JFrog Security Research
< Back
Software Vulnerabilities
Last Updated On 14 Aug, 2025
- JFSA-2025-001380578Flowise OS command remote code executionCVE-2025-8943criticalDiscovered ByAssaf LevkovichPublished on 14 Aug, 2025
- JFSA-2025-001379925Flowise JS injection remote code executionCVE-2025-55346criticalDiscovered ByAssaf LevkovichPublished on 14 Aug, 2025
- JFSA-2025-001378631Codex CLI Symlink Arbitrary File OverwriteCVE-2025-55345highDiscovered ByAssaf LevkovichPublished on 13 Aug, 2025
- Keras untrusted model arbitrary file writeCVE-2025-8747highDiscovered ByAndrey PolkovnichenkoPublished on 12 Aug, 2025
- Webfinger.js Blind SSRFCVE-2025-54590mediumDiscovered ByOri HollanderPublished on 28 Jul, 2025
- JFSA-2025-001290844OS command injection in mcp-remote when connecting to untrusted MCP serversCVE-2025-6514criticalDiscovered ByOr PelesPublished on 9 Jul, 2025
- Tensorflow Serving Stack Exhaustion DoSCVE-2025-0649highDiscovered ByOri HollanderPublished on 6 May, 2025
- PeerTube HLS Video Files Path TraversalCVE-2025-32943lowDiscovered ByOri HollanderPublished on 14 Apr, 2025
- PeerTube User Import Authenticated Resource ExhaustionCVE-2025-32949mediumDiscovered ByOri HollanderPublished on 14 Apr, 2025
- PeerTube User Import Authenticated Persistent Denial of ServiceCVE-2025-32944mediumDiscovered ByOri HollanderPublished on 14 Apr, 2025