Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-v2w5-94qr-4c5g | A vulnerability was determined in ZSPACE Z4Pro+ 1.0.0440024. The affected element is the function z… | 2025-12-28T12:30:23Z | 2025-12-28T12:30:23Z |
| ghsa-fvhh-hg59-vfxx | A vulnerability was found in ZSPACE Z4Pro+ 1.0.0440024. Impacted is the function zfilev2_api_SafeSt… | 2025-12-28T12:30:23Z | 2025-12-28T12:30:23Z |
| ghsa-6chc-jx4m-r2w2 | A vulnerability was identified in ZSPACE Z4Pro+ 1.0.0440024. The impacted element is the function z… | 2025-12-28T12:30:23Z | 2025-12-28T12:30:23Z |
| ghsa-29m3-gxfx-749g | A security flaw has been discovered in yourmaileyes MOOC up to 1.17. This affects the function subr… | 2025-12-28T12:30:23Z | 2025-12-28T12:30:24Z |
| ghsa-xvv8-2hxw-mghp | A weakness has been identified in JeecgBoot up to 3.9.0. Affected by this vulnerability is the func… | 2025-12-28T09:30:27Z | 2025-12-28T09:30:27Z |
| ghsa-q2w3-p85r-q6v3 | A flaw has been found in ChenJinchuang Lin-CMS-TP5 up to 0.3.3. This vulnerability affects the func… | 2025-12-28T09:30:27Z | 2025-12-28T09:30:27Z |
| ghsa-mjm5-xqg6-v939 | A security flaw has been discovered in JeecgBoot up to 3.9.0. Affected is the function queryDepartP… | 2025-12-28T09:30:27Z | 2025-12-28T09:30:27Z |
| ghsa-m84v-87w9-mgjq | A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the fi… | 2025-12-28T09:30:27Z | 2025-12-28T09:30:27Z |
| ghsa-hq3q-62v8-pp48 | A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown par… | 2025-12-28T09:30:27Z | 2025-12-28T09:30:27Z |
| ghsa-6px8-5r5j-c9f2 | A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap … | 2025-12-28T09:30:27Z | 2025-12-28T09:30:27Z |
| ghsa-2cqx-6pqq-j99h | A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209… | 2025-12-28T09:30:27Z | 2025-12-28T09:30:27Z |
| ghsa-jcpx-68wr-v54v | A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the fil… | 2025-12-28T06:31:32Z | 2025-12-28T06:31:32Z |
| ghsa-gv85-863m-74jv | A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDe… | 2025-12-28T06:31:32Z | 2025-12-28T06:31:32Z |
| ghsa-35f9-r8q8-pqf5 | A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDataru… | 2025-12-28T06:31:32Z | 2025-12-28T06:31:32Z |
| ghsa-m8rq-9x47-wwr7 | A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affec… | 2025-12-28T06:31:31Z | 2025-12-28T06:31:31Z |
| ghsa-6wrf-f8cg-6rh5 | A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageLis… | 2025-12-28T06:31:31Z | 2025-12-28T06:31:31Z |
| ghsa-wgfq-49px-5cwg | A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unkno… | 2025-12-28T03:30:12Z | 2025-12-28T03:30:12Z |
| ghsa-9786-pc79-p3v7 | A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectIn… | 2025-12-28T03:30:12Z | 2025-12-28T03:30:12Z |
| ghsa-w789-3q45-984r | In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can… | 2025-12-28T00:30:23Z | 2025-12-28T00:30:23Z |
| ghsa-w2jm-qqhw-c9px | A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affect… | 2025-12-27T21:30:12Z | 2025-12-27T21:30:12Z |
| ghsa-f342-w736-j52r | A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an… | 2025-12-27T21:30:12Z | 2025-12-27T21:30:12Z |
| ghsa-hj3q-q387-m5hr | A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. Thi… | 2025-12-27T18:30:26Z | 2025-12-27T18:30:26Z |
| ghsa-43h9-hc38-qph5 | SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key | 2025-12-27T15:30:17Z | 2025-12-29T20:36:20Z |
| ghsa-2qm6-vprh-vgfc | Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code … | 2025-12-27T15:30:16Z | 2025-12-27T15:30:17Z |
| ghsa-72f9-ghc4-fpv2 | A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function… | 2025-12-27T12:30:12Z | 2025-12-27T12:30:12Z |
| ghsa-9m78-g4jr-6549 | A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function… | 2025-12-27T09:30:27Z | 2025-12-27T09:30:27Z |
| ghsa-rcfx-77hg-w2wv | FastMCP updated to MCP 1.23+ due to CVE-2025-66416 | 2025-12-26T23:20:50Z | 2025-12-26T23:20:50Z |
| ghsa-9fjq-45qv-pcm7 | ruint affected by unsoundness of safe `reciprocal_mg10` | 2025-12-26T18:55:53Z | 2025-12-26T18:55:53Z |
| ghsa-xq7p-3jhh-cr76 | Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-00… | 2025-12-26T18:30:27Z | 2025-12-26T18:30:27Z |
| ghsa-qxv4-g9hq-r87f | Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbook… | 2025-12-26T18:30:27Z | 2025-12-26T21:30:21Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-15150 | PX4 PX4-Autopilot mavlink_log_handler.cpp log_entry_fr… |
PX4 |
PX4-Autopilot |
2025-12-28T19:02:07.960Z | 2025-12-29T16:08:11.074Z | |
| cve-2025-15149 | rawchen ecms Add New Product updateProductServlet.java… |
rawchen |
ecms |
2025-12-28T18:32:06.054Z | 2025-12-29T21:17:12.684Z | |
| cve-2025-15148 | CmsEasy Backend Template Management template_admin.php… |
n/a |
CmsEasy |
2025-12-28T18:02:08.178Z | 2025-12-29T21:22:26.770Z | |
| cve-2025-15146 | SohuTV CacheCloud UserManageController.java doUserList… |
SohuTV |
CacheCloud |
2025-12-28T17:32:06.551Z | 2025-12-29T21:25:59.423Z | |
| cve-2025-15145 | SohuTV CacheCloud TotalManageController.java doTotalLi… |
SohuTV |
CacheCloud |
2025-12-28T17:02:05.970Z | 2025-12-29T21:26:55.456Z | |
| cve-2025-15144 | dayrui XunRuiCMS JSONP Callback Init.php dr_exit_msg c… |
dayrui |
XunRuiCMS |
2025-12-28T16:32:07.116Z | 2025-12-29T21:27:18.449Z | |
| cve-2025-68973 | 7.8 (v3.1) | In GnuPG through 2.4.8, armor_filter in g10/armor… |
GnuPG |
GnuPG |
2025-12-28T16:19:11.019Z | 2025-12-29T19:03:39.496Z |
| cve-2025-15143 | EyouCMS Backend Template Management FilemanagerLogic.p… |
n/a |
EyouCMS |
2025-12-28T16:02:08.347Z | 2025-12-29T16:24:22.854Z | |
| cve-2025-15142 | 9786 phpok3w show.php sql injection |
9786 |
phpok3w |
2025-12-28T15:32:12.734Z | 2025-12-29T16:26:52.591Z | |
| cve-2025-15141 | Halo Configuration actuator information disclosure |
n/a |
Halo |
2025-12-28T15:02:05.484Z | 2025-12-29T16:30:18.082Z | |
| cve-2025-15140 | saiftheboss7 onlinemcqexam quesadd.php sql injection |
saiftheboss7 |
onlinemcqexam |
2025-12-28T14:32:06.750Z | 2025-12-29T16:07:22.328Z | |
| cve-2025-15139 | TRENDnet TEW-822DRE formWsc sub_43ACF4 command injection |
TRENDnet |
TEW-822DRE |
2025-12-28T14:02:07.407Z | 2025-12-29T16:06:45.224Z | |
| cve-2025-15138 | prasathmani TinyFileManager tinyfilemanager.php path t… |
prasathmani |
TinyFileManager |
2025-12-28T13:32:08.843Z | 2025-12-29T16:40:10.063Z | |
| cve-2025-15137 | TRENDnet TEW-800MB NTPSyncWithHost.cgi sub_F934 comma… |
TRENDnet |
TEW-800MB |
2025-12-28T13:02:05.931Z | 2025-12-29T17:19:47.335Z | |
| cve-2025-15136 | TRENDnet TEW-800MB Management wizardset do_setWizard_a… |
TRENDnet |
TEW-800MB |
2025-12-28T12:32:06.349Z | 2025-12-29T17:20:27.000Z | |
| cve-2025-15135 | joey-zhou xiaozhi-esp32-server-java Cookie Authenticat… |
joey-zhou |
xiaozhi-esp32-server-java |
2025-12-28T12:02:07.346Z | 2025-12-29T17:58:51.665Z | |
| cve-2025-15134 | yourmaileyes MOOC Submission MainController.java subre… |
yourmaileyes |
MOOC |
2025-12-28T11:32:05.791Z | 2025-12-29T17:59:32.211Z | |
| cve-2025-15133 | ZSPACE Z4Pro+ HTTP POST Request close zfilev2_api_Clos… |
ZSPACE |
Z4Pro+ |
2025-12-28T11:02:10.256Z | 2025-12-29T18:00:13.048Z | |
| cve-2025-15132 | ZSPACE Z4Pro+ HTTP POST Request open zfilev2_api_open … |
ZSPACE |
Z4Pro+ |
2025-12-28T10:32:05.208Z | 2025-12-29T18:00:46.951Z | |
| cve-2025-15131 | ZSPACE Z4Pro+ HTTP POST Request status zfilev2_api_Saf… |
ZSPACE |
Z4Pro+ |
2025-12-28T10:02:06.337Z | 2025-12-29T18:01:13.797Z | |
| cve-2025-15130 | shanyu SyCms Administrative Panel FileManageController… |
shanyu |
SyCms |
2025-12-28T09:32:10.325Z | 2025-12-29T18:01:53.351Z | |
| cve-2025-15129 | ChenJinchuang Lin-CMS-TP5 File Upload LocalUploader.ph… |
ChenJinchuang |
Lin-CMS-TP5 |
2025-12-28T09:02:10.127Z | 2025-12-29T18:55:29.222Z | |
| cve-2025-15128 | ZKTeco BioTime Endpoint safe_setting credentials storage |
ZKTeco |
BioTime |
2025-12-28T08:32:10.069Z | 2025-12-29T16:06:03.528Z | |
| cve-2025-15127 | FantasticLBP Hotels_Server Room.php sql injection |
FantasticLBP |
Hotels_Server |
2025-12-28T08:02:06.225Z | 2025-12-29T16:02:17.068Z | |
| cve-2025-15126 | JeecgBoot getPositionUserList improper authorization |
n/a |
JeecgBoot |
2025-12-28T07:32:06.264Z | 2025-12-29T16:03:06.162Z | |
| cve-2025-15125 | JeecgBoot queryDepartPermission improper authorization |
n/a |
JeecgBoot |
2025-12-28T07:02:06.680Z | 2025-12-29T16:03:49.238Z | |
| cve-2025-15124 | JeecgBoot list getParameterMap improper authorization |
n/a |
JeecgBoot |
2025-12-28T06:32:06.920Z | 2025-12-29T16:04:32.586Z | |
| cve-2025-15123 | JeecgBoot datarule improper authorization |
n/a |
JeecgBoot |
2025-12-28T06:02:05.781Z | 2025-12-29T16:05:08.309Z | |
| cve-2025-15122 | JeecgBoot datarule loadDatarule improper authorization |
n/a |
JeecgBoot |
2025-12-28T05:02:05.798Z | 2025-12-29T16:42:57.874Z | |
| cve-2025-15121 | JeecgBoot getDeptRoleByUserId information disclosure |
n/a |
JeecgBoot |
2025-12-28T04:32:06.152Z | 2025-12-29T16:41:44.256Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-15172 | SohuTV CacheCloud RedisConfigTemplateController.java p… |
SohuTV |
CacheCloud |
2025-12-29T04:32:08.554Z | 2025-12-29T17:51:46.399Z | |
| cve-2025-15171 | SohuTV CacheCloud ServerController.java index cross si… |
SohuTV |
CacheCloud |
2025-12-29T04:02:05.763Z | 2025-12-29T14:39:27.399Z | |
| cve-2025-15170 | Advaya Softech GEMS ERP Portal Error Message home.jsp … |
Advaya Softech |
GEMS ERP Portal |
2025-12-29T03:32:07.618Z | 2025-12-29T14:40:15.648Z | |
| cve-2025-15169 | BiggiDroid Simple PHP CMS editsite.php sql injection |
BiggiDroid |
Simple PHP CMS |
2025-12-29T03:02:09.145Z | 2025-12-29T16:09:31.243Z | |
| cve-2025-52691 | 10 (v3.1) | Upload Arbitrary Files |
SmarterTools |
SmarterMail |
2025-12-29T02:15:58.200Z | 2025-12-29T16:47:54.633Z |
| cve-2025-15168 | itsourcecode Student Management System statistical.php… |
itsourcecode |
Student Management System |
2025-12-29T02:32:06.034Z | 2025-12-29T16:50:56.359Z | |
| cve-2025-15167 | itsourcecode Online Cake Ordering System detailtransac… |
itsourcecode |
Online Cake Ordering System |
2025-12-29T02:02:07.978Z | 2025-12-29T18:00:29.145Z | |
| cve-2025-15166 | itsourcecode Online Cake Ordering System updatesupplie… |
itsourcecode |
Online Cake Ordering System |
2025-12-29T01:32:07.201Z | 2025-12-29T18:57:13.054Z | |
| cve-2025-15165 | itsourcecode Online Cake Ordering System updatecustome… |
itsourcecode |
Online Cake Ordering System |
2025-12-29T01:02:08.921Z | 2025-12-29T19:29:33.393Z | |
| cve-2025-15164 | Tenda WH450 SafeMacFilter stack-based overflow |
Tenda |
WH450 |
2025-12-29T00:32:07.802Z | 2025-12-29T00:32:07.802Z | |
| cve-2025-15163 | Tenda WH450 SafeEmailFilter stack-based overflow |
Tenda |
WH450 |
2025-12-29T00:02:07.226Z | 2025-12-29T21:03:37.471Z | |
| cve-2025-15067 | 8.5 (v4.0) 7.7 (v3.1) | Unrestricted File Upload and RCE in Innorix WP |
Innorix |
Innorix WP |
2025-12-29T00:59:38.660Z | 2025-12-29T17:31:32.666Z |
| cve-2025-15066 | 6.9 (v4.0) 6.2 (v3.1) | Arbitrary File Download through Path Traversal in Innorix WP |
Innorix |
Innorix WP |
2025-12-29T00:48:56.222Z | 2025-12-29T17:35:49.557Z |
| cve-2025-15065 | 8.6 (v4.0) 6.3 (v3.1) | Data Exposure in Kings Information & Network KESS Enterprise |
Kings Information & Network Co. |
KESS Enterprise |
2025-12-29T00:09:27.009Z | 2025-12-29T21:01:59.310Z |
| cve-2025-15162 | Tenda WH450 RouteStatic stack-based overflow |
Tenda |
WH450 |
2025-12-28T23:32:08.620Z | 2025-12-29T21:06:49.439Z | |
| cve-2025-15161 | Tenda WH450 PPTPUserSetting stack-based overflow |
Tenda |
WH450 |
2025-12-28T23:02:08.101Z | 2025-12-29T21:13:48.407Z | |
| cve-2025-15160 | Tenda WH450 PPTPServer stack-based overflow |
Tenda |
WH450 |
2025-12-28T22:32:07.881Z | 2025-12-29T16:08:39.716Z | |
| cve-2025-15156 | omec-project UPF PFCP Session Establishment Request me… |
omec-project |
UPF |
2025-12-28T22:02:06.001Z | 2025-12-29T16:08:01.587Z | |
| cve-2025-15155 | floooh sokol sokol_gfx.h _sg_pipeline_desc_defaults st… |
floooh |
sokol |
2025-12-28T21:32:10.957Z | 2025-12-29T14:43:28.566Z | |
| cve-2025-15154 | PbootCMS Header handle.php get_user_ip less trusted source |
n/a |
PbootCMS |
2025-12-28T21:02:07.992Z | 2025-12-29T14:48:02.795Z | |
| cve-2025-15153 | PbootCMS SQLite Database pbootcms.db file access |
n/a |
PbootCMS |
2025-12-28T20:32:07.587Z | 2025-12-29T14:55:49.904Z | |
| cve-2025-15152 | h-moses moga-mall PmsProductController.java addProduct… |
h-moses |
moga-mall |
2025-12-28T20:02:08.188Z | 2025-12-29T15:50:24.977Z | |
| cve-2025-15151 | TaleLin Lin-CMS Tests Folder config.py password in con… |
TaleLin |
Lin-CMS |
2025-12-28T19:32:05.944Z | 2025-12-29T15:52:38.176Z | |
| cve-2025-15150 | PX4 PX4-Autopilot mavlink_log_handler.cpp log_entry_fr… |
PX4 |
PX4-Autopilot |
2025-12-28T19:02:07.960Z | 2025-12-29T16:08:11.074Z | |
| cve-2025-15149 | rawchen ecms Add New Product updateProductServlet.java… |
rawchen |
ecms |
2025-12-28T18:32:06.054Z | 2025-12-29T21:17:12.684Z | |
| cve-2025-15148 | CmsEasy Backend Template Management template_admin.php… |
n/a |
CmsEasy |
2025-12-28T18:02:08.178Z | 2025-12-29T21:22:26.770Z | |
| cve-2025-15146 | SohuTV CacheCloud UserManageController.java doUserList… |
SohuTV |
CacheCloud |
2025-12-28T17:32:06.551Z | 2025-12-29T21:25:59.423Z | |
| cve-2025-68973 | 7.8 (v3.1) | In GnuPG through 2.4.8, armor_filter in g10/armor… |
GnuPG |
GnuPG |
2025-12-28T16:19:11.019Z | 2025-12-29T19:03:39.496Z |
| cve-2025-15145 | SohuTV CacheCloud TotalManageController.java doTotalLi… |
SohuTV |
CacheCloud |
2025-12-28T17:02:05.970Z | 2025-12-29T21:26:55.456Z | |
| cve-2025-15144 | dayrui XunRuiCMS JSONP Callback Init.php dr_exit_msg c… |
dayrui |
XunRuiCMS |
2025-12-28T16:32:07.116Z | 2025-12-29T21:27:18.449Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-192509 | Malicious code in elf-stats-joyous-ribbon-819 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192508 | Malicious code in elf-stats-jolly-ornament-687 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T20:09:23Z |
| mal-2025-192507 | Malicious code in elf-stats-holly-stocking-294 (npm) | 2025-12-11T19:46:09Z | 2025-12-16T09:26:26Z |
| mal-2025-192506 | Malicious code in elf-stats-holly-candy-802 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T20:09:23Z |
| mal-2025-192505 | Malicious code in elf-stats-gingersnap-mitten-648 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T20:09:23Z |
| mal-2025-192504 | Malicious code in elf-stats-ginger-hollyberry-135 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T20:09:23Z |
| mal-2025-192503 | Malicious code in elf-stats-fuzzy-workbench-102 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192502 | Malicious code in elf-stats-fuzzy-fireplace-615 (npm) | 2025-12-11T19:46:09Z | 2025-12-16T09:26:26Z |
| mal-2025-192501 | Malicious code in elf-stats-frostbitten-muffin-867 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192500 | Malicious code in elf-stats-frostbitten-cookie-757 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T19:37:08Z |
| mal-2025-192499 | Malicious code in elf-stats-festive-sleigh-368 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T19:37:08Z |
| mal-2025-192498 | Malicious code in elf-stats-festive-hollyberry-475 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192497 | Malicious code in elf-stats-evergreen-workbench-842 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192496 | Malicious code in elf-stats-evergreen-satchel-868 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T19:37:08Z |
| mal-2025-192495 | Malicious code in elf-stats-evergreen-nightcap-747 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T19:37:08Z |
| mal-2025-192494 | Malicious code in elf-stats-ember-stocking-807 (npm) | 2025-12-11T19:46:09Z | 2025-12-18T06:26:30Z |
| mal-2025-192493 | Malicious code in elf-stats-ember-cookiejar-768 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192492 | Malicious code in elf-stats-cranberry-saddlebag-402 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192491 | Malicious code in elf-stats-cosy-sparkler-518 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192490 | Malicious code in elf-stats-cosy-ribbon-689 (npm) | 2025-12-11T19:46:09Z | 2025-12-16T08:26:30Z |
| mal-2025-192489 | Malicious code in elf-stats-cosy-chimney-268 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192488 | Malicious code in elf-stats-cocoa-pinecone-118 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T19:09:02Z |
| mal-2025-192487 | Malicious code in elf-stats-cheery-sparkler-521 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T17:09:49Z |
| mal-2025-192486 | Malicious code in elf-stats-cheery-sleigh-538 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T17:09:49Z |
| mal-2025-192485 | Malicious code in elf-stats-cheery-northstar-345 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192484 | Malicious code in elf-stats-cheery-muffin-949 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T17:09:49Z |
| mal-2025-192483 | Malicious code in elf-stats-caroling-workshop-885 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T17:09:49Z |
| mal-2025-192482 | Malicious code in elf-stats-caroling-sparkler-130 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192481 | Malicious code in elf-stats-caroling-sled-530 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T17:09:49Z |
| mal-2025-192480 | Malicious code in elf-stats-caroling-hammer-382 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T16:45:01Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:18183 | Red Hat Security Advisory: libsoup3 security update | 2025-10-15T20:35:08+00:00 | 2025-11-27T17:36:57+00:00 |
| rhsa-2025:18151 | Red Hat Security Advisory: .NET 9.0 security update | 2025-10-15T16:57:02+00:00 | 2025-11-27T11:15:32+00:00 |
| rhsa-2025:18155 | Red Hat Security Advisory: firefox security update | 2025-10-15T16:41:57+00:00 | 2025-11-21T19:29:04+00:00 |
| rhsa-2025:18150 | Red Hat Security Advisory: .NET 9.0 security update | 2025-10-15T16:34:50+00:00 | 2025-11-27T11:15:30+00:00 |
| rhsa-2025:18153 | Red Hat Security Advisory: .NET 9.0 security update | 2025-10-15T16:33:56+00:00 | 2025-11-27T11:15:33+00:00 |
| rhsa-2025:18152 | Red Hat Security Advisory: .NET 8.0 security update | 2025-10-15T16:18:27+00:00 | 2025-11-27T11:15:32+00:00 |
| rhsa-2025:18149 | Red Hat Security Advisory: .NET 8.0 security update | 2025-10-15T16:16:39+00:00 | 2025-11-27T11:15:29+00:00 |
| rhsa-2025:18154 | Red Hat Security Advisory: firefox security update | 2025-10-15T16:00:06+00:00 | 2025-11-21T19:29:03+00:00 |
| rhsa-2025:18148 | Red Hat Security Advisory: .NET 8.0 security update | 2025-10-15T15:58:41+00:00 | 2025-11-27T11:15:28+00:00 |
| rhsa-2025:18070 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-10-15T14:16:26+00:00 | 2025-11-21T19:28:58+00:00 |
| rhsa-2025:17657 | Red Hat Security Advisory: OpenShift Container Platform 4.18.26 bug fix and security update | 2025-10-15T14:07:50+00:00 | 2025-11-29T06:53:14+00:00 |
| rhsa-2025:18097 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-10-15T11:46:25+00:00 | 2025-11-21T19:28:59+00:00 |
| rhsa-2025:18098 | Red Hat Security Advisory: kernel-rt security update | 2025-10-15T11:39:50+00:00 | 2025-11-21T19:29:01+00:00 |
| rhsa-2025:18093 | Red Hat Security Advisory: Red Hat OpenShift GitOps v1.18.1 security update | 2025-10-15T10:27:05+00:00 | 2025-11-21T19:38:46+00:00 |
| rhsa-2025:18076 | Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10 for Quarkus 3.20 update is now available (RHBQ 3.20.3.GA) | 2025-10-15T09:14:18+00:00 | 2025-11-25T03:03:02+00:00 |
| rhsa-2025:17690 | Red Hat Security Advisory: OpenShift Container Platform 4.16.50 bug fix and security update | 2025-10-15T07:45:25+00:00 | 2025-11-29T06:53:17+00:00 |
| rhsa-2025:18054 | Red Hat Security Advisory: kernel security update | 2025-10-15T07:08:30+00:00 | 2025-11-21T19:28:57+00:00 |
| rhsa-2025:18043 | Red Hat Security Advisory: kernel security update | 2025-10-15T00:31:48+00:00 | 2025-11-21T19:28:57+00:00 |
| rhsa-2025:18028 | Red Hat Security Advisory: Red Hat Build of Apache Camel 4.10.7 for Spring Boot release. | 2025-10-14T17:59:03+00:00 | 2025-11-26T21:26:15+00:00 |
| rhsa-2025:17563 | Red Hat Security Advisory: Red Hat build of Quarkus 3.20.3 release and security update | 2025-10-14T13:01:32+00:00 | 2025-11-25T03:03:52+00:00 |
| rhsa-2025:17958 | Red Hat Security Advisory: kernel security update | 2025-10-14T08:39:21+00:00 | 2025-11-26T18:17:24+00:00 |
| rhsa-2025:17913 | Red Hat Security Advisory: vim security update | 2025-10-14T05:32:21+00:00 | 2025-11-24T21:04:18+00:00 |
| rhsa-2025:17896 | Red Hat Security Advisory: kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_117_1, kpatch-patch-5_14_0-284_134_1, kpatch-patch-5_14_0-284_79_1, and kpatch-patch-5_14_0-284_92_1 security update | 2025-10-14T00:35:21+00:00 | 2025-11-21T19:28:56+00:00 |
| rhsa-2025:17807 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-10-13T18:21:40+00:00 | 2025-11-21T19:28:53+00:00 |
| rhsa-2025:17812 | Red Hat Security Advisory: kernel-rt security update | 2025-10-13T18:15:30+00:00 | 2025-11-21T19:28:53+00:00 |
| rhsa-2025:17802 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-10-13T13:24:14+00:00 | 2025-11-21T19:28:52+00:00 |
| rhsa-2025:17797 | Red Hat Security Advisory: kernel security update | 2025-10-13T11:51:59+00:00 | 2025-11-21T19:28:51+00:00 |
| rhsa-2025:17776 | Red Hat Security Advisory: kernel security update | 2025-10-13T09:10:44+00:00 | 2025-11-26T16:45:12+00:00 |
| rhsa-2025:17760 | Red Hat Security Advisory: kernel security update | 2025-10-13T04:28:03+00:00 | 2025-11-25T21:27:20+00:00 |
| rhsa-2025:17742 | Red Hat Security Advisory: vim security update | 2025-10-13T02:18:48+00:00 | 2025-11-24T21:04:17+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2025-8677 | Resource exhaustion via malformed DNSKEY handling | 2025-10-02T00:00:00.000Z | 2025-11-25T01:38:30.000Z |
| msrc_cve-2025-8291 | ZIP64 End of Central Directory (EOCD) Locator record offset not checked | 2025-10-02T00:00:00.000Z | 2025-10-10T01:02:05.000Z |
| msrc_cve-2025-62813 | LZ4 through 1.10.0 allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact when the application processes untrusted LZ4 frames. For example, LZ4F_createCDict_advanced in lib/lz4frame.c mishandles NULL checks. | 2025-10-02T00:00:00.000Z | 2025-10-24T01:02:42.000Z |
| msrc_cve-2025-62518 | astral-tokio-tar Vulnerable to PAX Header Desynchronization | 2025-10-02T00:00:00.000Z | 2025-10-25T14:01:53.000Z |
| msrc_cve-2025-62231 | Xorg: xmayland: value overflow in xkbsetcompatmap() | 2025-10-02T00:00:00.000Z | 2025-12-24T01:02:28.000Z |
| msrc_cve-2025-62230 | Xorg: xwayland: use-after-free in xkb client resource removal | 2025-10-02T00:00:00.000Z | 2025-12-24T01:02:33.000Z |
| msrc_cve-2025-62229 | Xorg: xmayland: use-after-free in xpresentnotify structure creation | 2025-10-02T00:00:00.000Z | 2025-12-24T01:02:23.000Z |
| msrc_cve-2025-62168 | Squid vulnerable to information disclosure via authentication credential leakage in error handling | 2025-10-02T00:00:00.000Z | 2025-10-19T01:01:13.000Z |
| msrc_cve-2025-61985 | ssh in OpenSSH before 10.1 allows the '\0' character in an ssh:// URI, potentially leading to code execution when a ProxyCommand is used. | 2025-10-02T00:00:00.000Z | 2025-10-08T01:02:00.000Z |
| msrc_cve-2025-61984 | ssh in OpenSSH before 10.1 allows control characters in usernames that originate from certain possibly untrusted sources, potentially leading to code execution when a ProxyCommand is used. The untrusted sources are the command line and %-sequence expansion of a configuration file. (A configuration file that provides a complete literal username is not categorized as an untrusted source.) | 2025-10-02T00:00:00.000Z | 2025-10-08T01:02:05.000Z |
| msrc_cve-2025-61725 | Excessive CPU consumption in ParseAddress in net/mail | 2025-10-02T00:00:00.000Z | 2025-12-13T01:37:56.000Z |
| msrc_cve-2025-61724 | Excessive CPU consumption in Reader.ReadResponse in net/textproto | 2025-10-02T00:00:00.000Z | 2025-12-13T01:37:27.000Z |
| msrc_cve-2025-61723 | Quadratic complexity when parsing some invalid inputs in encoding/pem | 2025-10-02T00:00:00.000Z | 2025-12-13T01:37:37.000Z |
| msrc_cve-2025-61107 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LSA Update packet. | 2025-10-02T00:00:00.000Z | 2025-10-31T01:11:07.000Z |
| msrc_cve-2025-61106 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_pref_pref_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. | 2025-10-02T00:00:00.000Z | 2025-10-31T01:10:59.000Z |
| msrc_cve-2025-61105 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_link_info function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. | 2025-10-02T00:00:00.000Z | 2025-10-31T01:11:21.000Z |
| msrc_cve-2025-61104 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_unknown_tlv function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. | 2025-10-02T00:00:00.000Z | 2025-11-02T01:02:44.000Z |
| msrc_cve-2025-61103 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_lan_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. | 2025-10-02T00:00:00.000Z | 2025-10-31T01:10:51.000Z |
| msrc_cve-2025-61102 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. | 2025-10-02T00:00:00.000Z | 2025-10-31T01:11:15.000Z |
| msrc_cve-2025-61101 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. | 2025-10-02T00:00:00.000Z | 2025-11-02T01:02:28.000Z |
| msrc_cve-2025-61100 | FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions. | 2025-10-02T00:00:00.000Z | 2025-11-02T01:02:36.000Z |
| msrc_cve-2025-61099 | FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the opaque_info_detail function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted LS Update packet. | 2025-10-02T00:00:00.000Z | 2025-11-05T01:01:58.000Z |
| msrc_cve-2025-6075 | Quadratic complexity in os.path.expandvars() with user-controlled template | 2025-10-02T00:00:00.000Z | 2025-12-07T01:46:03.000Z |
| msrc_cve-2025-59530 | quic-go has Client Crash Due to Premature HANDSHAKE_DONE Frame | 2025-10-02T00:00:00.000Z | 2025-10-25T14:01:47.000Z |
| msrc_cve-2025-58189 | ALPN negotiation error contains attacker controlled information in crypto/tls | 2025-10-02T00:00:00.000Z | 2025-10-31T01:09:20.000Z |
| msrc_cve-2025-58188 | Panic when validating certificates with DSA public keys in crypto/x509 | 2025-10-02T00:00:00.000Z | 2025-12-13T01:37:47.000Z |
| msrc_cve-2025-58187 | Quadratic complexity when checking name constraints in crypto/x509 | 2025-10-02T00:00:00.000Z | 2025-12-13T01:37:32.000Z |
| msrc_cve-2025-58186 | Lack of limit when parsing cookies can cause memory exhaustion in net/http | 2025-10-02T00:00:00.000Z | 2025-12-13T01:37:22.000Z |
| msrc_cve-2025-58185 | Parsing DER payload can cause memory exhaustion in encoding/asn1 | 2025-10-02T00:00:00.000Z | 2025-12-13T01:37:42.000Z |
| msrc_cve-2025-58183 | Unbounded allocation when parsing GNU sparse map in archive/tar | 2025-10-02T00:00:00.000Z | 2025-12-13T01:37:17.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2023-002002 | Multiple vulnerabilities in Contec CONPROSYS HMI System (CHS) | 2023-06-01T13:48+09:00 | 2024-03-19T18:13+09:00 |
| jvndb-2023-000058 | Pleasanter vulnerable to cross-site scripting | 2023-05-31T15:34+09:00 | 2024-03-19T18:17+09:00 |
| jvndb-2023-000052 | DataSpider Servista uses a hard-coded cryptographic key | 2023-05-31T15:34+09:00 | 2024-03-19T17:44+09:00 |
| jvndb-2023-000056 | Starlette vulnerable to directory traversal | 2023-05-30T13:34+09:00 | 2024-03-19T18:08+09:00 |
| jvndb-2023-000055 | ESS REC Agent Server Edition for Linux etc. vulnerable to directory traversal | 2023-05-26T13:58+09:00 | 2024-03-21T17:15+09:00 |
| jvndb-2023-000054 | Wacom Tablet Driver installer for macOS vulnerable to improper link resolution before file access | 2023-05-25T13:40+09:00 | 2023-05-25T13:40+09:00 |
| jvndb-2023-001926 | Cross-site Scripting Vulnerability in Hitachi Ops Center Analyzer | 2023-05-24T11:40+09:00 | 2024-05-24T17:01+09:00 |
| jvndb-2023-000053 | Tornado vulnerable to open redirect | 2023-05-22T13:30+09:00 | 2024-03-21T17:05+09:00 |
| jvndb-2023-001894 | Android App "Brother iPrint&Scan" vulnerable to improper access control | 2023-05-19T15:40+09:00 | 2023-05-19T15:40+09:00 |
| jvndb-2023-000051 | Multiple vulnerabilities in T&D and ESPEC MIC data logger products | 2023-05-19T15:21+09:00 | 2024-05-23T17:03+09:00 |
| jvndb-2023-000026 | Qrio Smart Lock Q-SL2 vulnerable to authentication bypass by capture-replay | 2023-05-18T14:13+09:00 | 2024-05-23T17:18+09:00 |
| jvndb-2023-001852 | OS command injection vulnerability in Inaba Denki Sangyo Wi-Fi AP UNIT | 2023-05-17T15:09+09:00 | 2023-05-17T15:09+09:00 |
| jvndb-2023-000050 | Multiple vulnerabilities in WordPress Plugin "MW WP Form" and "Snow Monkey Forms" | 2023-05-15T14:29+09:00 | 2024-05-29T16:27+09:00 |
| jvndb-2023-000049 | Multiple vulnerabilities in Cybozu Garoon | 2023-05-15T14:29+09:00 | 2024-05-24T15:26+09:00 |
| jvndb-2023-000047 | Beekeeper Studio vulnerable to code injection | 2023-05-12T16:42+09:00 | 2024-05-24T16:17+09:00 |
| jvndb-2023-000043 | Multiple vulnerabilities in MicroEngine Mailform | 2023-05-10T13:57+09:00 | 2024-05-24T17:07+09:00 |
| jvndb-2023-001774 | Multiple vulnerabilities in SolarView Compact | 2023-05-09T16:09+09:00 | 2024-06-27T13:30+09:00 |
| jvndb-2023-000045 | WordPress Plugin "VK Blocks" and "VK All in One Expansion Unit" vulnerable to cross-site scripting | 2023-05-09T15:14+09:00 | 2024-05-24T17:05+09:00 |
| jvndb-2023-000042 | WordPress Plugin "Newsletter" vulnerable to cross-site scripting | 2023-05-09T14:42+09:00 | 2024-06-13T16:14+09:00 |
| jvndb-2023-000046 | SR-7100VN vulnerable to privilege escalation | 2023-05-09T13:58+09:00 | 2024-05-24T16:13+09:00 |
| jvndb-2023-000041 | LINE WORKS Drive Explorer vulnerable to code injection | 2023-05-08T15:16+09:00 | 2024-05-23T17:03+09:00 |
| jvndb-2023-000044 | JINS MEME CORE uses a hard-coded cryptographic key | 2023-05-08T15:13+09:00 | 2024-06-13T16:19+09:00 |
| jvndb-2023-001639 | Heap-based buffer overflow vulnerability in OMRON CX-Drive | 2023-04-25T14:31+09:00 | 2024-05-27T18:11+09:00 |
| jvndb-2023-000040 | WordPress Plugin "Appointment and Event Booking Calendar for WordPress - Amelia" vulnerable to cross-site scripting | 2023-04-24T13:41+09:00 | 2024-05-28T16:59+09:00 |
| jvndb-2023-000035 | Improper restriction of XML external entity references (XXE) in Shinseiyo Sogo Soft | 2023-04-19T14:49+09:00 | 2024-05-29T16:58+09:00 |
| jvndb-2023-000039 | WordPress plugin "LIQUID SPEECH BALLOON" vulnerable to cross-site request forgery | 2023-04-19T14:24+09:00 | 2024-05-28T16:56+09:00 |
| jvndb-2023-000038 | EC-CUBE plugin "NEXT ENGINE Integration Plugin (for EC-CUBE 2.0 series)" vulnerable to authentication bypass | 2023-04-19T14:06+09:00 | 2024-05-30T15:11+09:00 |
| jvndb-2023-001534 | Security Issues in FINS protocol | 2023-04-18T13:58+09:00 | 2024-05-23T17:35+09:00 |
| jvndb-2023-000037 | Joruri Gw vulnerable to cross-site scripting | 2023-04-17T14:19+09:00 | 2024-05-30T16:19+09:00 |
| jvndb-2023-000036 | API server of TONE Family vulnerable to authentication bypass using an alternate path | 2023-04-17T14:04+09:00 | 2023-04-17T14:04+09:00 |
| ID | Description | Updated |
|---|