Recent Advisories

Severity ID Title Vendor Product Date Type
HIGH 7 CVE-2025-8447

Incorrect authorization vulnerability was identified in GitHub Enterprise Server that allowed read-only access_CVE-2025-8447

An improper access control vulnerability was identified in GitHub Enterprise Server that allowed users with access to any repository to retrieve li...

GitHub Enterprise Server 3.14 CVE
HIGH 7.7 CVE-2025-57809

XGrammar affected by Denial of Service by infinite recursion grammars_CVE-2025-57809

XGrammar is an open-source library for efficient, flexible, and portable structured generation. Prior to version 0.1.21, XGrammar has an infinite r...

mlc-ai xgrammar < 0.1.21 CVE
HIGH 7.5 CVE-2025-6188

On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated with LspPing Echo Reply. This can result in unexpected behaviors, especially for UDP based services that do n_CVE-2025-6188

On affected platforms running Arista EOS, maliciously formed UDP packets with source port 3503 may be accepted by EOS. UDP Port 3503 is associated ...

Arista Networks EOS 4.33.0 CVE
HIGH 8.7 CVE-2025-57805

The Scratch Channel’s Publish Articles POST Request Can Upload Articles Without Validation_CVE-2025-57805

The Scratch Channel is a news website. In versions 1 and 1.1, a POST request to the endpoint used to publish articles, can be used to post an artic...

The-Scratch-Channel tsc-web-client >= 1, < 1.2 CVE
HIGH 8.7 CVE-2025-8627

Unauthenticated Protocol Commands on TP-Link KP303_CVE-2025-8627

The TP-Link KP303 Smartplug can be issued unauthenticated protocol commands that may cause unintended power-off condition and potential information...

TP-Link Systems Inc. TP-Link KP303 (US) Smartplug CVE
HIGH 7.3 CVE-2025-26497

CVE-2025-26497_CVE-2025-26497

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (Flow Editor modules) allows Absolute ...

Salesforce Tableau Server CVE
HIGH 7.3 CVE-2025-26498

CVE-2025-26498_CVE-2025-26498

Unrestricted Upload of File with Dangerous Type vulnerability in Salesforce Tableau Server on Windows, Linux (establish-connection-no-undo modules)...

Salesforce Tableau Server CVE
HIGH 8.8 CVE-2025-26467

Apache Cassandra: User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only)_CVE-2025-26467

Privilege Defined With Unsafe Actions vulnerability in Apache Cassandra. An user with MODIFY permission ON ALL KEYSPACES can escalate privileges to...

Apache Software Foundation Apache Cassandra 4.0.16 CVE
HIGH 7 CVE-2025-51281

CVE-2025-51281_CVE-2025-51281

D-Link DI-8100 16.07.26A1 is vulnerable to Buffer Overflow via the en`, `val and id parameters in the qj_asp function. This vulnerability allows au...

n/a n/a n/a CVE
HIGH 8.5 CVE-2025-56216

CVE-2025-56216_CVE-2025-56216

phpgurukul Hospital Management System 4.0 is vulnerable to SQL Injection in about-us.php via the pagetitle parameter.

n/a n/a n/a CVE