PT-2025-39870

CVE-2025-9648: HIGH Beware! CivetWeb library vulnerability CVE-2021-4582 can lead to DoS attacks. Attackers exploiting null byte in POST requests may exhaust CPU. Update to commit 782e189.cve,CVE-2025-9648,cybersecurity https://t.co/koJeq5FxM4 https://t.co/uZhbbft0GF...

CVE-2025-59838

Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been fixed in version 25.44.0...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the uclincludecommon function. An attacker can execute arbitrary code or cause a denial of service by supplying crafted input to this function. Remediation A fix was pushed into the master branch but not y...

GCVE-1-2025-0004

creationtimestamp| type| source ---|---|--- 2025-09-25 18:52:48+00:00| seen| https://social.circl.lu/users/cedric/statuses/115266444798808086 2025-09-25 20:05:27+00:00| patched| https://github.com/vulnerability-lookup/vulnerability-lookup/commit/afa12347f1461d9481eba75ac19897e80a9c7434...

CVE-2025-59838 Monkeytype Vulnerable to Self-XSS on loading saved custom text

Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been fixed in version 25.44.0...

CVE-2025-59834

ADB MCP Server is a MCP Model Context Protocol server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementatio...

CVE-2025-59839 Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes

The EmbedVideo Extension is a MediaWiki extension which adds a parser function called ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for...

CVE-2025-59839 Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes

The EmbedVideo Extension is a MediaWiki extension which adds a parser function called ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for...

CVE-2025-59834

CVE-2025-59834 affects the adb-mcp MCP Server. The vulnerability stems from constructing shell commands by concatenating untrusted input (notably the device parameter) in executeAdbCommand, enabling remote command injection via the MCP Server tool definitions (e.g., inspect_ui). The issue impacts...

CVE-2025-59834 Command Injection in adb-mcp MCP Server

ADB MCP Server is a MCP Model Context Protocol server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementatio...

CVE-2025-59834 Command Injection in adb-mcp MCP Server

ADB MCP Server is a MCP Model Context Protocol server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementatio...

CVE-2025-59834 Command Injection in adb-mcp MCP Server

ADB MCP Server is a MCP Model Context Protocol server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementatio...

PT-2025-39404

Name of the Vulnerable Software and Affected Versions Monkeytype versions prior to 25.36.0 Description Improper handling of user input when loading a saved custom text can lead to cross-site scripting XSS. Recommendations Update to a version later than 25.36.0...

PT-2025-44111

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to insufficient input validation in the NFC Near Field Communication subsystem. Specifically, the nci init req function had limited validation,...

CVE-2025-10774

A weakness has been identified in Ruijie 6000-E10 up to 2.4.3.6-20171117. This affects an unknown part of the file /view/vpn/autovpn/subcommit.php. This manipulation of the argument key causes os command injection. It is possible to initiate the attack remotely. The exploit has been made availabl...

PT-2025-39387

Name of the Vulnerable Software and Affected Versions EmbedVideo Extension versions prior to 4.0.0 Description The EmbedVideo Extension for MediaWiki, which includes a parser function called ev and parser tags for embedding video clips, contains a flaw. Versions 4.0.0 and earlier permit the...

PT-2025-39375

Name of the Vulnerable Software and Affected Versions ADB MCP Server versions 0.1.0 and prior Description ADB MCP Server, a Model Context Protocol server for interacting with Android devices through ADB, contains a flaw in its implementation. Versions 0.1.0 and earlier are susceptible to command...

CVE-2025-39878 ceph: fix crash after fscrypt_encrypt_pagecache_blocks() error

In the Linux kernel, the following vulnerability has been resolved: ceph: fix crash after fscryptencryptpagecacheblocks error The function movedirtyfolioinpagearray was created by commit ce80b76dd327 "ceph: introduce cephprocessfoliobatch method" by moving code from cephwritepagesstart to this...

PT-2025-38672

Name of the Vulnerable Software and Affected Versions Ruijie 6000-E10 versions through 2.4.3.6-20171117 Description A weakness exists in Ruijie 6000-E10. The issue affects an unknown part of the file /view/vpn/autovpn/sub commit.php. Manipulation of the key argument can lead to operating system...

Ruijie 6000-E10 操作系统命令注入漏洞

Ruijie 6000-E10 is an Internet behavior management and auditing device from China Ruijie Ruijie. An OS command injection vulnerability exists in Ruijie 6000-E10 2.4.3.6-20171117 and earlier versions, which originates from incorrect manipulation of the parameter key in the file...