Filter and search through 197,255 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2025-55449 | ### Summary AstrBot uses a hard-coded JWT signing key, allowing attackers to execute arbitrary commands by installing a malicious plugin. ### Details... | 0.0 | 0 | Neutral | Yes |
| Yes |
| CVE-2025-55349 | No description available | 0.0 | 0 | Neutral | Yes | No |
| CVE-2025-55300 | Komari is a lightweight, self-hosted server monitoring tool designed to provide a simple and efficient solution for monitoring server performance. Pri... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-55286 | z2d is a pure Zig 2D graphics library. z2d v0.7.0 released with a new multi-sample anti-aliasing (MSAA) method, which uses a new buffering mechanism f... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-55280 | This vulnerability exists in ZKTeco WL20 due to storage of Wi-Fi credentials, configuration data and system data in plaintext within the device firmwa... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-55279 | This vulnerability exists in ZKTeco WL20 due to hard-coded private key stored in plaintext within the device firmware. An attacker with physical acces... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-55214 | ### Impact Copier suggests that it's safe to generate a project from a safe template, i.e. one that doesn't use [unsafe](https://copier.readthedocs.i... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-55209 | contactmanager is a module for FreePBX@, which is an open source GUI that controls and manages Asterisk© (PBX). In versions 15.0.14 and below, 16.0.0 ... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-55207 | ### Summary Following https://github.com/withastro/astro/security/advisories/GHSA-cq8c-xv66-36gw, there's still an Open Redirect vulnerability in a s... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-55201 | ### Impact Copier's current security model shall restrict filesystem access through Jinja: - Files can only be read using `{% include ... %}`, which... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-55196 | ## Summary A vulnerability was discovered in the External Secrets Operator where the `List()` calls for Kubernetes Secret and SecretStore resources pe... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-55193 | This vulnerability has been assigned the CVE identifier CVE-2025-55193 ### Impact The ID passed to `find` or similar methods may be logged without es... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-55192 | HomeAssistant-Tapo-Control offers Control for Tapo cameras as a Home Assistant component. Prior to commit 2a3b80f, there is a code injection vulnerabi... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-55166 | #### Problem The sanitization logic at https://github.com/darylldoyle/svg-sanitizer/blob/0.21.0/src/Sanitizer.php#L454-L481 only searches for lower-c... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-55164 | ### Impact A prototype pollution vulnerability exists in versions 0.5.0 and earlier, wherein if you provide a policy name called `__proto__` you can o... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-55159 | ### Impact The `get_disjoint_mut` method in slab v0.4.10 incorrectly checked if indices were within the slab's capacity instead of its length, allowi... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-55156 | ### Summary The parameter `add_links` in the API /json/add_package is vulnerable to SQL Injection. SQL injection vulnerabilities can lead to sensitive... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-55153 | Rejected reason: This CVE is a duplicate of another CVE. | 0.0 | 0 | Neutral | No | No |
| CVE-2025-55149 | ## Description A critical path traversal vulnerability (CWE-22) has been identified in the `review_paper` function in `backend/app.py`. The vulnerabil... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-55131 | A flaw in Node.js's buffer allocation logic can expose uninitialized memory when allocations are interrupted, when using the `vm` module with the time... | 0.0 | 0 | Neutral | No | Yes |