CVE-2024-52912 - Bitcoin Core before 0.21.0 allows a network split that is resultant from an integer overflow (calculating the time offset for newly connecting peers) and an abs64 logic bug.
Published: November 17, 2024; 11:15:04 PM -0500

CVE-2025-46237 - Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in Yannick Lefebvre Link Library allows Stored XSS. This issue affects Link Library: from n/a through 7.8.
Published: April 22, 2025; 6:15:17 AM -0400

V3.1: 5.4 MEDIUM

CVE-2025-32796 - Dify is an open-source LLM app development platform. Prior to version 0.6.12, a vulnerability was identified in the DIFY where normal users can enable or disable apps through the API, even though the web UI button for this action is disabled and n... read CVE-2025-32796
Published: April 18, 2025; 12:15:23 PM -0400

V3.1: 6.5 MEDIUM

CVE-2025-45428 - In Tenda ac9 v1.0 with firmware V15.03.05.14_multi, the rebootTime parameter of /goform/SetSysAutoRebbotCfg has a stack overflow vulnerability, which can lead to remote arbitrary code execution.
Published: April 23, 2025; 11:16:00 AM -0400

CVE-2025-32021 - Weblate is a web based localization tool. Prior to version 5.11, when creating a new component from an existing component that has a source code repository URL specified in settings, this URL is included in the client's URL parameters during the c... read CVE-2025-32021
Published: April 15, 2025; 5:16:04 PM -0400

V3.1: 7.5 HIGH

CVE-2025-32968 - XWiki is a generic wiki platform. In versions starting from 1.6-milestone-1 to before 15.10.16, 16.4.6, and 16.10.1, it is possible for a user with SCRIPT right to escape from the HQL execution context and perform a blind SQL injection to execute ... read CVE-2025-32968
Published: April 23, 2025; 12:15:47 PM -0400

V3.1: 8.8 HIGH

CVE-2025-31117 - OpenEMR is a free and open source electronic health records and medical practice management application. An Out-of-Band Server-Side Request Forgery (OOB SSRF) vulnerability was identified in OpenEMR, allowing an attacker to force the server to mak... read CVE-2025-31117
Published: March 31, 2025; 1:15:42 PM -0400

V3.1: 7.5 HIGH

CVE-2025-30149 - OpenEMR is a free and open source electronic health records and medical practice management application. OpenEMR allows reflected cross-site scripting (XSS) in the AJAX Script interface\super\layout_listitems_ajax.php via the target parameter. Thi... read CVE-2025-30149
Published: March 31, 2025; 12:15:25 PM -0400

V3.1: 4.6 MEDIUM

CVE-2025-29911 - CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A critical heap ... read CVE-2025-29911
Published: March 17, 2025; 7:15:18 PM -0400

V3.1: 9.8 CRITICAL

CVE-2025-29910 - CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. A memory leak vu... read CVE-2025-29910
Published: March 17, 2025; 6:15:14 PM -0400

V3.1: 7.5 HIGH

CVE-2025-29909 - CryptoLib provides a software-only solution using the CCSDS Space Data Link Security Protocol - Extended Procedures (SDLS-EP) to secure communications between a spacecraft running the core Flight System (cFS) and a ground station. In versions 1.3.... read CVE-2025-29909
Published: March 17, 2025; 6:15:14 PM -0400

V3.1: 9.8 CRITICAL

CVE-2024-55662 - XWiki Platform is a generic wiki platform. Starting in version 3.3-milestone-1 and prior to versions 15.10.9 and 16.3.0, on instances where `Extension Repository Application` is installed, any user can execute any code requiring `programming` righ... read CVE-2024-55662
Published: December 12, 2024; 1:15:27 PM -0500

V3.1: 8.8 HIGH

CVE-2024-55876 - XWiki Platform is a generic wiki platform. Starting in version 1.2-milestone-2 and prior to versions 15.10.9 and 16.3.0, any user with an account on the main wiki could run scheduling operations on subwikis. To reproduce, as a user on the main wik... read CVE-2024-55876
Published: December 12, 2024; 2:15:14 PM -0500

V3.1: 5.4 MEDIUM

CVE-2024-55877 - XWiki Platform is a generic wiki platform. Starting in version 9.7-rc-1 and prior to versions 15.10.11, 16.4.1, and 16.5.0, any user with an account can perform arbitrary remote code execution by adding instances of `XWiki.WikiMacroClass` to any p... read CVE-2024-55877
Published: December 12, 2024; 3:15:21 PM -0500

V3.1: 8.8 HIGH

CVE-2024-55879 - XWiki Platform is a generic wiki platform. Starting in version 2.3 and prior to versions 15.10.9, 16.3.0, any user with script rights can perform arbitrary remote code execution by adding instances of `XWiki.ConfigurableClass` to any page. This co... read CVE-2024-55879
Published: December 12, 2024; 3:15:21 PM -0500

V3.1: 8.8 HIGH

CVE-2025-29924 - XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, it's possible for an user to get access to private information through the REST API - but could also be through another API - when a sub wiki is using "Prevent... read CVE-2025-29924
Published: March 19, 2025; 2:15:25 PM -0400

V3.1: 7.5 HIGH

CVE-2025-29925 - XWiki Platform is a generic wiki platform. Prior to 15.10.14, 16.4.6, and 16.10.0-rc-1, protected pages are listed when requesting the REST endpoints /rest/wikis/[wikiName]/pages even if the user doesn't have view rights on them. It's particularly... read CVE-2025-29925
Published: March 19, 2025; 2:15:25 PM -0400

V3.1: 5.3 MEDIUM

CVE-2025-32783 - XWiki Platform is a generic wiki platform. A vulnerability in versions from 5.0 to 16.7.1 affects users with Message Stream enabled and a wiki configured as closed from selecting "Prevent unregistered users to view pages" in the Administrations Ri... read CVE-2025-32783
Published: April 16, 2025; 6:15:14 PM -0400

V3.1: 4.3 MEDIUM

CVE-2025-32969 - XWiki is a generic wiki platform. In versions starting from 1.8 and prior to 15.10.16, 16.4.6, and 16.10.1, it is possible for a remote unauthenticated user to escape from the HQL execution context and perform a blind SQL injection to execute arbi... read CVE-2025-32969
Published: April 23, 2025; 12:15:47 PM -0400

V3.1: 9.8 CRITICAL

CVE-2025-45429 - In the Tenda ac9 v1.0 router with firmware V15.03.05.14_multi, there is a stack overflow vulnerability in /goform/WifiWpsStart, which may lead to remote arbitrary code execution.
Published: April 23, 2025; 12:15:48 PM -0400