CVE-2025-53004 Dataease Redshift Data Source JDBC Connection Parameters Bypass Vulnerability

DataEase is an open source business intelligence and data visualization tool. Prior to version 2.10.11, there is a bypass vulnerability in Dataease's Redshift Data Source JDBC Connection Parameters. The sslfactory and sslfactoryarg parameters could trigger a bypass vulnerability. This issue has...

CVE-2025-52904

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0 of the web application, all users have a scope assigned, and they only have access to the files within that scope. The Command...

CVE-2025-52904 File Browser: Command Execution not Limited to Scope

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0 of the web application, all users have a scope assigned, and they only have access to the files within that scope. The Command...

CVE-2025-52904 File Browser: Command Execution not Limited to Scope

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0 of the web application, all users have a scope assigned, and they only have access to the files within that scope. The Command...

CVE-2025-52903 File Browser Allows Execution of Shell Commands That Can Spawn Other Commands

File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. In version 2.32.0, the Command Execution feature of File Browser only allows the execution of shell command which have been predefined on a...

CVE-2025-52903

CVE-2025-52903 affects the open-source web file browser project File Browser (filebrowser/filebrowser), specifically version 2.32.0. The issue stems from the Command Execution feature, which is intended to run only predefined shell commands, but can be exploited to run arbitrary subcommands, effe...

CVE-2025-52570

Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections TCP, UDP and Unix socket for the services letmeind and letmeinfwd. Therefore, the command line option...

CVE-2024-56731

Summary: Gogs (self-hosted Git service) contains a remote command execution flaw tied to the .git directory. Prior to version 0.13.3, an insufficient patch for CVE-2024-39931 allowed unprivileged users to delete files inside .git and run arbitrary commands with RUN_USER privileges, enabling acces...

CVE-2025-52566 llama.cpp tokenizer signed vs. unsigned heap overflow

llama.cpp is an inference of several LLM models in C/C++. Prior to version b5721, there is a signed vs. unsigned integer overflow in llama.cpp's tokenizer implementation llamavocab::tokenize src/llama-vocab.cpp:3036 resulting in unintended behavior in tokens copying size comparison. Allowing...

CVE-2025-52570

CVE-2025-52570 affects the Letmein port-knock implementation. Before version 10.2.1, the connection limiter is implemented incorrectly, allowing an arbitrary number of simultaneous incoming connections (TCP, UDP, and Unix socket) for the services letmeind and letmeinfwd. The num-connections optio...

CVE-2025-52570 Letmein connection limiter allows an arbitrary amount of simultaneous connections

Letmein is an authenticating port knocker. Prior to version 10.2.1, The connection limiter is implemented incorrectly. It allows an arbitrary amount of simultaneously incoming connections TCP, UDP and Unix socket for the services letmeind and letmeinfwd. Therefore, the command line option...

CVE-2025-52558 ChangeDetection.io XSS in watch overview

changedetection.io is a free open source web page change detection, website watcher, restock monitor and notification service. Prior to version 0.50.4, errors in filters from website page change detection watches were not being filtered resulting in a cross-site scripting XSS vulnerability. This...

CVE-2025-52552

FastGPT is an AI Agent building platform. Prior to version 4.9.12, the LastRoute Parameter on login page is vulnerable to open redirect and DOM-based XSS. Improper validation and lack of sanitization of this parameter allows attackers execute malicious JavaScript or redirect them to...

CVE-2025-6466 ageerle ruoyi-ai SseServiceImpl.java upload unrestricted upload

A vulnerability was found in ageerle ruoyi-ai 2.0.0 and classified as critical. Affected by this issue is the function speechToTextTranscriptionsV2/upload of the file ruoyi-modules/ruoyi-system/src/main/java/org/ruoyi/system/service/impl/SseServiceImpl.java. The manipulation of the argument File...

CVE-2025-50181

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

CVE-2025-50181 urllib3 redirects are not disabled when retries are disabled on PoolManager instantiation

urllib3 is a user-friendly HTTP client library for Python. Prior to 2.5.0, it is possible to disable redirects for all requests by instantiating a PoolManager and specifying retries in a way that disable redirects. By default, requests and botocore users are not affected. An application attemptin...

CVE-2025-49590

CryptPad (before version 2025.3.0) is affected by a Dom-Based XSS via the Link Bouncer feature, where an early-allow code path executes before the URI protocol is checked, allowing a maliciously crafted javascript: URI to bypass filtering. The issue has been patched in 2025.3.0. Affected componen...

CVE-2025-4821

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

CVE-2025-4820 Incorrect congestion window growth by optimistic ACK

Impact Cloudflare quiche was discovered to be vulnerable to incorrect congestion window growth, which could cause it to send data at a rate faster than the path might actually support. An unauthenticated remote attacker can exploit the vulnerability by first completing a handshake and initiating ...

CVE-2025-47951 Weblate lacks rate limiting when verifying second factor

Weblate is a web based localization tool. Prior to version 5.12, the verification of the second factor was not subject to rate limiting. The absence of rate limiting on the second factor endpoint allows an attacker with valid credentials to automate OTP guessing. This issue has been patched in...