Recent Advisories

Severity ID Title Vendor Product Date Type
CRITICAL 9.8 6526EB29-075D-

Exploit for Authentication Bypass by Primary Weakness in Crushftp_6526EB29-075D-54A5-A2BB-240329A5B7F0

CVE-2025-31161 - CrushFTP Authentication Bypass Exploit PoC CVE-2025-31161 - Authentication Bypass CrushFTP 📌...

N/A N/A GITHUBEXPLOIT
CRITICAL 9.3 CVE-2025-59039

Prebid Universal Creative on npm briefly compromised_CVE-2025-59039

Prebid Universal Creative (PUC) is a JavaScript API to render multiple formats. Npm users of PUC 1.17.3 or PUC latest were briefly affected by cryp...

prebid prebid-universal-creative = 1.17.3 CVE
CRITICAL 9.8 CVE-2025-59046

interactive-git-checkout has Command Injection vulnerability_CVE-2025-59046

The npm package `interactive-git-checkout` is an interactive command-line tool that allows users to checkout a git branch while it prompts for the ...

ninofiliu interactive-git-checkout <= 1.1.4 CVE
CRITICAL 9.8 CVE-2025-58447

rAthena has heap-based buffer overflow in login server_CVE-2025-58447

rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 2f5248b have a he...

rathena rathena < 2f5248b CVE
CRITICAL 9.1 CVE-2025-58448

rAthena has SQL Injection in PartyBooking component via `WorldName` parameter._CVE-2025-58448

rAthena is an open-source cross-platform massively multiplayer online role playing game (MMORPG) server. Versions prior to commit 0d89ae0 have a SQ...

rathena rathena < 0d89ae0 CVE
CRITICAL 9.7 CVE-2025-58768

DeepChat’s Mermaid rendering has XSS leading to RCE_CVE-2025-58768

DeepChat is a smart assistant uses artificial intelligence. Prior to version 0.3.5, in the Mermaid chart rendering component, there is a risky oper...

ThinkInAIXYZ deepchat < 0.3.5 CVE
CRITICAL 10 QUALYSBLOG:383F...

Microsoft Patch Tuesday, September 2025 Security Update Review_QUALYSBLOG:383FF7344098E811E7A9F770A118F546

It's the second Tuesday of September, and Microsoft has rolled out its latest security updates. Microsoft's September 2025 Patch Tuesday has arrive...

N/A N/A QUALYSBLOG
CRITICAL 9.1 CVE-2025-58762

Tautulli vulnerable to Authenticated Remote Code Execution via write primitive and `Script` notification agent_CVE-2025-58762

Tautulli is a Python based monitoring and tracking tool for Plex Media Server. In Tautulli v2.15.3 and earlier, an attacker with administrative acc...

Tautulli Tautulli < 2.16.0 CVE
CRITICAL 10 MSF:EXPLOIT-MULTI-

Template Injection Vulnerability in Sawtooth Software’s Lighthouse Studio (CVE-2025-34300)_MSF:EXPLOIT-MULTI-HTTP-LIGHTHOUSE_STUDIO_UNAUTH_RCE_CVE_2025_34300-

This module exploits a template injection vulnerability in the Sawtooth Software Lighthouse Studio's ciwweb.pl web application. ...

N/A N/A METASPLOIT
CRITICAL 10 CVE-2025-55727

XWiki Remote Macros vulnerable to remote code execution from width parameter in the column macro_CVE-2025-55727

XWiki Remote Macros provides XWiki rendering macros that are useful when migrating content from Confluence. Starting in version 1.0 and prior to ve...

xwikisas xwiki-pro-macros >= 1.0, < 1.26.5 CVE