vityuasd/VulList

Releases0

CVE History

CVE	Published	CVSS v3	CVSS v2
CVE-2025-60540 ↗	Oct 14, 2025Tuesday, 14 October 2025, 20:15	6.5 MEDIUM	—
karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF).
CVE-2025-60536 ↗	Oct 14, 2025Tuesday, 14 October 2025, 18:15	7.5 HIGH	—
An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service (DoS) via uploading a crafted configuration file.
CVE-2025-60537 ↗	Oct 14, 2025Tuesday, 14 October 2025, 18:15	6.5 MEDIUM	—
Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data.
CVE-2025-60535 ↗	Oct 14, 2025Tuesday, 14 October 2025, 17:16	7.3 HIGH	—
A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET request.
CVE-2025-55524 ↗	Aug 21, 2025Thursday, 21 August 2025, 18:15	7.3 HIGH	—
Insecure permissions in Agent-Zero v0.8.* allow attackers to arbitrarily reset the system via unspecified vectors.
CVE-2025-55521 ↗	Aug 21, 2025Thursday, 21 August 2025, 17:15	6.5 MEDIUM	—
An issue in the component /settings/localisation of Akaunting v3.1.18 allows authenticated attackers to cause a Denial of Service (DoS) via a crafted POST request.
CVE-2025-55522 ↗	Aug 21, 2025Thursday, 21 August 2025, 17:15	6.5 MEDIUM	—
Cross-site scripting (XSS) vulnerability in the component /common/reports of Akaunting v3.1.18 allows attackers to execute arbitrary web scripts or HTML via injecting a crafted payload into the name parameter.