Security Vulnerabilities
Werkzeug is a comprehensive WSGI web application library. Prior to version 3.1.4, Werkzeug's safe_join function allows path segments with Windows device names. On Windows, there are special device names such as CON, AUX, etc that are implicitly present and readable in every directory. send_from_directory uses safe_join to safely serve files at user-specified paths under a directory. If the application is running on Windows, and the requested path ends with a special device name, the file will be opened successfully, but reading will hang indefinitely. This issue has been patched in version 3.1.4.
CVSS Score
5.3
EPSS Score
0.0
Published
2025-11-29
Kiteworks is a private data network (PDN). Prior to version 9.1.0, improper input validation when managing roles of a shared folder could lead to unexpectedly elevate another user's permissions on the share. This issue has been patched in version 9.1.0.
CVSS Score
6.3
EPSS Score
0.0
Published
2025-11-29
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a client that connects to cupsd but sends slow messages, e.g. only one byte per second, delays cupsd as a whole, such that it becomes unusable by other clients. This issue has been patched in version 2.4.15.
CVSS Score
5.1
EPSS Score
0.0
Published
2025-11-29
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. Prior to version 2.4.15, a user in the lpadmin group can use the cups web ui to change the config and insert a malicious line. Then the cupsd process which runs as root will parse the new config and cause an out-of-bound write. This issue has been patched in version 2.4.15.
CVSS Score
6.0
EPSS Score
0.0
Published
2025-11-29
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, a bug in Kiteworks MFT could cause under certain circumstances that a user's active session would not properly time out due to inactivity. This issue has been patched in version 9.1.0.
CVSS Score
7.1
EPSS Score
0.0
Published
2025-11-29
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, this vulnerability could allow an external attacker to gain access to log information from the system by tricking an administrator into browsing a specifically crafted fake page of Kiteworks MFT. This issue has been patched in version 9.1.0.
CVSS Score
6.8
EPSS Score
0.0
Published
2025-11-29
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, the back-end of Kiteworks MFT is vulnerable to an incorrectly specified destination in a communication channel which allows an attacker with administrative privileges on the system under certain circumstances to intercept upstream communication which could lead to an escalation of privileges. This issue has been patched in version 9.1.0.
CVSS Score
7.2
EPSS Score
0.0
Published
2025-11-29
Kiteworks MFT orchestrates end-to-end file transfer workflows. Prior to version 9.1.0, an unfavourable definition of roles and permissions in Kiteworks MFT on managing Connections could lead to unexpected escalation of privileges for authorized users. This issue has been patched in version 9.1.0.
CVSS Score
6.5
EPSS Score
0.0
Published
2025-11-29
LibreChat is a ChatGPT clone with additional features. Prior to version 0.8.1-rc2, LibreChat is vulnerable to Server-side Request Forgery (SSRF), by passing specially crafted OpenAPI specs to its "Actions" feature and making the LLM use those actions. It could be used by an authenticated user with access to this feature to access URLs only accessible to the LibreChat server (such as cloud metadata services, through which impersonation of the server might be possible). This issue has been patched in version 0.8.1-rc2.
CVSS Score
8.1
EPSS Score
0.0
Published
2025-11-29
PubNet is a self-hosted Dart & Flutter package service. Prior to version 1.1.3, the /api/storage/upload endpoint in PubNet allows unauthenticated users to upload packages as any user by providing arbitrary author-id values. This enables identity spoofing, privilege escalation, and supply chain attacks. This issue has been patched in version 1.1.3.
CVSS Score
9.4
EPSS Score
0.001
Published
2025-11-29