Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-m84v-87w9-mgjq | A vulnerability was determined in JeecgBoot up to 3.9.0. This affects an unknown function of the fi… | 2025-12-28T09:30:27Z | 2025-12-28T09:30:27Z |
| ghsa-hq3q-62v8-pp48 | A vulnerability was detected in ZKTeco BioTime up to 9.0.3/9.0.4/9.5.2. This affects an unknown par… | 2025-12-28T09:30:27Z | 2025-12-28T09:30:27Z |
| ghsa-6px8-5r5j-c9f2 | A vulnerability was identified in JeecgBoot up to 3.9.0. This impacts the function getParameterMap … | 2025-12-28T09:30:27Z | 2025-12-28T09:30:27Z |
| ghsa-2cqx-6pqq-j99h | A security vulnerability has been detected in FantasticLBP Hotels_Server up to 67b44df162fab26df209… | 2025-12-28T09:30:27Z | 2025-12-28T09:30:27Z |
| ghsa-jcpx-68wr-v54v | A flaw has been found in JeecgBoot up to 3.9.0. Impacted is the function getDeptRoleList of the fil… | 2025-12-28T06:31:32Z | 2025-12-28T06:31:32Z |
| ghsa-gv85-863m-74jv | A vulnerability has been found in JeecgBoot up to 3.9.0. The affected element is the function getDe… | 2025-12-28T06:31:32Z | 2025-12-28T06:31:32Z |
| ghsa-35f9-r8q8-pqf5 | A vulnerability was found in JeecgBoot up to 3.9.0. The impacted element is the function loadDataru… | 2025-12-28T06:31:32Z | 2025-12-28T06:31:32Z |
| ghsa-m8rq-9x47-wwr7 | A security vulnerability has been detected in macrozheng mall up to 1.0.3. This vulnerability affec… | 2025-12-28T06:31:31Z | 2025-12-28T06:31:31Z |
| ghsa-6wrf-f8cg-6rh5 | A vulnerability was detected in JeecgBoot up to 3.9.0. This issue affects the function queryPageLis… | 2025-12-28T06:31:31Z | 2025-12-28T06:31:31Z |
| ghsa-wgfq-49px-5cwg | A security flaw has been discovered in OpenCart up to 4.1.0.3. Affected by this issue is some unkno… | 2025-12-28T03:30:12Z | 2025-12-28T03:30:12Z |
| ghsa-9786-pc79-p3v7 | A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectIn… | 2025-12-28T03:30:12Z | 2025-12-28T03:30:12Z |
| ghsa-w789-3q45-984r | In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can… | 2025-12-28T00:30:23Z | 2025-12-28T00:30:23Z |
| ghsa-w2jm-qqhw-c9px | A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affect… | 2025-12-27T21:30:12Z | 2025-12-27T21:30:12Z |
| ghsa-f342-w736-j52r | A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an… | 2025-12-27T21:30:12Z | 2025-12-27T21:30:12Z |
| ghsa-hj3q-q387-m5hr | A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. Thi… | 2025-12-27T18:30:26Z | 2025-12-27T18:30:26Z |
| ghsa-43h9-hc38-qph5 | SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key | 2025-12-27T15:30:17Z | 2025-12-29T20:36:20Z |
| ghsa-2qm6-vprh-vgfc | Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code … | 2025-12-27T15:30:16Z | 2025-12-27T15:30:17Z |
| ghsa-72f9-ghc4-fpv2 | A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function… | 2025-12-27T12:30:12Z | 2025-12-27T12:30:12Z |
| ghsa-9m78-g4jr-6549 | A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function… | 2025-12-27T09:30:27Z | 2025-12-27T09:30:27Z |
| ghsa-rcfx-77hg-w2wv | FastMCP updated to MCP 1.23+ due to CVE-2025-66416 | 2025-12-26T23:20:50Z | 2025-12-26T23:20:50Z |
| ghsa-9fjq-45qv-pcm7 | ruint affected by unsoundness of safe `reciprocal_mg10` | 2025-12-26T18:55:53Z | 2025-12-26T18:55:53Z |
| ghsa-xq7p-3jhh-cr76 | Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-00… | 2025-12-26T18:30:27Z | 2025-12-26T18:30:27Z |
| ghsa-qxv4-g9hq-r87f | Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbook… | 2025-12-26T18:30:27Z | 2025-12-26T21:30:21Z |
| ghsa-g5p6-3j82-xfm4 | Croogo CMS has a path traversal vulnerability | 2025-12-26T18:30:27Z | 2025-12-26T23:21:14Z |
| ghsa-8mv8-wmgc-7crw | Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmwa… | 2025-12-26T18:30:27Z | 2025-12-26T18:30:27Z |
| ghsa-8cpr-48rw-5rrc | Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged a… | 2025-12-26T18:30:27Z | 2025-12-26T18:30:27Z |
| ghsa-x2hf-qg23-rjpx | An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute … | 2025-12-26T18:30:26Z | 2025-12-26T18:30:26Z |
| ghsa-98p6-cqhp-8c8x | Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is proce… | 2025-12-26T18:30:26Z | 2025-12-26T18:30:27Z |
| ghsa-8qx7-g43x-4mhm | An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sens… | 2025-12-26T18:30:26Z | 2025-12-26T18:30:26Z |
| ghsa-6vj3-p34w-xxjp | apidoc-core has a prototype pollution vulnerability | 2025-12-26T18:30:26Z | 2025-12-26T19:50:17Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-15131 | ZSPACE Z4Pro+ HTTP POST Request status zfilev2_api_Saf… |
ZSPACE |
Z4Pro+ |
2025-12-28T10:02:06.337Z | 2025-12-29T18:01:13.797Z | |
| cve-2025-15130 | shanyu SyCms Administrative Panel FileManageController… |
shanyu |
SyCms |
2025-12-28T09:32:10.325Z | 2025-12-29T18:01:53.351Z | |
| cve-2025-15129 | ChenJinchuang Lin-CMS-TP5 File Upload LocalUploader.ph… |
ChenJinchuang |
Lin-CMS-TP5 |
2025-12-28T09:02:10.127Z | 2025-12-29T18:55:29.222Z | |
| cve-2025-15128 | ZKTeco BioTime Endpoint safe_setting credentials storage |
ZKTeco |
BioTime |
2025-12-28T08:32:10.069Z | 2025-12-29T16:06:03.528Z | |
| cve-2025-15127 | FantasticLBP Hotels_Server Room.php sql injection |
FantasticLBP |
Hotels_Server |
2025-12-28T08:02:06.225Z | 2025-12-29T16:02:17.068Z | |
| cve-2025-15126 | JeecgBoot getPositionUserList improper authorization |
n/a |
JeecgBoot |
2025-12-28T07:32:06.264Z | 2025-12-29T16:03:06.162Z | |
| cve-2025-15125 | JeecgBoot queryDepartPermission improper authorization |
n/a |
JeecgBoot |
2025-12-28T07:02:06.680Z | 2025-12-29T16:03:49.238Z | |
| cve-2025-15124 | JeecgBoot list getParameterMap improper authorization |
n/a |
JeecgBoot |
2025-12-28T06:32:06.920Z | 2025-12-29T16:04:32.586Z | |
| cve-2025-15123 | JeecgBoot datarule improper authorization |
n/a |
JeecgBoot |
2025-12-28T06:02:05.781Z | 2025-12-29T16:05:08.309Z | |
| cve-2025-15122 | JeecgBoot datarule loadDatarule improper authorization |
n/a |
JeecgBoot |
2025-12-28T05:02:05.798Z | 2025-12-29T16:42:57.874Z | |
| cve-2025-15121 | JeecgBoot getDeptRoleByUserId information disclosure |
n/a |
JeecgBoot |
2025-12-28T04:32:06.152Z | 2025-12-29T16:41:44.256Z | |
| cve-2025-15120 | JeecgBoot getDeptRoleList improper authorization |
n/a |
JeecgBoot |
2025-12-28T04:02:06.291Z | 2025-12-29T16:40:55.481Z | |
| cve-2025-15119 | JeecgBoot list queryPageList improper authorization |
n/a |
JeecgBoot |
2025-12-28T03:32:06.719Z | 2025-12-29T19:04:57.949Z | |
| cve-2025-15118 | macrozheng mall Member Endpoint update improper author… |
macrozheng |
mall |
2025-12-28T03:02:05.540Z | 2025-12-29T16:40:10.112Z | |
| cve-2025-15117 | Dromara Sa-Token SaJdkSerializer.java ObjectInputStrea… |
Dromara |
Sa-Token |
2025-12-28T02:32:05.652Z | 2025-12-29T16:39:15.402Z | |
| cve-2025-15116 | OpenCart Single-Use Coupon race condition |
n/a |
OpenCart |
2025-12-28T02:02:06.876Z | 2025-12-29T16:38:27.409Z | |
| cve-2025-68972 | 5.9 (v3.1) | In GnuPG through 2.4.8, if a signed message has \… |
GnuPG |
GnuPG |
2025-12-27T22:52:30.957Z | 2025-12-29T16:51:02.621Z |
| cve-2025-15110 | jackq XCMS Backend ProductImageController.class.php up… |
jackq |
XCMS |
2025-12-27T20:02:09.663Z | 2025-12-29T16:51:10.398Z | |
| cve-2025-14177 | 6.3 (v4.0) | Information Leak of Memory in getimagesize |
PHP Group |
PHP |
2025-12-27T19:33:23.973Z | 2025-12-29T16:01:36.231Z |
| cve-2025-14178 | 6.5 (v3.1) | Heap buffer overflow in array_merge() |
PHP Group |
PHP |
2025-12-27T19:27:41.691Z | 2025-12-29T16:01:02.639Z |
| cve-2025-14180 | 8.2 (v4.0) | NULL Pointer Dereference in PDO quoting |
PHP Group |
PHP |
2025-12-27T19:21:20.768Z | 2025-12-29T16:00:11.239Z |
| cve-2025-15109 | jackq XCMS upload.php unrestricted upload |
jackq |
XCMS |
2025-12-27T18:32:08.961Z | 2025-12-29T15:59:07.141Z | |
| cve-2025-15108 | PandaXGO PandaX JWT Secret config.yml hard-coded key |
PandaXGO |
PandaX |
2025-12-27T16:32:05.829Z | 2025-12-29T15:58:13.566Z | |
| cve-2025-15107 | actiontech sqle JWT Secret jwt.go hard-coded key |
actiontech |
sqle |
2025-12-27T12:32:06.081Z | 2025-12-29T15:57:28.455Z | |
| cve-2025-15106 | getmaxun Authentication Endpoint auth.ts router.get im… |
getmaxun |
maxun |
2025-12-27T10:32:05.218Z | 2025-12-29T15:56:17.889Z | |
| cve-2025-15105 | getmaxun auth.ts hard-coded key |
getmaxun |
maxun |
2025-12-27T09:02:06.124Z | 2025-12-29T15:55:05.915Z | |
| cve-2025-59946 | NanoMQ has a Use After Free vulnerability via sub info list |
nanomq |
nanomq |
2025-12-27T00:40:51.122Z | 2025-12-29T15:54:27.851Z | |
| cve-2025-68952 | 1-click Remote Code Execution (RCE) vulnerability in Eigent |
eigent-ai |
eigent |
2025-12-27T00:37:08.917Z | 2025-12-29T15:53:36.804Z | |
| cve-2025-68948 | SiYuan: Information Disclosure and Authentication Bypa… |
siyuan-note |
siyuan |
2025-12-27T00:21:31.864Z | 2025-12-29T16:51:19.102Z | |
| cve-2025-68927 | Improper Neutralization of HTML Tags in a Web Page in… |
abhinavxd |
libredesk |
2025-12-27T00:04:49.621Z | 2025-12-29T16:51:24.522Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-15154 | PbootCMS Header handle.php get_user_ip less trusted source |
n/a |
PbootCMS |
2025-12-28T21:02:07.992Z | 2025-12-29T14:48:02.795Z | |
| cve-2025-15153 | PbootCMS SQLite Database pbootcms.db file access |
n/a |
PbootCMS |
2025-12-28T20:32:07.587Z | 2025-12-29T14:55:49.904Z | |
| cve-2025-15152 | h-moses moga-mall PmsProductController.java addProduct… |
h-moses |
moga-mall |
2025-12-28T20:02:08.188Z | 2025-12-29T15:50:24.977Z | |
| cve-2025-15151 | TaleLin Lin-CMS Tests Folder config.py password in con… |
TaleLin |
Lin-CMS |
2025-12-28T19:32:05.944Z | 2025-12-29T15:52:38.176Z | |
| cve-2025-15150 | PX4 PX4-Autopilot mavlink_log_handler.cpp log_entry_fr… |
PX4 |
PX4-Autopilot |
2025-12-28T19:02:07.960Z | 2025-12-29T16:08:11.074Z | |
| cve-2025-15149 | rawchen ecms Add New Product updateProductServlet.java… |
rawchen |
ecms |
2025-12-28T18:32:06.054Z | 2025-12-29T21:17:12.684Z | |
| cve-2025-15148 | CmsEasy Backend Template Management template_admin.php… |
n/a |
CmsEasy |
2025-12-28T18:02:08.178Z | 2025-12-29T21:22:26.770Z | |
| cve-2025-15146 | SohuTV CacheCloud UserManageController.java doUserList… |
SohuTV |
CacheCloud |
2025-12-28T17:32:06.551Z | 2025-12-29T21:25:59.423Z | |
| cve-2025-68973 | 7.8 (v3.1) | In GnuPG through 2.4.8, armor_filter in g10/armor… |
GnuPG |
GnuPG |
2025-12-28T16:19:11.019Z | 2025-12-29T19:03:39.496Z |
| cve-2025-15145 | SohuTV CacheCloud TotalManageController.java doTotalLi… |
SohuTV |
CacheCloud |
2025-12-28T17:02:05.970Z | 2025-12-29T21:26:55.456Z | |
| cve-2025-15144 | dayrui XunRuiCMS JSONP Callback Init.php dr_exit_msg c… |
dayrui |
XunRuiCMS |
2025-12-28T16:32:07.116Z | 2025-12-29T21:27:18.449Z | |
| cve-2025-15143 | EyouCMS Backend Template Management FilemanagerLogic.p… |
n/a |
EyouCMS |
2025-12-28T16:02:08.347Z | 2025-12-29T16:24:22.854Z | |
| cve-2025-15142 | 9786 phpok3w show.php sql injection |
9786 |
phpok3w |
2025-12-28T15:32:12.734Z | 2025-12-29T16:26:52.591Z | |
| cve-2025-15141 | Halo Configuration actuator information disclosure |
n/a |
Halo |
2025-12-28T15:02:05.484Z | 2025-12-29T16:30:18.082Z | |
| cve-2025-15140 | saiftheboss7 onlinemcqexam quesadd.php sql injection |
saiftheboss7 |
onlinemcqexam |
2025-12-28T14:32:06.750Z | 2025-12-29T16:07:22.328Z | |
| cve-2025-15139 | TRENDnet TEW-822DRE formWsc sub_43ACF4 command injection |
TRENDnet |
TEW-822DRE |
2025-12-28T14:02:07.407Z | 2025-12-29T16:06:45.224Z | |
| cve-2025-15138 | prasathmani TinyFileManager tinyfilemanager.php path t… |
prasathmani |
TinyFileManager |
2025-12-28T13:32:08.843Z | 2025-12-29T16:40:10.063Z | |
| cve-2025-15137 | TRENDnet TEW-800MB NTPSyncWithHost.cgi sub_F934 comma… |
TRENDnet |
TEW-800MB |
2025-12-28T13:02:05.931Z | 2025-12-29T17:19:47.335Z | |
| cve-2025-15136 | TRENDnet TEW-800MB Management wizardset do_setWizard_a… |
TRENDnet |
TEW-800MB |
2025-12-28T12:32:06.349Z | 2025-12-29T17:20:27.000Z | |
| cve-2025-15135 | joey-zhou xiaozhi-esp32-server-java Cookie Authenticat… |
joey-zhou |
xiaozhi-esp32-server-java |
2025-12-28T12:02:07.346Z | 2025-12-29T17:58:51.665Z | |
| cve-2025-15134 | yourmaileyes MOOC Submission MainController.java subre… |
yourmaileyes |
MOOC |
2025-12-28T11:32:05.791Z | 2025-12-29T17:59:32.211Z | |
| cve-2025-15133 | ZSPACE Z4Pro+ HTTP POST Request close zfilev2_api_Clos… |
ZSPACE |
Z4Pro+ |
2025-12-28T11:02:10.256Z | 2025-12-29T18:00:13.048Z | |
| cve-2025-15132 | ZSPACE Z4Pro+ HTTP POST Request open zfilev2_api_open … |
ZSPACE |
Z4Pro+ |
2025-12-28T10:32:05.208Z | 2025-12-29T18:00:46.951Z | |
| cve-2025-15131 | ZSPACE Z4Pro+ HTTP POST Request status zfilev2_api_Saf… |
ZSPACE |
Z4Pro+ |
2025-12-28T10:02:06.337Z | 2025-12-29T18:01:13.797Z | |
| cve-2025-15130 | shanyu SyCms Administrative Panel FileManageController… |
shanyu |
SyCms |
2025-12-28T09:32:10.325Z | 2025-12-29T18:01:53.351Z | |
| cve-2025-15129 | ChenJinchuang Lin-CMS-TP5 File Upload LocalUploader.ph… |
ChenJinchuang |
Lin-CMS-TP5 |
2025-12-28T09:02:10.127Z | 2025-12-29T18:55:29.222Z | |
| cve-2025-15128 | ZKTeco BioTime Endpoint safe_setting credentials storage |
ZKTeco |
BioTime |
2025-12-28T08:32:10.069Z | 2025-12-29T16:06:03.528Z | |
| cve-2025-15127 | FantasticLBP Hotels_Server Room.php sql injection |
FantasticLBP |
Hotels_Server |
2025-12-28T08:02:06.225Z | 2025-12-29T16:02:17.068Z | |
| cve-2025-15126 | JeecgBoot getPositionUserList improper authorization |
n/a |
JeecgBoot |
2025-12-28T07:32:06.264Z | 2025-12-29T16:03:06.162Z | |
| cve-2025-15125 | JeecgBoot queryDepartPermission improper authorization |
n/a |
JeecgBoot |
2025-12-28T07:02:06.680Z | 2025-12-29T16:03:49.238Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-192489 | Malicious code in elf-stats-cosy-chimney-268 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192488 | Malicious code in elf-stats-cocoa-pinecone-118 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T19:09:02Z |
| mal-2025-192487 | Malicious code in elf-stats-cheery-sparkler-521 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T17:09:49Z |
| mal-2025-192486 | Malicious code in elf-stats-cheery-sleigh-538 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T17:09:49Z |
| mal-2025-192485 | Malicious code in elf-stats-cheery-northstar-345 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192484 | Malicious code in elf-stats-cheery-muffin-949 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T17:09:49Z |
| mal-2025-192483 | Malicious code in elf-stats-caroling-workshop-885 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T17:09:49Z |
| mal-2025-192482 | Malicious code in elf-stats-caroling-sparkler-130 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192481 | Malicious code in elf-stats-caroling-sled-530 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T17:09:49Z |
| mal-2025-192480 | Malicious code in elf-stats-caroling-hammer-382 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T16:45:01Z |
| mal-2025-192479 | Malicious code in elf-stats-caroling-bow-570 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192478 | Malicious code in elf-stats-candystriped-workbench-865 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T16:45:01Z |
| mal-2025-192477 | Malicious code in elf-stats-candystriped-star-592 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T16:45:01Z |
| mal-2025-192476 | Malicious code in elf-stats-candystriped-muffin-773 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192475 | Malicious code in elf-stats-candystriped-cookiejar-799 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T16:45:01Z |
| mal-2025-192474 | Malicious code in elf-stats-candystriped-bauble-740 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T16:45:01Z |
| mal-2025-192473 | Malicious code in elf-stats-candlelit-train-228 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192472 | Malicious code in elf-stats-candlelit-nutcracker-184 (npm) | 2025-12-11T19:46:09Z | 2025-12-15T05:25:54Z |
| mal-2025-192471 | Malicious code in elf-stats-aurora-sparkler-752 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192470 | Malicious code in elf-stats-aurora-sleigh-694 (npm) | 2025-12-11T19:46:09Z | 2025-12-16T09:26:26Z |
| mal-2025-192469 | Malicious code in elf-stats (npm) | 2025-12-11T19:46:09Z | 2025-12-19T09:25:43Z |
| mal-2025-192468 | Malicious code in yzip (PyPI) | 2025-12-11T15:53:42Z | 2025-12-11T17:12:54Z |
| mal-2025-192543 | Malicious code in mw-proto-ts (npm) | 2025-12-11T12:17:38Z | 2025-12-23T19:24:03Z |
| mal-2025-192541 | Malicious code in mui-wrapper-icons (npm) | 2025-12-11T12:17:23Z | 2025-12-23T19:24:03Z |
| mal-2025-192542 | Malicious code in mui-wrapper-styles (npm) | 2025-12-11T12:15:41Z | 2025-12-23T19:24:03Z |
| mal-0000-ossf-package-analysis-ba19fbf2e13483ed | Malicious code in @cheqplease/structured-logger (npm) | 2025-12-11T07:37:23Z | 2025-12-11T07:37:23Z |
| mal-0000-ossf-package-analysis-c6ef1fa05f2ae34a | Malicious code in @cheqplease/structured-logger (npm) | 2025-12-11T05:38:58Z | 2025-12-11T05:38:58Z |
| mal-2025-192466 | Malicious code in tnaxmlparserctf (npm) | 2025-12-11T01:47:51Z | 2025-12-11T01:47:51Z |
| mal-2025-192465 | Malicious code in tnaparserxml (npm) | 2025-12-11T01:47:51Z | 2025-12-19T09:25:46Z |
| mal-2025-192464 | Malicious code in ofjaaah12 (npm) | 2025-12-11T01:47:51Z | 2025-12-19T09:25:45Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:17743 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-10-13T01:47:33+00:00 | 2025-11-21T19:28:50+00:00 |
| rhsa-2025:17741 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-10-13T01:44:23+00:00 | 2025-11-21T19:28:49+00:00 |
| rhsa-2025:17739 | Red Hat Security Advisory: compat-libtiff3 security update | 2025-10-13T01:25:23+00:00 | 2025-11-24T21:04:17+00:00 |
| rhsa-2025:17740 | Red Hat Security Advisory: compat-libtiff3 security update | 2025-10-13T01:21:38+00:00 | 2025-11-24T21:04:17+00:00 |
| rhsa-2025:17738 | Red Hat Security Advisory: compat-libtiff3 security update | 2025-10-13T01:20:48+00:00 | 2025-11-24T21:04:16+00:00 |
| rhsa-2025:17734 | Red Hat Security Advisory: kernel security update | 2025-10-13T00:28:33+00:00 | 2025-11-21T19:28:47+00:00 |
| rhsa-2025:17735 | Red Hat Security Advisory: kernel-rt security update | 2025-10-13T00:15:58+00:00 | 2025-11-21T19:28:52+00:00 |
| rhsa-2025:17733 | Red Hat Security Advisory: kernel security update | 2025-10-10T19:52:47+00:00 | 2025-11-21T19:28:48+00:00 |
| rhsa-2025:17715 | Red Hat Security Advisory: vim security update | 2025-10-09T19:23:45+00:00 | 2025-11-24T21:04:20+00:00 |
| rhsa-2025:17710 | Red Hat Security Advisory: compat-libtiff3 security update | 2025-10-09T18:49:10+00:00 | 2025-11-24T21:04:15+00:00 |
| rhsa-2025:17731 | Red Hat Security Advisory: Red Hat OpenShift GitOps v1.17.2 security update | 2025-10-09T18:48:05+00:00 | 2025-11-26T15:51:03+00:00 |
| rhsa-2025:17730 | Red Hat Security Advisory: Red Hat OpenShift GitOps v1.16.4 security update | 2025-10-09T18:47:06+00:00 | 2025-11-26T15:51:03+00:00 |
| rhsa-2025:17693 | Red Hat Security Advisory: Satellite 6 Client Bug Fix Update | 2025-10-09T17:21:09+00:00 | 2025-11-21T19:28:46+00:00 |
| rhsa-2025:17675 | Red Hat Security Advisory: compat-libtiff3 security update | 2025-10-09T10:52:59+00:00 | 2025-11-24T21:04:15+00:00 |
| rhsa-2025:17649 | Red Hat Security Advisory: ipa security update | 2025-10-09T08:21:24+00:00 | 2025-11-21T19:28:43+00:00 |
| rhsa-2025:17646 | Red Hat Security Advisory: idm:client security update | 2025-10-09T08:21:24+00:00 | 2025-11-21T19:28:42+00:00 |
| rhsa-2025:17645 | Red Hat Security Advisory: idm:client security update | 2025-10-09T08:15:54+00:00 | 2025-11-21T19:28:41+00:00 |
| rhsa-2025:17651 | Red Hat Security Advisory: compat-libtiff3 security update | 2025-10-09T08:09:38+00:00 | 2025-11-24T21:04:15+00:00 |
| rhsa-2025:17648 | Red Hat Security Advisory: idm:DL1 security update | 2025-10-09T08:04:24+00:00 | 2025-11-21T19:28:43+00:00 |
| rhsa-2025:17647 | Red Hat Security Advisory: idm:DL1 security update | 2025-10-09T08:04:24+00:00 | 2025-11-21T19:28:42+00:00 |
| rhsa-2025:17644 | Red Hat Security Advisory: vim security update | 2025-10-09T07:19:29+00:00 | 2025-11-24T21:04:14+00:00 |
| rhsa-2025:17643 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-10-09T06:01:13+00:00 | 2025-11-21T19:28:41+00:00 |
| rhsa-2025:17614 | Red Hat Security Advisory: Satellite 6.15.5.5 Async Update | 2025-10-08T19:26:12+00:00 | 2025-11-21T19:28:40+00:00 |
| rhsa-2025:17613 | Red Hat Security Advisory: Satellite 6.16.5.4 Async Update | 2025-10-08T19:24:37+00:00 | 2025-11-21T19:28:40+00:00 |
| rhsa-2025:17606 | Red Hat Security Advisory: Satellite 6.17.5 Async Update | 2025-10-08T19:06:17+00:00 | 2025-11-21T19:28:40+00:00 |
| rhsa-2025:17232 | Red Hat Security Advisory: OpenShift Container Platform 4.17.41 bug fix and security update | 2025-10-08T15:52:57+00:00 | 2025-11-29T06:53:13+00:00 |
| rhsa-2025:17570 | Red Hat Security Advisory: kernel security update | 2025-10-08T15:18:47+00:00 | 2025-11-21T19:28:43+00:00 |
| rhsa-2025:17567 | Red Hat Security Advisory: Red Hat AMQ Broker 7.13.2 release and security update | 2025-10-08T14:48:34+00:00 | 2025-11-25T03:02:59+00:00 |
| rhsa-2025:17562 | Red Hat Security Advisory: AMQ Broker 7.13.2.OPR.1.GA Container Images release and security update | 2025-10-08T14:38:05+00:00 | 2025-11-21T19:28:38+00:00 |
| rhsa-2025:17558 | Red Hat Security Advisory: iputils security update | 2025-10-08T12:32:36+00:00 | 2025-11-21T19:28:36+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2025-53069 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-10-02T00:00:00.000Z | 2025-10-23T01:06:30.000Z |
| msrc_cve-2025-53062 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-10-02T00:00:00.000Z | 2025-10-23T01:06:15.000Z |
| msrc_cve-2025-53054 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | 2025-10-02T00:00:00.000Z | 2025-10-23T01:06:45.000Z |
| msrc_cve-2025-53053 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | 2025-10-02T00:00:00.000Z | 2025-10-23T01:06:22.000Z |
| msrc_cve-2025-53045 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-10-02T00:00:00.000Z | 2025-10-23T01:06:38.000Z |
| msrc_cve-2025-53044 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-10-02T00:00:00.000Z | 2025-10-23T01:06:00.000Z |
| msrc_cve-2025-53042 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-10-02T00:00:00.000Z | 2025-10-23T01:05:53.000Z |
| msrc_cve-2025-53040 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-10-02T00:00:00.000Z | 2025-10-23T01:06:07.000Z |
| msrc_cve-2025-49844 | Redis Lua Use-After-Free may lead to remote code execution | 2025-10-02T00:00:00.000Z | 2025-10-08T01:01:53.000Z |
| msrc_cve-2025-47912 | Insufficient validation of bracketed IPv6 hostnames in net/url | 2025-10-02T00:00:00.000Z | 2025-12-13T01:37:52.000Z |
| msrc_cve-2025-46819 | Redis is vulnerable to DoS via specially crafted LUA scripts | 2025-10-02T00:00:00.000Z | 2025-10-10T01:37:12.000Z |
| msrc_cve-2025-46818 | Redis: Authenticated users can execute LUA scripts as a different user | 2025-10-02T00:00:00.000Z | 2025-12-11T01:38:13.000Z |
| msrc_cve-2025-46817 | Lua library commands may lead to integer overflow and potential RCE | 2025-10-02T00:00:00.000Z | 2025-10-10T01:36:56.000Z |
| msrc_cve-2025-40780 | Cache poisoning due to weak PRNG | 2025-10-02T00:00:00.000Z | 2025-11-25T01:38:24.000Z |
| msrc_cve-2025-40778 | Cache poisoning attacks with unsolicited RRs | 2025-10-02T00:00:00.000Z | 2025-11-25T01:38:19.000Z |
| msrc_cve-2025-40106 | comedi: fix divide-by-zero in comedi_buf_munge() | 2025-10-02T00:00:00.000Z | 2025-11-01T01:02:23.000Z |
| msrc_cve-2025-40105 | vfs: Don't leak disconnected dentries on umount | 2025-10-02T00:00:00.000Z | 2025-12-07T01:45:03.000Z |
| msrc_cve-2025-40104 | ixgbevf: fix mailbox API compatibility by negotiating supported features | 2025-10-02T00:00:00.000Z | 2025-12-07T01:43:55.000Z |
| msrc_cve-2025-40103 | smb: client: Fix refcount leak for cifs_sb_tlink | 2025-10-02T00:00:00.000Z | 2025-12-07T01:44:07.000Z |
| msrc_cve-2025-40102 | KVM: arm64: Prevent access to vCPU events before init | 2025-10-02T00:00:00.000Z | 2025-12-07T01:44:40.000Z |
| msrc_cve-2025-40100 | btrfs: do not assert we found block group item when creating free space tree | 2025-10-02T00:00:00.000Z | 2025-12-07T01:44:51.000Z |
| msrc_cve-2025-40099 | cifs: parse_dfs_referrals: prevent oob on malformed input | 2025-10-02T00:00:00.000Z | 2025-12-07T01:45:14.000Z |
| msrc_cve-2025-40097 | ALSA: hda: Fix missing pointer check in hda_component_manager_init function | 2025-10-02T00:00:00.000Z | 2025-10-31T01:09:31.000Z |
| msrc_cve-2025-40096 | drm/sched: Fix potential double free in drm_sched_job_add_resv_dependencies | 2025-10-02T00:00:00.000Z | 2025-12-07T01:44:30.000Z |
| msrc_cve-2025-40095 | usb: gadget: f_rndis: Refactor bind path to use __free() | 2025-10-02T00:00:00.000Z | 2025-10-31T01:09:26.000Z |
| msrc_cve-2025-40094 | usb: gadget: f_acm: Refactor bind path to use __free() | 2025-10-02T00:00:00.000Z | 2025-10-31T01:10:37.000Z |
| msrc_cve-2025-40093 | usb: gadget: f_ecm: Refactor bind path to use __free() | 2025-10-02T00:00:00.000Z | 2025-10-31T01:10:21.000Z |
| msrc_cve-2025-40092 | usb: gadget: f_ncm: Refactor bind path to use __free() | 2025-10-02T00:00:00.000Z | 2025-10-31T01:10:32.000Z |
| msrc_cve-2025-40090 | ksmbd: fix recursive locking in RPC handle list access | 2025-10-02T00:00:00.000Z | 2025-10-31T01:10:10.000Z |
| msrc_cve-2025-40088 | hfsplus: fix slab-out-of-bounds read in hfsplus_strcasecmp() | 2025-10-02T00:00:00.000Z | 2025-10-31T01:10:26.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2023-000034 | JB Inquiry form vulnerable to exposure of private personal information to an unauthorized actor | 2023-04-14T15:48+09:00 | 2024-05-29T16:44+09:00 |
| jvndb-2023-000033 | Trend Micro Security may insecurely load Dynamic Link Libraries | 2023-04-14T15:44+09:00 | 2024-04-26T17:48+09:00 |
| jvndb-2023-001493 | Multiple mobile printing apps for Android vulnerable to improper intent handling | 2023-04-13T11:09+09:00 | 2024-05-30T15:48+09:00 |
| jvndb-2023-001492 | Vulnerability in JP1/VERITAS | 2023-04-12T15:01+09:00 | 2023-04-12T15:01+09:00 |
| jvndb-2023-001411 | Yokogawa Electric CENTUM series vulnerable to cleartext storage of sensitive information | 2023-04-06T14:59+09:00 | 2024-05-29T18:23+09:00 |
| jvndb-2023-000032 | Improper restriction of XML external entity references (XXE) in National land numerical information data conversion tool | 2023-04-04T15:22+09:00 | 2024-06-04T15:56+09:00 |
| jvndb-2023-000031 | Multiple vulnerabilities in JustSystems products | 2023-04-04T15:22+09:00 | 2024-05-29T17:32+09:00 |
| jvndb-2023-001402 | JTEKT ELECTRONIC Screen Creator Advance 2 vulnerable to improper restriction of operations within the bounds of a memory buffer | 2023-04-03T16:24+09:00 | 2024-06-04T17:15+09:00 |
| jvndb-2023-001400 | CONPROSYS HMI System(CHS) vulnerable to SQL injection | 2023-04-03T16:19+09:00 | 2023-04-03T16:19+09:00 |
| jvndb-2023-000030 | HAProxy vulnerable to HTTP request/response smuggling | 2023-03-31T15:54+09:00 | 2024-06-04T16:17+09:00 |
| jvndb-2023-000029 | Multiple vulnerabilities in Seiko Solutions SkyBridge MB-A100/A110/A200/A130 SkySpider MB-R210 | 2023-03-31T15:54+09:00 | 2024-05-27T17:08+09:00 |
| jvndb-2023-000028 | baserCMS vulnerable to arbitrary file uploads | 2023-03-27T13:39+09:00 | 2024-06-06T17:31+09:00 |
| jvndb-2023-000027 | ELECOM WAB-MAT registers its windows service executable with an unquoted file path | 2023-03-24T14:35+09:00 | 2024-06-03T17:36+09:00 |
| jvndb-2023-001320 | Multiple vulnerabilities in Contec CONPROSYS IoT Gateway products | 2023-03-22T13:41+09:00 | 2024-06-04T17:00+09:00 |
| jvndb-2023-000025 | TP-Link T2600G-28SQ uses vulnerable SSH host keys | 2023-03-17T12:27+09:00 | 2024-06-04T16:58+09:00 |
| jvndb-2023-000024 | Android App "Wolt Delivery: Food and more" uses a hard-coded API key for an external service | 2023-03-13T12:28+09:00 | 2024-06-03T17:15+09:00 |
| jvndb-2023-001308 | Multiple vulnerabilities in Buffalo network devices | 2023-03-08T15:12+09:00 | 2024-06-04T16:42+09:00 |
| jvndb-2023-000022 | Multiple vulnerabilities in SEIKO EPSON printers/network interface Web Config | 2023-03-08T15:09+09:00 | 2024-06-03T17:36+09:00 |
| jvndb-2023-001304 | Multiple vulnerabilities in JTEKT ELECTRONICS Kostac PLC Programming Software | 2023-03-06T15:31+09:00 | 2024-06-07T16:39+09:00 |
| jvndb-2023-000023 | Multiple vulnerabilities in PostgreSQL extension module pg_ivm | 2023-03-06T15:22+09:00 | 2024-06-10T16:41+09:00 |
| jvndb-2023-001291 | Multiple vulnerabilities in Trend Micro Maximum Security | 2023-03-03T11:10+09:00 | 2024-06-13T17:06+09:00 |
| jvndb-2023-001292 | Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service | 2023-03-02T17:33+09:00 | 2024-06-07T16:59+09:00 |
| jvndb-2023-001269 | File and Directory Permissions Vulnerability in Hitachi Automation Director, Hitachi Infrastructure Analytics Advisor, Hitachi Ops Center | 2023-03-01T16:59+09:00 | 2024-06-11T16:42+09:00 |
| jvndb-2023-000021 | Multiple vulnerabilities in SS1 and Rakuraku PC Cloud | 2023-03-01T15:57+09:00 | 2024-06-06T18:02+09:00 |
| jvndb-2023-000019 | Multiple cross-site scripting vulnerabilities in EC-CUBE | 2023-02-28T16:38+09:00 | 2024-06-10T17:28+09:00 |
| jvndb-2023-000020 | web2py development tool vulnerable to open redirect | 2023-02-28T15:00+09:00 | 2024-06-07T16:31+09:00 |
| jvndb-2023-000018 | Multiple cross-site scripting vulnerabilities in SHIRASAGI | 2023-02-22T15:16+09:00 | 2024-06-10T17:18+09:00 |
| jvndb-2023-000017 | Improper restriction of XML external entity reference (XXE) vulnerability in tsClinical Define.xml Generator and tsClinical Metadata Desktop Tools | 2023-02-14T17:00+09:00 | 2024-06-12T11:15+09:00 |
| jvndb-2023-000016 | The installers of ELECOM Camera Assistant and QuickFileDealer may insecurely load Dynamic Link Libraries | 2023-02-14T17:00+09:00 | 2023-02-14T17:00+09:00 |
| jvndb-2023-000015 | Multiple vulnerabilities in PLANEX COMMUNICATIONS Network Camera CS-WMV02G | 2023-02-13T14:48+09:00 | 2024-06-12T17:03+09:00 |
| ID | Description | Updated |
|---|