SUSE CVE-2025-9648

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

CVE-2025-61584

serverless-dns (versions up to 0.1.30) contains a vulnerability in the pr.yml GitHub Action where unsafe input (github.event.pull_request.head.repo.clone_url and github.head_ref) is interpolated into a command executed by the runner. Because the action uses the pull_request_target trigger, it run...

PT-2025-39926

Name of the Vulnerable Software and Affected Versions serverless-dns versions through 0.1.30 Description serverless-dns is a RethinkDNS resolver that deploys to various platforms including Cloudflare Workers, Deno Deploy, Fastly, and Fly.io. A flaw exists where the pr.yml GitHub Action interpolat...

Linux Distros Unpatched Vulnerability : CVE-2025-9648

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a...

CVE-2025-9232

Issue summary: An application using the OpenSSL HTTP client API functions may trigger an out-of-bounds read if the 'noproxy' environment variable is set and the host portion of the authority component of the HTTP URL is an IPv6 address. Impact summary: An out-of-bounds read can trigger a crash...

CVE-2025-9648

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

UBUNTU-CVE-2025-9648

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

CVE-2025-9648 Denial of Service in CivetWeb

A vulnerability in the CivetWeb library's function mghandleformrequest allows remote attackers to trigger a denial of service DoS condition. By sending a specially crafted HTTP POST request containing a null byte in the payload, the server enters an infinite loop during form data parsing. Multipl...

PT-2025-39825

Name of the Vulnerable Software and Affected Versions CivetWeb versions prior to 1.08 Description A flaw in the mg handle form request function within the CivetWeb library can be exploited to cause a denial of service DoS condition. Sending a specially crafted HTTP POST request with a null byte i...

PT-2025-39870

CVE-2025-9648: HIGH Beware! CivetWeb library vulnerability CVE-2021-4582 can lead to DoS attacks. Attackers exploiting null byte in POST requests may exhaust CPU. Update to commit 782e189.cve,CVE-2025-9648,cybersecurity https://t.co/koJeq5FxM4 https://t.co/uZhbbft0GF...

CVE-2025-59838

Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been fixed in version 25.44.0...

Heap-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Heap-based Buffer Overflow via the uclincludecommon function. An attacker can execute arbitrary code or cause a denial of service by supplying crafted input to this function. Remediation A fix was pushed into the master branch but not y...

GCVE-1-2025-0004

creationtimestamp| type| source ---|---|--- 2025-09-25 18:52:48+00:00| seen| https://social.circl.lu/users/cedric/statuses/115266444798808086 2025-09-25 20:05:27+00:00| patched| https://github.com/vulnerability-lookup/vulnerability-lookup/commit/afa12347f1461d9481eba75ac19897e80a9c7434...

CVE-2025-59838 Monkeytype Vulnerable to Self-XSS on loading saved custom text

Monkeytype is a minimalistic and customizable typing test. In versions 25.36.0 and prior, improper handling of user input when loading a saved custom text results in XSS. This issue has been fixed in version 25.44.0...

CVE-2025-59834

ADB MCP Server is a MCP Model Context Protocol server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementatio...

CVE-2025-59839 Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes

The EmbedVideo Extension is a MediaWiki extension which adds a parser function called ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for...

CVE-2025-59839 Star Citizen EmbedVideo Extension Stored XSS through wikitext caused by usage of non-reserved data attributes

The EmbedVideo Extension is a MediaWiki extension which adds a parser function called ev and various parser tags for embedding video clips from various video sharing services. In versions 4.0.0 and prior, the EmbedVideo extension allows adding arbitrary attributes to an HTML element, allowing for...

CVE-2025-59834 Command Injection in adb-mcp MCP Server

ADB MCP Server is a MCP Model Context Protocol server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementatio...

CVE-2025-59834

CVE-2025-59834 affects the adb-mcp MCP Server. The vulnerability stems from constructing shell commands by concatenating untrusted input (notably the device parameter) in executeAdbCommand, enabling remote command injection via the MCP Server tool definitions (e.g., inspect_ui). The issue impacts...

CVE-2025-59834 Command Injection in adb-mcp MCP Server

ADB MCP Server is a MCP Model Context Protocol server for interacting with Android devices through ADB. In versions 0.1.0 and prior, the MCP Server is written in a way that is vulnerable to command injection vulnerability attacks as part of some of its MCP Server tool definition and implementatio...