|
1671
|
7.5 |
HIGH
Network
|
heromotocorp
|
vida_v1_pro_firmware
|
An issue in Hero Motocorp Vida V1 Pro 2.0.7 allows a local attacker to cause a denial of service via the BLE component
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2025-67133
|
2026-04-15 00:16 |
2026-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1672
|
7.5 |
HIGH
Network
|
heromotocorp
|
vida_v1_pro_firmware
|
Un problema en Hero Motocorp Vida V1 Pro 2.0.7 permite a un atacante local causar una denegación de servicio a través del componente BLE.
|
CWE-400
Uncontrolled Resource Consumption
|
CVE-2025-67133
|
2026-04-15 00:16 |
2026-01-10 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1673
|
9.8 |
CRITICAL
Network
|
-
|
-
|
owntone-server 2ca10d9 is vulnerable to Buffer Overflow due to lack of recursive checking.
|
CWE-120
Classic Buffer Overflow
|
CVE-2025-44560
|
2026-04-15 00:16 |
2026-04-11 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1674
|
9.1 |
CRITICAL
Network
|
lfprojects
|
model_context_protocol_servers
|
In mcp-server-git versions prior to 2025.12.17, when the server is started with the --repository flag to restrict operations to a specific repository path, it did not validate that repo_path argument…
|
CWE-22
Path Traversal
|
CVE-2025-68145
|
2026-04-15 00:13 |
2025-12-18 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1675
|
8.1 |
HIGH
Network
|
lfprojects
|
mlflow
|
MLFlow versions up to and including 3.4.0 are vulnerable to DNS rebinding attacks due to a lack of Origin header validation in the MLFlow REST server. This vulnerability allows malicious websites to …
|
CWE-346
Origin Validation Error
|
CVE-2025-14279
|
2026-04-15 00:05 |
2026-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1676
|
8.1 |
HIGH
Network
|
lfprojects
|
mlflow
|
Las versiones de MLFlow hasta la 3.4.0 inclusive son vulnerables a ataques de reencuadernación de DNS debido a una falta de validación del encabezado Origin en el servidor REST de MLFlow. Esta vulner…
|
CWE-346
Origin Validation Error
|
CVE-2025-14279
|
2026-04-15 00:05 |
2026-01-12 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1677
|
4.3 |
MEDIUM
Network
|
askbot
|
askbot
|
All versions of askbot before and including 0.12.2 allow an attacker authenticated with normal user permissions to modify the profile picture of other application users.This issue affects askbot: 0.1…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-1213
|
2026-04-14 23:58 |
2026-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1678
|
4.3 |
MEDIUM
Network
|
askbot
|
askbot
|
Todas las versiones de askbot anteriores e incluyendo la 0.12.2 permiten a un atacante autenticado con permisos de usuario normal modificar la imagen de perfil de otros usuarios de la aplicación. Est…
|
CWE-639
Authorization Bypass Through User-Controlled Key
|
CVE-2026-1213
|
2026-04-14 23:58 |
2026-01-27 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1679
|
7.0 |
HIGH
Local
|
lfprojects
|
mlflow
|
In mlflow version 2.20.3, the temporary directory used for creating Python virtual environments is assigned insecure world-writable permissions (0o777). This vulnerability allows an attacker with wri…
|
CWE-379
Creation of Temporary File in Directory with Incorrect Permissions
|
CVE-2025-10279
|
2026-04-14 23:57 |
2026-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
|
1680
|
7.0 |
HIGH
Local
|
lfprojects
|
mlflow
|
En mlflow versión 2.20.3, el directorio temporal utilizado para crear entornos virtuales de Python tiene asignados permisos inseguros de escritura global (0o777). Esta vulnerabilidad permite a un ata…
|
CWE-379
Creation of Temporary File in Directory with Incorrect Permissions
|
CVE-2025-10279
|
2026-04-14 23:57 |
2026-02-2 |
Show
|
GitHub
Exploit DB
Packet Storm
|
|
|
