Daily CVE report with the latest security vulnerabilities and exploits. Stay informed with real-time updates and expert insights on emerging cyber threats.

Red Dog Security

2 min read
Daily CVE report with the latest security vulnerabilities and exploits. Stay informed with real-time updates and expert insights on emerging cyber threats.

CVE-2025-8022

Rejected This CVE has been marked Rejected in the CVE List. These CVEs are stored in the NVD, but do not show up in search results by default.

NVD Published Date:
07/23/2025
NVD Last Modified:
08/11/2025

Description
Rejected reason: Bun Shell does not invoke /bin/sh, or any other interpreter, for template literals created with the $ function. Each ${…} interpolation is treated as a single argument. The security responsibility for this usage pattern lies with the calling application, which must ensure the sanitization and validation of any untrusted arguments before passing them to the executed commands. Therefore, the potential for command injection is not a flaw within Bun itself; rather, it is an argument injection that is contingent on its implementation by the consuming application.

CVE-2025-55188


Description
7-Zip before 25.01 does not always properly handle symbolic links during extractio

NVD Published Date:
08/08/2025
NVD Last Modified:
08/09/2025
Source:
MITRE

CVE-2025-55152

Description
oak is a middleware framework for Deno's native HTTP server, Deno Deploy, Node.js 16.5 and later, Cloudflare Workers and Bun. In versions 17.1.5 and below, it's possible to significantly slow down an oak server with specially crafted values of the x-forwarded-proto or x-forwarded-for headers.

Published:
2025-08-09 02:15:38
Updated:
2025-08-09 02:15:38
Source:
GitHub, Inc.

CVE-2025-55149

Description
Tiny-Scientist is a lightweight framework for automating the entire lifecycle of scientific research—from ideation to implementation, writing, and review. In versions 0.1.1 and below, a critical path traversal vulnerability has been identified in the review_paper function in backend/app.py. The vulnerability allows malicious users to access arbitrary PDF files on the server by providing crafted file paths that bypass the intended security restrictions. This vulnerability allows attackers to: read any PDF file accessible to the server process, potentially access sensitive documents outside the intended directory.

Published:
2025-08-09 02:02:31
Updated:
2025-08-09 03:15:48
Source:
GitHub, Inc.

CVE-2025-55138

Description
LinkJoin through 882f196 mishandles token ownership in password reset.

Published:
2025-08-07
Updated:
2025-08-07
Source:
MITRE

Read more