

An improper neutralization of input vulnerability was identified in the End of Life (EOL) OVA based connect installer component which is deployed for installation purposes in a customer network. Rated low severity (CVSS 2.1), this vulnerability is no authentication required, low attack complexity. No vendor patch available.

XSS
NVD
CVSS 4.0
2.1
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy