Overview
- Apache Software Foundation
- Apache SkyWalking
27 Nov 2025
Published
28 Nov 2025
Updated
CVSS
Pending
EPSS
0.03%
KEV
Description
Improper Neutralization of Script-Related HTML Tags in a Web Page (Basic XSS) vulnerability in Apache SkyWalking.
This issue affects Apache SkyWalking: <= 10.2.0.
Users are recommended to upgrade to version 10.3.0, which fixes the issue.
Statistics
- 1 Post
Last activity: 10 hours ago
Overview
Description
Integer wraparound in multiple PostgreSQL libpq client library functions allows an application input provider or network peer to cause libpq to undersize an allocation and write out-of-bounds by hundreds of megabytes. This results in a segmentation fault for the application using libpq. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Statistics
- 1 Post
- 2 Interactions
Last activity: 11 hours ago
Overview
Description
Missing authorization in PostgreSQL CREATE STATISTICS command allows a table owner to achieve denial of service against other CREATE STATISTICS users by creating in any schema. A later CREATE STATISTICS for the same name, from a user having the CREATE privilege, would then fail. Versions before PostgreSQL 18.1, 17.7, 16.11, 15.15, 14.20, and 13.23 are affected.
Statistics
- 1 Post
- 2 Interactions
Last activity: 11 hours ago
Overview
Description
Null pointer dereference in coap_dtls_info_callback() in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a DTLS handshake where SSL_get_app_data() returns NULL.
Statistics
- 1 Post
- 1 Interaction
Last activity: 12 hours ago
Overview
Description
NULL pointer dereference in src/coap_openssl.c in OISM libcoap 4.3.5 allows remote attackers to cause a denial of service via a crafted DTLS/TLS connection that triggers BIO_get_data() to return NULL.
Statistics
- 1 Post
- 1 Interaction
Last activity: 12 hours ago
Overview
- Lynxtechnology
- Twonky Server
19 Nov 2025
Published
19 Nov 2025
Updated
CVSS v4.0
HIGH (8.2)
EPSS
52.56%
KEV
Description
Twonky Server 8.5.2 on Linux and Windows is vulnerable to a cryptographic flaw, use of hard-coded cryptographic keys. An attacker with knowledge of the encrypted administrator password can decrypt the value with static keys to view the plain text password and gain administrator-level access to Twonky Server.
Statistics
- 1 Post
Last activity: 21 hours ago
Overview
- Lynxtechnology
- Twonky Server
19 Nov 2025
Published
19 Nov 2025
Updated
CVSS v4.0
CRITICAL (9.3)
EPSS
63.26%
KEV
Description
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
Statistics
- 1 Post
Last activity: 21 hours ago