JFrog Security Research
< Back
Software Vulnerabilities
Last Updated On 11 Dec, 2025
- JFSA-2025-001648329python-utcp untrusted Manual command executionCVE-2025-14542highDiscovered ByOr PelesPublished on 11 Dec, 2025
- JFSA-2025-001648159Litmus Chaos JWT Missing Entropy Privilege EscalationCVE-2025-14261highDiscovered ByNatan NehoraiPublished on 8 Dec, 2025
- n8n Git Node RCECVE-2025-62726highDiscovered ByAssaf LevkovichPublished on 4 Nov, 2025
- JFSA-2025-001495652DSPy sandbox escape arbitrary file readCVE-2025-12695mediumDiscovered ByNatan NehoraiPublished on 4 Nov, 2025
- Cursor CLI Untrusted Project RCECVE-2025-61592highDiscovered ByAssaf LevkovichPublished on 4 Nov, 2025
- JFSA-2025-001495618React Native CLI Command InjectionCVE-2025-11953criticalDiscovered ByOr PelesPublished on 3 Nov, 2025
- JFSA-2025-001494691oatpp-mcp prompt hijackingCVE-2025-6515mediumDiscovered ByOri HollanderPublished on 20 Oct, 2025
- JFSA-2025-001471363txtai arbitrary file writeCVE-2025-10854highDiscovered ByOri HollanderPublished on 22 Sep, 2025
- XRAY-720930PickleScan Unsafe Globals Check Bypass via Submodule ImportsCVE-2025-10157criticalDiscovered ByDavid CohenPublished on 21 Sep, 2025
- XRAY-720938PickleScan Bypass via ZIP file bad CRCCVE-2025-10156criticalDiscovered ByDavid CohenPublished on 21 Sep, 2025