CVSS Score: 6.5 Published: 2024-08-14 Full Report: https://cvereports.com/reports/CVE-2024-43368
A logic flaw in Trix Editor's attachment handling allowed attackers to bypass XSS protections by simply mislabeling the content type of malicious payloads.
CVSS Score: 8.8 Published: 2025-11-20 Full Report: https://cvereports.com/reports/CVE-2025-36072
An authenticated Remote Code Execution (RCE) vulnerability in IBM webMethods Integration caused by unsafe deserialization of object graphs.
CVSS Score: 7.5 Published: 2025-12-31 Full Report: https://cvereports.com/reports/CVE-2025-69256
The Serverless Framework's experimental Model Context Protocol (MCP) server contained a critical command injection vulnerability. By failing to sanitize directory paths passed to a shell command, the tool allowed attackers—or confused LLMs—to execute arbitrary system commands.
CVSS Score: 8.7 Published: 2025-12-19 Full Report: https://cvereports.com/reports/CVE-2025-14847
A critical, unauthenticated heap memory disclosure vulnerability in MongoDB's wire protocol handling allows attackers to bleed secrets—including passwords and AWS keys—directly from server memory.
CVSS Score: 6.7 Published: 2025-01-27 Full Report: https://cvereports.com/reports/CVE-2024-12345
An analysis of the peculiar 'INW Krbyyyzo' vulnerability, a likely placeholder or 'canary' entry designed to track scraping behavior, disguised as a classic ASP.NET resource exhaustion flaw.
CVSS Score: 4.0 Published: 2025-12-31 Full Report: https://cvereports.com/reports/CVE-2025-68131
A logic flaw in the popular Python cbor2 library allows sensitive data from one decoding session to persist and bleed into subsequent sessions due to improper state management of the 'Value Sharing' feature.
CVSS Score: 9.1 Published: 2025-08-09 Full Report: https://cvereports.com/reports/CVE-2025-54997
OpenBao and HashiCorp Vault, the literal Fort Knoxes of the DevOps world, suffered a catastrophic logic flaw in their audit subsystems. By abusing the ability to configure audit devices via API, privileged attackers could trick the system into writing malicious code directly to the host filesystem.
CVSS Score: 9.8 Published: 2025-07-28 Full Report: https://cvereports.com/reports/CVE-2025-54418
A critical OS Command Injection vulnerability in CodeIgniter 4's ImageMagick handler allows unauthenticated attackers to achieve Remote Code Execution (RCE) via malicious filenames or text overlays.
CVSS Score: 6.7 Published: 2025-12-30 Full Report: https://cvereports.com/reports/CVE-2025-69257
A classic Local Privilege Escalation (LPE) in the 'theshit' command correction utility, allowing unprivileged users to execute arbitrary Python code as root due to unsafe loading of user configuration files.
CVSS Score: 7.2 Published: 2025-08-01 Full Report: https://cvereports.com/reports/CVE-2025-6000
A critical privilege escalation vulnerability in HashiCorp Vault allows privileged operators to achieve Remote Code Execution (RCE) on the host system. By abusing the File Audit Device and Plugin System, an attacker can write executable audit logs to the plugin directory and execute them.
