CVE & Exploit Intelligence Database

CVE-2026-24708 8.2 HIGH EPSS 0.00

An issue was discovered in OpenStack Nova before 30.2.2, 31 before 31.2.1, and 32 before 32.1.1. By writing a malicious QCOW header to a root or ephemeral disk and then triggering a resize, a user may convince Nova's Flat image backend to call qemu-img without a format restriction, resulting in an unsafe image resize operation that could destroy data on the host system. Only compute nodes using the Flat image backend (usually configured with use_cow_images=False) are affected.

CWE-669 Feb 18, 2026

CVE-2026-25253 8.8 HIGH EXPLOITED 8 PoCs Analysis EPSS 0.00

OpenClaw (aka clawdbot or Moltbot) before 2026.1.29 obtains a gatewayUrl value from a query string and automatically makes a WebSocket connection without prompting, sending a token value.

CWE-669 Feb 01, 2026

CVE-2025-67895 9.8 CRITICAL 1 PoC Analysis EPSS 0.00

Edge3 Worker RPC RCE on Airflow 2. This issue affects Apache Airflow Providers Edge3: before 2.0.0 - and only if you installed and configured it on Airflow 2. The Edge3 provider support in Airflow 2 has been always development-only and not officially released, however if you installed and configured Edge3 provider in Airflow 2, it implicitly enabled non-public (normally) API which was used to test Edge Provider in Airflow 2 during the development. This API allowed Dag author to perform Remote Code Execution in the webserver context, which Dag Author was not supposed to be able to do. If you installed and configured Edge3 provider for Airflow 2, you should uninstall it and migrate to Airflow 3. The new Edge3 provider versions (>=2.0.0) has minimum version of Airflow set to 3 and the RCE-prone Airflow 2 code is removed, so it should no longer be possible to use the Edge3 provider 2.0.0+ on Airflow 2. If you used Edge Provider in Airflow 3, you are not affected.

CWE-669 Dec 17, 2025

CVE-2025-62775 8.0 HIGH EPSS 0.00

Mercku M6a devices through 2.1.0 allow root TELNET logins via the web admin password.

CWE-669 Oct 22, 2025

CVE-2025-62646 5.0 MEDIUM EPSS 0.00

The Restaurant Brands International (RBI) assistant platform through 2025-09-06 allows remote attackers to review the stored audio of conversations between associates and Drive Thru customers.

CWE-669 Oct 17, 2025

CVE-2024-31573 4.0 MEDIUM 1 Writeup EPSS 0.00

XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled.

CWE-669 Oct 17, 2025

CVE-2025-62292 4.3 MEDIUM EPSS 0.00

In SonarQube before 25.6, 2025.3 Commercial, and 2025.1.3 LTA, authenticated low-privileged users can query the /api/v2/users-management/users endpoint and obtain user fields intended for administrators only, including the email addresses of other accounts.

CWE-669 Oct 10, 2025

CVE-2025-56675 3.5 LOW EPSS 0.00

The EKEN video doorbell T6 BT60PLUS_MAIN_V1.0_GC1084_20230531 periodically sends debug logs to the EKEN cloud servers with sensitive information such as the Wi-Fi SSID and password.

CWE-669 Sep 30, 2025

CVE-2025-59692 3.7 LOW EPSS 0.00

PureVPN client applications on Linux through September 2025 mishandle firewalling. They flush the system's existing iptables rules and apply default ACCEPT policies when connecting to a VPN server. This removes firewall rules that may have been configured manually or by other software (e.g., UFW, container engines, or system security policies). Upon VPN disconnect, the original firewall state is not restored. As a result, the system may become unintentionally exposed to network traffic that was previously blocked. This affects CLI 2.0.1 and GUI 2.10.0.

CWE-669 Sep 18, 2025

CVE-2025-59691 3.7 LOW EPSS 0.00

PureVPN client applications on Linux through September 2025 allow IPv6 traffic to leak outside the VPN tunnel upon network events such as Wi-Fi reconnect or system resume. In the CLI client, the VPN auto-reconnects and claims to be connected, but IPv6 traffic is no longer routed or blocked. In the GUI client, the IPv6 connection remains functional after disconnection until the user clicks Reconnect. In both cases, the real IPv6 address is exposed to external services, violating user privacy and defeating the advertised IPv6 leak protection. This affects CLI 2.0.1 and GUI 2.10.0.

CWE-669 Sep 18, 2025

CVE-2025-59453 3.2 LOW EPSS 0.00

Click Studios Passwordstate before 9.9 Build 9972 has a potential authentication bypass for Passwordstate emergency access. By using a crafted URL while on the Emergency Access web page, an unauthorized person can gain access to the Passwordstate Administration section.

CWE-669 Sep 16, 2025

CVE-2025-59378 5.7 MEDIUM EPSS 0.00

In guix-daemon in GNU Guix before 1618ca7, a content-addressed-mirrors file can be written to create a setuid program that allows a regular user to gain the privileges of the build user that runs it (even after the build has ended).

CWE-669 Sep 15, 2025

CVE-2025-59363 7.7 HIGH EPSS 0.00

In One Identity OneLogin before 2025.3.0, a request returns the OIDC client secret with GET Apps API v2 (even though this secret should only be returned when an App is first created),

CWE-669 Sep 14, 2025

CVE-2025-34158 8.5 HIGH 1 Writeup EPSS 0.00

Plex Media Server (PMS) 1.41.7.x through 1.42.0.x before 1.42.1 is affected by incorrect resource transfer between spheres because /myplex/account provides the credentials of the server owner (and a /api/resources call reveals other servers accessible by that server owner).

CWE-669 Aug 21, 2025

CVE-2025-54956 3.2 LOW 1 Writeup EPSS 0.00

The gh package before 1.5.0 for R delivers an HTTP response in a data structure that includes the Authorization header from the corresponding HTTP request.

CWE-669 Aug 03, 2025

CVE-2025-54352 3.7 LOW 4 PoCs Analysis EPSS 0.00

WordPress 3.5 through 6.8.2 allows remote attackers to guess titles of private and draft posts via pingback.ping XML-RPC requests. NOTE: the Supplier is not changing this behavior.

CWE-669 Jul 21, 2025

CVE-2025-54310 4.0 MEDIUM 1 Writeup EPSS 0.00

qBittorrent before 5.1.2 does not prevent access to a local file that is referenced in a link URL. This affects rsswidget.cpp and searchjobwidget.cpp.

CWE-669 Jul 18, 2025

CVE-2025-41645 8.6 HIGH EPSS 0.00

An unauthenticated remote attacker could use a demo account of the portal to hijack devices that were created in that account by mistake.

CWE-669 May 13, 2025

CVE-2025-46553 6.1 MEDIUM 1 Writeup EPSS 0.00

@misskey-dev/summaly is a tool for getting a summary of a web page. Starting in version 3.0.1 and prior to version 5.2.1, a logic error in the main `summaly` function causes the `allowRedirects` option to never be passed to any plugins, and as a result, isn't enforced. Misskey will follow redirects, despite explicitly requesting not to. Version 5.2.1 contains a patch for the issue.

CWE-669 May 05, 2025

CVE-2025-26698 2.7 LOW EPSS 0.00

Incorrect resource transfer between spheres issue exists in RevoWorks SCVX and RevoWorks Browser. If exploited, malicious files may be downloaded to the system where using the product.

CWE-669 Feb 26, 2025