Skip to main content
CVE-2025-6499 LOW POC Monitor

A vulnerability classified as problematic was found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_parse_multiline_string of the file src/ucl_parser.c. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-6498 LOW POC PATCH Monitor

A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-52967 MEDIUM PATCH This Month

gateway_proxy_handler in MLflow before 3.1.0 lacks gateway_path validation.

SSRF Mlflow AI / ML
NVD GitHub
CVSS 3.1
5.8
EPSS
0.1%
CVE-2021-47688 MEDIUM PATCH This Month

A security vulnerability in WhiteBeam 0.2.0 (CVSS 5.7). Remediation should follow standard vulnerability management procedures.

Authentication Bypass
NVD GitHub
CVSS 3.1
5.7
EPSS
0.0%
CVE-2025-52876 MEDIUM PATCH This Month

In JetBrains TeamCity before 2025.03.3 reflected XSS on the favoriteIcon page was possible

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.3%
CVE-2025-52875 MEDIUM PATCH This Month

In JetBrains TeamCity before 2025.03.3 a DOM-based XSS at the Performance Monitor page was possible

XSS Teamcity
NVD
CVSS 3.1
5.4
EPSS
0.2%
CVE-2025-6527 LOW POC Monitor

A security vulnerability in 70mai M300 (CVSS 3.1). Risk factors: public PoC available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.1%
CVE-2025-6526 LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-52938 MEDIUM This Month

Out-of-bounds Read vulnerability in dail8859 NotepadNext (src/lua/src modules). This vulnerability is associated with program files lparser.C. This issue affects NotepadNext: through v0.11. The singlevar() in lparser.c lacks a certain luaK_exp2anyregup call, leading to a heap-based buffer over-read that might affect a system that compiles untrusted Lua code.

Information Disclosure Buffer Overflow
NVD GitHub
CVSS 4.0
5.1
EPSS
0.0%
CVE-2025-52877 MEDIUM PATCH This Month

In JetBrains TeamCity before 2025.03.3 reflected XSS on diskUsageBuildsStats page was possible

XSS Teamcity
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2025-52879 MEDIUM PATCH This Month

In JetBrains TeamCity before 2025.03.3 reflected XSS in the NPM Registry integration was possible

XSS Node.js Teamcity
NVD
CVSS 3.1
4.8
EPSS
0.0%
CVE-2023-47298 MEDIUM This Month

An issue in NCR Terminal Handler 1.5.1 allows a low-level privileged authenticated attacker to query the SOAP API endpoint to obtain information about all of the users of the application including their usernames, roles, security groups and account statuses.

Information Disclosure Terminal Handler
NVD GitHub
CVSS 3.1
4.3
EPSS
0.1%
CVE-2024-3511 MEDIUM PATCH This Month

An incorrect authorization vulnerability exists in multiple WSO2 products that allows unauthorized access to versioned files stored in the registry. Due to flawed authorization logic, a malicious actor with access to the management console can exploit a specific bypass method to retrieve versioned files without proper authorization. Successful exploitation of this vulnerability could lead to unauthorized disclosure of configuration or resource files that may be stored as registry versions, potentially aiding further attacks or system reconnaissance.

Authentication Bypass Identity Server As Key Manager Open Banking Am Enterprise Integrator Identity Server +2
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-52878 MEDIUM PATCH This Month

In JetBrains TeamCity before 2025.03.3 usernames were exposed to the users without proper permissions

Authentication Bypass Teamcity
NVD
CVSS 3.1
4.3
EPSS
0.0%
CVE-2025-52969 LOW Monitor

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Rated low severity (CVSS 2.8). No vendor patch available.

Information Disclosure Ubuntu
NVD GitHub
CVSS 3.1
2.8
EPSS
1.0%
CVE-2025-4563 LOW PATCH Monitor

A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation.

Privilege Escalation Ubuntu Debian
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-52926 LOW PATCH Monitor

A security vulnerability in scan.rs in spytrap-adb (CVSS 2.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure Ubuntu Debian
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-52968 LOW PATCH Monitor

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin.

CSRF Ubuntu Debian
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-6525 LOW Monitor

A security vulnerability in 70mai 1S (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-6518 LOW Monitor

A security vulnerability in PySpur-Dev pyspur (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-52937 LOW PATCH Monitor

CVE-2025-52937 is a security vulnerability (CVSS 2.0). Remediation should follow standard vulnerability management procedures.

Information Disclosure Ubuntu Debian
NVD GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-6496 LOW PATCH Monitor

A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-6497 LOW PATCH Monitor

A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-6524 LOW Monitor

A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects an unknown part of the component Video Services. The manipulation leads to improper authentication. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-52542 Awaiting Data

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. No vendor patch available.

Information Disclosure
NVD
Prev Page 2 of 2

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy