Vullist
by Vityuasd
Source repositories
CVEs (4)
| CVE | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|
| CVE-2025-60536 | Hig | 0.49 | 7.5 | 0.00 | Oct 14, 2025 | An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service (DoS) via uploading a crafted configuration file. | |
| CVE-2025-60535 | Hig | 0.47 | 7.3 | 0.00 | Oct 14, 2025 | A Cross-Site Request Forgery (CSRF) in the component /endpoints/currency/currency of Wallos v4.1.1 allows attackers to execute arbitrary operations via a crafted GET request. | |
| CVE-2025-60540 | Med | 0.42 | 6.5 | 0.00 | Oct 14, 2025 | karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery (SSRF). | |
| CVE-2025-60537 | Med | 0.42 | 6.5 | 0.00 | Oct 14, 2025 | Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data. |