ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVRCP Vendor Command Handling

Published 2025-12-26 by GitHub_M

ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP Result Handling

Published 2025-12-26 by GitHub_M

FreshRSS globally denies access to feed via proxy modifying to 429 Retry-After

Published 2025-12-26 by GitHub_M

FreshRSS has weak cryptographic randomness in remember-me token and nonce generation

Published 2025-12-26 by GitHub_M

StreamVault is Vulnerable to Authenticated Remote Code Execution (RCE) via ytdlpargs Configuration Injection

Published 2025-12-26 by GitHub_M

lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load()

Published 2025-12-26 by GitHub_M

Self-hosted n8n has Legacy Code node that enables arbitrary file read/write

Published 2025-12-26 by GitHub_M

n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node

Published 2025-12-26 by GitHub_M

n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox

Published 2025-12-26 by GitHub_M

apidoc-core - prototype pollution in api_group.js, api_param_title.js, api_use.js, and api_permission.js worker

Published 2025-12-26 by Sonatype