CVE-2025-54955

OpenNebula Community Edition CE before 7.0.0 and Enterprise Edition EE before 6.10.3 have a critical FireEdge race condition that can lead to full account takeover. By exploiting this, an unauthenticated attacker can obtain a valid JSON Web Token JWT belonging to a legitimate user without knowled...

CVE-2023-37266

CasaOS is an open-source Personal Cloud system. Unauthenticated attackers can craft arbitrary JWTs and access features that usually require authentication and execute arbitrary commands as root on CasaOS instances. This problem was addressed by improving the validation of JWTs in commit 705bf1f...

CVE-2024-11173 Unhandled Exception in danny-avila/librechat

An unhandled exception in the danny-avila/librechat repository, version git 600d217, can cause the server to crash, leading to a full denial of service. This issue occurs when certain API endpoints receive malformed input, resulting in an uncaught exception. Although a valid JWT is required to...

ONLYOFFICE Document Server Path Traversal Vulnerability

Ascensio System ONLYOFFICE Document Server is an online office collaboration suite from Ascensio System, Latvia. The product supports viewing and editing of text, spreadsheets and presentations, among others. A path traversal vulnerability exists in ONLYOFFICE Document Server, which stems from th...