Lucene search
K

10 matches found

RedhatCVE
RedhatCVE
added 2026/01/22 7:22 p.m.5 views

CVE-2025-68132

EVerest is an EV charging software stack. Prior to version 2025.12.0, ismessagecrccorrect in the DZGGSH01 powermeter SLIP parser reads vecvec.size-1 and vecvec.size-2 without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach ismessagecrccorrect with...

4.6CVSS5.6AI score0.00243EPSS
Exploits1References1
CVE
CVE
added 2026/01/21 6:28 p.m.14 views

CVE-2025-68132

CVE-2025-68132 affects EVerest EV charging software stack. The issue lies in the DZG_GSH01 powermeter SLIP parser, where is_message_crc_correct reads vec[vec.size()-1] and vec[vec.size()-2] without verifying that at least two bytes exist. Malformed SLIP frames on the serial link can reach this fu...

4.6CVSS5.6AI score0.00243EPSS
Exploits1References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/01/21 12:0 a.m.5 views

PT-2026-3844

EVerest is an EV charging software stack. Prior to version 2025.12.0, is message crc correct in the DZG GSH01 powermeter SLIP parser reads vecvec.size-1 and vecvec.size-2 without checking that at least two bytes are present. Malformed SLIP frames on the serial link can reach is message crc correc...

2.4CVSS5.6AI score0.00243EPSS
Exploits1References3
Positive Technologies
Positive Technologies
added 2025/12/30 12:0 a.m.5 views

PT-2025-54189

Discourse is an open source discussion platform. Prior to versions 3.5.3, 2025.11.1, and 2025.12.0, an attacker who knows part of a username can find the user and their full name via UI or API, even when enable names is disabled. Versions 3.5.3, 2025.11.1, and 2025.12.0 contain a fix...

6.3CVSS6.8AI score0.00242EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2025/12/16 11:55 p.m.4 views

CVE-2025-66402

Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue...

7.1CVSS6.8AI score0.00264EPSS
Exploits1References1
OSV
OSV
added 2025/12/15 11:9 p.m.5 views

CVE-2025-66402 misskey.js's export data contains private post data

Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue...

7.1CVSS6.7AI score0.00264EPSS
Exploits1References4
Cvelist
Cvelist
added 2025/12/15 11:9 p.m.29 views

CVE-2025-66402 misskey.js's export data contains private post data

Misskey is an open source, federated social media platform. Starting in version 13.0.0-beta.16 and prior to version 2025.12.0, an actor who does not have permission to view favorites or clips can can export the posts and view the contents. Version 2025.12.0 fixes the issue...

7.1CVSS0.00264EPSS
Exploits1References2
CVE
CVE
added 2025/12/15 11:9 p.m.14 views

CVE-2025-66402

Misskey CVE-2025-66402 affects versions 13.0.0-beta.16 through before 2025.12.0, where an actor without permission to view favorites or clips could export posts and view contents, exposing private data. Version 2025.12.0 fixes the issue. The vulnerability stems from the export functionality not e...

7.1CVSS6.4AI score0.00264EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2025/12/15 8:59 p.m.6 views

GHSA-WWRJ-3HVJ-PRPM Misskey has a login rate limit bypass via spoofed X-Forwarded-For header

Summary When using an untrusted reverse proxy or not using a reverse proxy at all, attackers can bypass IP rate limiting by adding a forged X-Forwarded-For header. Starting with version 2025.9.1, an option trustProxy has been added in config file to prevent this from happening. However, it is...

6.9CVSS6.8AI score0.00285EPSS
Exploits1References4
Positive Technologies
Positive Technologies
added 2025/12/15 12:0 a.m.7 views

PT-2025-51322

Name of the Vulnerable Software and Affected Versions Misskey versions 13.0.0-beta.16 through 2025.12.0 Description Misskey is a federated social media platform. Users without the necessary permissions to view favorites or clips could export posts and access their contents. Recommendations Update...

7.1CVSS6.4AI score0.00264EPSS
Exploits1References7
Rows per page
Query Builder