Welcome to the CVE disclosures section of this repository! Here, you'll find a list of potential security vulnerabilities that I have discovered while working on Free Open Source Software (FOSS) applications.
Below is a list of all the CVEs that I have discovered.
| Findings | Description |
|---|---|
| CVE-2025-70340 | The vulnerability affects the alarm commenting functionality in both ThingsBoard Community and Professional Editions. Specifically, the backend APIs responsible for creating and updating alarm comments fail to enforce proper authorization checks, potentially allowing unauthorized actions. |
I will update this list as soon as new vulnerabilities are discovered.