Server
Source repositories
CVEs (11)
| CVE | Vendor / Product | Sev | Risk | CVSS | EPSS | KEV | Published | Description |
|---|---|---|---|---|---|---|---|---|
| CVE-2025-15097 | Hig | 0.47 | 7.3 | 0.00 | Dec 26, 2025 | A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended. | ||
| CVE-2024-48322 | Hig | 0.47 | 8.1 | 0.14 | Nov 11, 2024 | UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability. | ||
| CVE-2025-13315 | 0.10 | — | 0.85 | Nov 19, 2025 | Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password. | |||
| CVE-2025-68273 | 0.00 | — | 0.00 | Jan 1, 2026 | Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. This exposure facilitates reconnaissance for further attacks. Version 2.19.0 patches the issue. | |||
| CVE-2025-68272 | 0.00 | — | 0.00 | Jan 1, 2026 | Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (`/signalk/v1/access/requests`). This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Version 2.19.0 fixes the issue. | |||
| CVE-2025-66834 | 0.00 | — | 0.00 | Dec 30, 2025 | A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name. | |||
| CVE-2025-66823 | 0.00 | — | 0.00 | Dec 30, 2025 | An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page ([conference url]/info). | |||
| CVE-2024-8273 | 0.00 | — | 0.00 | Dec 11, 2025 | Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1. | |||
| CVE-2025-13758 | 0.00 | — | 0.00 | Nov 27, 2025 | Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8. | |||
| CVE-2025-13757 | 0.00 | — | 0.00 | Nov 27, 2025 | SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8. | |||
| CVE-2025-11681 | 0.00 | — | 0.00 | Nov 17, 2025 | Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash. |
- risk 0.47cvss 7.3epss 0.00
A vulnerability was found in Alteryx Server. Affected by this issue is some unknown functionality of the file /gallery/api/status/. Performing manipulation results in improper authentication. The attack is possible to be carried out remotely. The exploit has been made public and could be used. Upgrading to version 2023.1.1.13.486, 2023.2.1.10.293, 2024.1.1.9.236, 2024.2.1.6.125 and 2025.1.1.1.31 can resolve this issue. Upgrading the affected component is recommended.
- risk 0.47cvss 8.1epss 0.14
UsersController.php in Run.codes 1.5.2 and older has a reset password race condition vulnerability.
- CVE-2025-13315Nov 19, 2025risk 0.10cvss —epss 0.85
Twonky Server 8.5.2 on Linux and Windows is vulnerable to an access control flaw. An unauthenticated attacker can bypass web service API authentication controls to leak a log file and read the administrator's username and encrypted password.
- CVE-2025-68273Jan 1, 2026risk 0.00cvss —epss 0.00
Signal K Server is a server application that runs on a central hub in a boat. An unauthenticated information disclosure vulnerability in versions prior to 2.19.0 allows any user to retrieve sensitive system information, including the full SignalK data schema, connected serial devices, and installed analyzer tools. This exposure facilitates reconnaissance for further attacks. Version 2.19.0 patches the issue.
- CVE-2025-68272Jan 1, 2026risk 0.00cvss —epss 0.00
Signal K Server is a server application that runs on a central hub in a boat. A Denial of Service (DoS) vulnerability in versions prior to 2.19.0 allows an unauthenticated attacker to crash the SignalK Server by flooding the access request endpoint (`/signalk/v1/access/requests`). This causes a "JavaScript heap out of memory" error due to unbounded in-memory storage of request objects. Version 2.19.0 fixes the issue.
- CVE-2025-66834Dec 30, 2025risk 0.00cvss —epss 0.00
A CSV Formula Injection vulnerability in TrueConf Server v5.5.2.10813 allows a normal user to inject malicious spreadsheet formulas into exported chat logs via crafted Display Name.
- CVE-2025-66823Dec 30, 2025risk 0.00cvss —epss 0.00
An HTML Injection vulnerability in TrueConf server 5.5.2.10813 in the conference description field allows an attacker to inject arbitrary HTML in the Create/Edit conference functionality. The payload will be triggered when the victim opens the Conference Info page ([conference url]/info).
- CVE-2024-8273Dec 11, 2025risk 0.00cvss —epss 0.00
Authentication Bypass by Spoofing vulnerability in HYPR Server allows Identity Spoofing.This issue affects Server: before 10.1.
- CVE-2025-13758Nov 27, 2025risk 0.00cvss —epss 0.00
Exposure of credentials in unintended requests in Devolutions Server.This issue affects Server: through 2025.2.20, through 2025.3.8.
- CVE-2025-13757Nov 27, 2025risk 0.00cvss —epss 0.00
SQL Injection vulnerability in last usage logs in Devolutions Server.This issue affects Devolutions Server: through 2025.2.20, through 2025.3.8.
- CVE-2025-11681Nov 17, 2025risk 0.00cvss —epss 0.00
Denial-of-service condition in M-Files Server versions before 25.11.15392.1, before 25.2 LTS SR2 and before 25.8 LTS SR2 allows an authenticated user to cause the MFserver process to crash.