Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.8 CVE-2025-59340

jinjava Sandbox Bypass via JavaType-Based Deserialization_CVE-2025-59340

jinjava is a Java-based template engine based on django template syntax, adapted to render jinja templates. Priori to 2.8.1, by using mapper.getTyp...

HubSpot jinjava < 2.8.1 CVE
CRITICAL 10 AVLEONOV:CFB7C0...

About Remote Code Execution – SAP NetWeaver (CVE-2025-31324, CVE-2025-42999) vulnerability_AVLEONOV:CFB7C0CF107064B6D5BAC40E9F959DBE

![About Remote Code Execution - SAP NetWeaver \(CVE-2025-31324, CVE-2025-42999\) vulnerability](https://avleonov.com/wp-content/uploads/2025/09/pho...

N/A N/A AVLEONOV
CRITICAL 9.8 CVE-2025-59304

CVE-2025-59304_CVE-2025-59304

A directory traversal issue in Swetrix Web Analytics API 3.1.1 before 7d8b972 allows a remote attacker to achieve Remote Code Execution via a craft...

n/a n/a n/a CVE
CRITICAL 9.1 CVE-2025-58766

Dyad Vulnerable to Remote Code Execution via Top-level Navigation in Preview Window_CVE-2025-58766

Dyad is a local AI app builder. A critical security vulnerability has been discovered that affected Dyad v0.19.0 and earlier versions that allows a...

dyad-sh dyad < 0.20.0 CVE
CRITICAL 9.8 CVE-2025-46408

CVE-2025-46408_CVE-2025-46408

An issue was discovered in the methods push.lite.avtech.com.AvtechLib.GetHttpsResponse and push.lite.avtech.com.Push_HttpService.getNewHttpClient i...

n/a n/a n/a CVE
CRITICAL 9.8 CVE-2025-57119

CVE-2025-57119_CVE-2025-57119

An issue in Online Library Management System v.3.0 allows an attacker to escalate privileges via the adminlogin.php component and the Login function

n/a n/a n/a CVE
CRITICAL 9.1 CVE-2025-56557

CVE-2025-56557_CVE-2025-56557

An issue discovered in the Tuya Smart Life App 5.6.1 allows attackers to unprivileged control Matter devices via the Matter protocol.

n/a n/a n/a CVE
CRITICAL 9.8 CVE-2025-57631

CVE-2025-57631_CVE-2025-57631

SQL Injection vulnerability in TDuckCloud v.5.1 allows a remote attacker to execute arbitrary code via the Add a file upload module

n/a n/a n/a CVE
CRITICAL 9.1 CVE-2025-54391

CVE-2025-54391_CVE-2025-54391

A vulnerability in the EnableTwoFactorAuthRequest SOAP endpoint of Zimbra Collaboration (ZCS) allows an attacker with valid user credentials to byp...

n/a n/a n/a CVE
CRITICAL 9.4 CVE-2025-10205

Predictable Salt and Weak Hashing Algorithm_CVE-2025-10205

Use of a One-Way Hash with a Predictable Salt vulnerability in ABB FLXEON.This issue affects FLXEON: through 9.3.5. and newer versions

ABB FLXEON CVE