Total
12 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2025-54584 | 1 Finos | 1 Gitproxy | 2025-08-01 | N/A | 5.7 MEDIUM |
| GitProxy is an application that stands between developers and a Git remote endpoint (e.g., github.com). In versions 1.19.1 and below, an attacker can craft a malicious Git packfile to exploit the PACK signature detection in the parsePush.ts file. By embedding a misleading PACK signature within commit content and carefully constructing the packet structure, the attacker can trick the parser into treating invalid or unintended data as the packfile. Potentially, this would allow bypassing approval or hiding commits. This issue is fixed in version 1.19.2. | |||||
| CVE-2024-12388 | 1 Binary-husky | 1 Gpt Academic | 2025-07-31 | N/A | 6.5 MEDIUM |
| A vulnerability in binary-husky/gpt_academic version 310122f allows for a Regular Expression Denial of Service (ReDoS) attack. The application uses a regular expression to parse user input, which can take polynomial time to match certain crafted inputs. This allows an attacker to send a small malicious payload to the server, causing it to become unresponsive and unable to handle any requests from other users. | |||||
| CVE-2025-25069 | 1 Apache | 1 Kvrocks | 2025-07-16 | N/A | 6.5 MEDIUM |
| A Cross-Protocol Scripting vulnerability is found in Apache Kvrocks. Since Kvrocks didn't detect if "Host:" or "POST" appears in RESP requests, a valid HTTP request can also be sent to Kvrocks as a valid RESP request and trigger some database operations, which can be dangerous when it is chained with SSRF. It is similiar to CVE-2016-10517 in Redis. This issue affects Apache Kvrocks: from the initial version to the latest version 2.11.0. Users are recommended to upgrade to version 2.11.1, which fixes the issue. | |||||
| CVE-2024-11169 | 1 Librechat | 1 Librechat | 2025-07-15 | N/A | 7.5 HIGH |
| An unhandled exception in danny-avila/librechat version 3c94ff2 can lead to a server crash. The issue occurs when the fs module throws an exception while handling file uploads. An unauthenticated user can trigger this exception by sending a specially crafted request, causing the server to crash. The vulnerability is fixed in version 0.7.6. | |||||
| CVE-2025-5826 | 2025-06-26 | N/A | 6.3 MEDIUM | ||
| Autel MaxiCharger AC Wallbox Commercial ble_process_esp32_msg Misinterpretation of Input Vulnerability. This vulnerability allows network-adjacent attackers to inject arbitrary AT commands on affected installations of Autel MaxiCharger AC Wallbox Commercial charging stations. Authentication is not required to exploit this vulnerability. The specific flaw exists within the ble_process_esp32_msg function. The issue results from misinterpretation of input data. An attacker can leverage this vulnerability to execute AT commands in the context of the device. Was ZDI-CAN-26368. | |||||
| CVE-2025-5747 | 2025-06-09 | N/A | 8.0 HIGH | ||
| WOLFBOX Level 2 EV Charger MCU Command Parsing Misinterpretation of Input Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installatons of WOLFBOX Level 2 EV Charger devices. Authentication is required to exploit this vulnerability. The specific flaw exists within the handling of command frames received by the MCU. When parsing frames, the process does not properly detect the start of a frame, which can lead to misinterpretation of input. An attacker can leverage this in conjunction with other vulnerabilities to execute arbitrary code in the context of the device. Was ZDI-CAN-26501. | |||||
| CVE-2025-32908 | 2025-05-13 | N/A | 7.5 HIGH | ||
| A flaw was found in libsoup. The HTTP/2 server in libsoup may not fully validate the values of pseudo-headers :scheme, :authority, and :path, which may allow a user to cause a denial of service (DoS). | |||||
| CVE-2025-22870 | 2025-05-09 | N/A | 4.4 MEDIUM | ||
| Matching of hosts against proxy patterns can improperly treat an IPv6 zone ID as a hostname component. For example, when the NO_PROXY environment variable is set to "*.example.com", a request to "[::1%25.example.com]:80` will incorrectly match and not be proxied. | |||||
| CVE-2023-0880 | 1 Phpmyfaq | 1 Phpmyfaq | 2024-11-21 | N/A | 8.3 HIGH |
| Misinterpretation of Input in GitHub repository thorsten/phpmyfaq prior to 3.1.11. | |||||
| CVE-2022-3224 | 1 Parse-url Project | 1 Parse-url | 2024-11-21 | N/A | 6.1 MEDIUM |
| Misinterpretation of Input in GitHub repository ionicabizau/parse-url prior to 8.1.0. | |||||
| CVE-2021-21366 | 2 Debian, Xmldom Project | 2 Debian Linux, Xmldom | 2024-11-21 | 4.3 MEDIUM | 4.3 MEDIUM |
| xmldom is a pure JavaScript W3C standard-based (XML DOM Level 2 Core) DOMParser and XMLSerializer module. xmldom versions 0.4.0 and older do not correctly preserve system identifiers, FPIs or namespaces when repeatedly parsing and serializing maliciously crafted documents. This may lead to unexpected syntactic changes during XML processing in some downstream applications. This is fixed in version 0.5.0. As a workaround downstream applications can validate the input and reject the maliciously crafted documents. | |||||
| CVE-2020-27846 | 4 Fedoraproject, Grafana, Redhat and 1 more | 6 Fedora, Grafana, Enterprise Linux and 3 more | 2024-11-21 | 10.0 HIGH | 9.8 CRITICAL |
| A signature verification vulnerability exists in crewjam/saml. This flaw allows an attacker to bypass SAML Authentication. The highest threat from this vulnerability is to confidentiality, integrity, as well as system availability. | |||||