Skip to main content
CVE-2025-6517 LOW POC Monitor

A vulnerability was found in Dromara MaxKey up to 4.1.7 and classified as critical. This issue affects the function Add of the file maxkey-webs\maxkey-web-mgt\src\main\java\org\dromara\maxkey\web\apps\contorller\SAML20DetailsController.java of the component Meta URL Handler. The manipulation of the argument post leads to server-side request forgery. The attack may be initiated remotely. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

SSRF Java
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6528 LOW POC Monitor

A vulnerability has been found in 70mai M300 up to 20250611 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /livestream/12 of the component RTSP Live Video Stream Endpoint. The manipulation leads to improper authentication. The attack needs to be done within the local network. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.1%
CVE-2025-6509 LOW POC Monitor

A vulnerability was found in seaswalker spring-analysis up to 4379cce848af96997a9d7ef91d594aa129be8d71. It has been declared as problematic. Affected by this vulnerability is the function echo of the file /src/main/java/controller/SimpleController.java. The manipulation of the argument Name leads to cross site scripting. The attack can be launched remotely. The exploit has been disclosed to the public and may be used. This product takes the approach of rolling releases to provide continious delivery. Therefore, version details for affected and updated releases are not available.

XSS Java
NVD GitHub VulDB
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-6516 LOW POC PATCH Monitor

A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5F_addr_decode_len of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to the public and may be used.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-6499 LOW POC Monitor

A vulnerability classified as problematic was found in vstakhov libucl up to 0.9.2. Affected by this vulnerability is the function ucl_parse_multiline_string of the file src/ucl_parser.c. The manipulation leads to heap-based buffer overflow. The attack needs to be approached locally. The exploit has been disclosed to the public and may be used.

Buffer Overflow
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-6498 LOW POC PATCH Monitor

A vulnerability classified as problematic has been found in HTACG tidy-html5 5.8.0. Affected is the function defaultAlloc of the file src/alloc.c. The manipulation leads to memory leak. It is possible to launch the attack on the local host. The exploit has been disclosed to the public and may be used.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-6527 LOW POC Monitor

A security vulnerability in 70mai M300 (CVSS 3.1). Risk factors: public PoC available.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.1%
CVE-2025-6526 LOW POC Monitor

A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the local network. The complexity of an attack is rather high. The exploitation is known to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%
CVE-2025-52969 LOW Monitor

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority. Rated low severity (CVSS 2.8). No vendor patch available.

Information Disclosure Ubuntu
NVD GitHub
CVSS 3.1
2.8
EPSS
1.0%
CVE-2025-4563 LOW PATCH Monitor

A vulnerability exists in the NodeRestriction admission controller where nodes can bypass dynamic resource allocation authorization checks. When the DynamicResourceAllocation feature gate is enabled, the controller properly validates resource claim statuses during pod status updates but fails to perform equivalent validation during pod creation. This allows a compromised node to create mirror pods that access unauthorized dynamic resources, potentially leading to privilege escalation.

Privilege Escalation Ubuntu Debian
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-52926 LOW PATCH Monitor

A security vulnerability in scan.rs in spytrap-adb (CVSS 2.7). Remediation should follow standard vulnerability management procedures.

Information Disclosure Ubuntu Debian
NVD GitHub
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-52968 LOW PATCH Monitor

xdg-open in xdg-utils through 1.2.1 can send requests containing SameSite=Strict cookies, which can facilitate CSRF. (For example, xdg-open could be modified to, by default, associate x-scheme-handler/https with the execution of a browser with command-line options that arrange for an empty cookie store, although this would add substantial complexity, and would not be considered a desirable or expected behavior by all users.) NOTE: this is disputed because integrations of xdg-open typically do not provide information about whether the xdg-open command and arguments were manually entered by a user, or whether they were the result of a navigation from content in an untrusted origin.

CSRF Ubuntu Debian
NVD
CVSS 3.1
2.7
EPSS
0.0%
CVE-2025-6525 LOW Monitor

A security vulnerability in 70mai 1S (CVSS 4.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-6518 LOW Monitor

A security vulnerability in PySpur-Dev pyspur (CVSS 6.3). Remediation should follow standard vulnerability management procedures.

Information Disclosure
NVD GitHub VulDB
CVSS 4.0
2.1
EPSS
0.0%
CVE-2025-52937 LOW PATCH Monitor

CVE-2025-52937 is a security vulnerability (CVSS 2.0). Remediation should follow standard vulnerability management procedures.

Information Disclosure Ubuntu Debian
NVD GitHub
CVSS 4.0
2.0
EPSS
0.0%
CVE-2025-6496 LOW PATCH Monitor

A vulnerability was found in HTACG tidy-html5 5.8.0. It has been declared as problematic. This vulnerability affects the function InsertNodeAsParent of the file src/parser.c. The manipulation leads to null pointer dereference. Local access is required to approach this attack. The exploit has been disclosed to the public and may be used.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-6497 LOW PATCH Monitor

A vulnerability was found in HTACG tidy-html5 5.8.0. It has been rated as problematic. This issue affects the function prvTidyParseNamespace of the file src/parser.c. The manipulation leads to reachable assertion. Attacking locally is a requirement. The exploit has been disclosed to the public and may be used.

Denial Of Service
NVD GitHub VulDB
CVSS 4.0
1.9
EPSS
0.0%
CVE-2025-6524 LOW Monitor

A vulnerability classified as problematic has been found in 70mai 1S up to 20250611. This affects an unknown part of the component Video Services. The manipulation leads to improper authentication. Access to the local network is required for this attack to succeed. The complexity of an attack is rather high. The exploitability is told to be difficult. The exploit has been disclosed to the public and may be used. The vendor was contacted early about this disclosure but did not respond in any way.

Authentication Bypass
NVD GitHub VulDB
CVSS 4.0
1.3
EPSS
0.0%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy