JFrog Security Research
< Back
Software Vulnerabilities
Last Updated On 22 Sep, 2025
- JFSA-2025-001471363txtai arbitrary file writeCVE-2025-10854highDiscovered ByOri HollanderPublished on 22 Sep, 2025
- XRAY-720930PickleScan Unsafe Globals Check Bypass via Submodule ImportsCVE-2025-10157criticalDiscovered ByDavid CohenPublished on 21 Sep, 2025
- XRAY-720938PickleScan Bypass via ZIP file bad CRCCVE-2025-10156criticalDiscovered ByDavid CohenPublished on 21 Sep, 2025
- XRAY-720936PickleScan Bypass via File Extension MismatchCVE-2025-10155criticalDiscovered ByDavid CohenPublished on 21 Sep, 2025
- Vite arbitrary remote HTML file leakCVE-2025-58752highDiscovered ByOri HollanderPublished on 15 Sep, 2025
- Vite arbitrary restricted remote file leakCVE-2025-58751highDiscovered ByOri HollanderPublished on 15 Sep, 2025
- JFSA-2025-001449533Chaos Mesh debugging server DoSCVE-2025-59358highDiscovered ByNatan NehoraiPublished on 15 Sep, 2025
- JFSA-2025-001449535Chaos Mesh killProcesses command injectionCVE-2025-59360criticalDiscovered ByNatan NehoraiPublished on 15 Sep, 2025
- JFSA-2025-001449536Chaos Mesh cleanIptables command injectionCVE-2025-59361criticalDiscovered ByNatan NehoraiPublished on 15 Sep, 2025
- JFSA-2025-001449534Chaos Mesh cleanTcs command injectionCVE-2025-59359criticalDiscovered ByNatan NehoraiPublished on 15 Sep, 2025