Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-9786-pc79-p3v7 | A weakness has been identified in Dromara Sa-Token up to 1.44.0. This affects the function ObjectIn… | 2025-12-28T03:30:12Z | 2025-12-28T03:30:12Z |
| ghsa-w789-3q45-984r | In GnuPG through 2.4.8, if a signed message has \f at the end of a plaintext line, an adversary can… | 2025-12-28T00:30:23Z | 2025-12-28T00:30:23Z |
| ghsa-w2jm-qqhw-c9px | A vulnerability has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. Affect… | 2025-12-27T21:30:12Z | 2025-12-27T21:30:12Z |
| ghsa-f342-w736-j52r | A flaw has been found in jackq XCMS up to 3fab5342cc509945a7ce1b8ec39d19f701b89261. This impacts an… | 2025-12-27T21:30:12Z | 2025-12-27T21:30:12Z |
| ghsa-hj3q-q387-m5hr | A vulnerability was detected in PandaXGO PandaX up to fb8ff40f7ce5dfebdf66306c6d85625061faf7e5. Thi… | 2025-12-27T18:30:26Z | 2025-12-27T18:30:26Z |
| ghsa-43h9-hc38-qph5 | SQLE's JWT Secret Handler can be manipulated to use hard-coded cryptographic key | 2025-12-27T15:30:17Z | 2025-12-29T20:36:20Z |
| ghsa-2qm6-vprh-vgfc | Xspeeder SXZOS through 2025-12-26 allows root remote code execution via base64-encoded Python code … | 2025-12-27T15:30:16Z | 2025-12-27T15:30:17Z |
| ghsa-72f9-ghc4-fpv2 | A weakness has been identified in getmaxun maxun up to 0.0.28. The affected element is the function… | 2025-12-27T12:30:12Z | 2025-12-27T12:30:12Z |
| ghsa-9m78-g4jr-6549 | A security flaw has been discovered in getmaxun maxun up to 0.0.28. Impacted is an unknown function… | 2025-12-27T09:30:27Z | 2025-12-27T09:30:27Z |
| ghsa-rcfx-77hg-w2wv | FastMCP updated to MCP 1.23+ due to CVE-2025-66416 | 2025-12-26T23:20:50Z | 2025-12-26T23:20:50Z |
| ghsa-9fjq-45qv-pcm7 | ruint affected by unsoundness of safe `reciprocal_mg10` | 2025-12-26T18:55:53Z | 2025-12-26T18:55:53Z |
| ghsa-xq7p-3jhh-cr76 | Incorrect access control in DEV Systemtechnik GmbH DEV 7113 RF over Fiber Distribution System 32-00… | 2025-12-26T18:30:27Z | 2025-12-26T18:30:27Z |
| ghsa-qxv4-g9hq-r87f | Time-based blind SQL Injection vulnerability in Cloudlog v2.6.15 at the endpoint /index.php/logbook… | 2025-12-26T18:30:27Z | 2025-12-26T21:30:21Z |
| ghsa-g5p6-3j82-xfm4 | Croogo CMS has a path traversal vulnerability | 2025-12-26T18:30:27Z | 2025-12-26T23:21:14Z |
| ghsa-8mv8-wmgc-7crw | Incorrect access control in Comtech EF Data CDM-625 / CDM-625A Advanced Satellite Modem with firmwa… | 2025-12-26T18:30:27Z | 2025-12-26T18:30:27Z |
| ghsa-8cpr-48rw-5rrc | Yealink T21P_E2 Phone 52.84.0.15 is vulnerable to Directory Traversal. A remote normal privileged a… | 2025-12-26T18:30:27Z | 2025-12-26T18:30:27Z |
| ghsa-x2hf-qg23-rjpx | An issue in Yealink T21P_E2 Phone 52.84.0.15 allows a remote normal privileged attacker to execute … | 2025-12-26T18:30:26Z | 2025-12-26T18:30:26Z |
| ghsa-98p6-cqhp-8c8x | Cola Dnslog v1.3.2 is vulnerable to Directory Traversal. When a DNS query for a TXT record is proce… | 2025-12-26T18:30:26Z | 2025-12-26T18:30:27Z |
| ghsa-8qx7-g43x-4mhm | An issue in Terra Informatica Software, Inc Sciter v.4.4.7.0 allows a local attacker to obtain sens… | 2025-12-26T18:30:26Z | 2025-12-26T18:30:26Z |
| ghsa-6vj3-p34w-xxjp | apidoc-core has a prototype pollution vulnerability | 2025-12-26T18:30:26Z | 2025-12-26T19:50:17Z |
| ghsa-4jf5-rmwc-7vww | The web management interface in ETL Systems Ltd DEXTRA Series ' Digital L-Band Distribution System … | 2025-12-26T18:30:26Z | 2025-12-26T18:30:27Z |
| ghsa-h78q-4j5r-86xx | Cacti versions prior to 0.8.6-d contain a remote command execution vulnerability in the graph_view.… | 2025-12-26T18:30:24Z | 2025-12-26T18:30:24Z |
| ghsa-j4p8-h8mh-rh8q | Self-hosted n8n has Legacy Code node that enables arbitrary file read/write | 2025-12-26T18:26:38Z | 2025-12-27T01:08:47Z |
| ghsa-62r4-hw23-cc8v | n8n Vulnerable to Arbitrary Command Execution in Pyodide based Python Code Node | 2025-12-26T18:18:05Z | 2025-12-27T01:08:43Z |
| ghsa-9pf3-7rrr-x5jh | lmdeploy vulnerable to Arbitrary Code Execution via Insecure Deserialization in torch.load() | 2025-12-26T17:34:08Z | 2025-12-27T01:08:38Z |
| ghsa-58jc-rcg5-95f3 | n8n's Possible Stored XSS in "Respond to Webhook" Node May Execute Outside iframe Sandbox | 2025-12-26T17:30:19Z | 2025-12-27T01:08:11Z |
| ghsa-v82x-ghcg-c238 | A cross-site scripting (XSS) vulnerability was identified in FluentCMS 1.2.3. After logging in as a… | 2025-12-26T15:30:17Z | 2025-12-26T18:30:26Z |
| ghsa-rh9m-3jjg-79rv | IBM Aspera Faspex 5 5.0.0 through 5.0.14.1 is vulnerable to HTML injection. A remote attacker could… | 2025-12-26T15:30:17Z | 2025-12-26T15:30:17Z |
| ghsa-mrrq-9gcx-wv49 | IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from … | 2025-12-26T15:30:17Z | 2025-12-26T15:30:17Z |
| ghsa-jv72-59wq-8rxm | libxmljs has segmentation fault, potentially leading to a denial-of-service (DoS) | 2025-12-26T15:30:17Z | 2025-12-26T19:47:33Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-68972 | 5.9 (v3.1) | In GnuPG through 2.4.8, if a signed message has \… |
GnuPG |
GnuPG |
2025-12-27T22:52:30.957Z | 2025-12-29T16:51:02.621Z |
| cve-2025-15110 | jackq XCMS Backend ProductImageController.class.php up… |
jackq |
XCMS |
2025-12-27T20:02:09.663Z | 2025-12-29T16:51:10.398Z | |
| cve-2025-14177 | 6.3 (v4.0) | Information Leak of Memory in getimagesize |
PHP Group |
PHP |
2025-12-27T19:33:23.973Z | 2025-12-29T16:01:36.231Z |
| cve-2025-14178 | 6.5 (v3.1) | Heap buffer overflow in array_merge() |
PHP Group |
PHP |
2025-12-27T19:27:41.691Z | 2025-12-29T16:01:02.639Z |
| cve-2025-14180 | 8.2 (v4.0) | NULL Pointer Dereference in PDO quoting |
PHP Group |
PHP |
2025-12-27T19:21:20.768Z | 2025-12-29T16:00:11.239Z |
| cve-2025-15109 | jackq XCMS upload.php unrestricted upload |
jackq |
XCMS |
2025-12-27T18:32:08.961Z | 2025-12-29T15:59:07.141Z | |
| cve-2025-15108 | PandaXGO PandaX JWT Secret config.yml hard-coded key |
PandaXGO |
PandaX |
2025-12-27T16:32:05.829Z | 2025-12-29T15:58:13.566Z | |
| cve-2025-15107 | actiontech sqle JWT Secret jwt.go hard-coded key |
actiontech |
sqle |
2025-12-27T12:32:06.081Z | 2025-12-29T15:57:28.455Z | |
| cve-2025-15106 | getmaxun Authentication Endpoint auth.ts router.get im… |
getmaxun |
maxun |
2025-12-27T10:32:05.218Z | 2025-12-29T15:56:17.889Z | |
| cve-2025-15105 | getmaxun auth.ts hard-coded key |
getmaxun |
maxun |
2025-12-27T09:02:06.124Z | 2025-12-29T15:55:05.915Z | |
| cve-2025-59946 | NanoMQ has a Use After Free vulnerability via sub info list |
nanomq |
nanomq |
2025-12-27T00:40:51.122Z | 2025-12-29T15:54:27.851Z | |
| cve-2025-68952 | 1-click Remote Code Execution (RCE) vulnerability in Eigent |
eigent-ai |
eigent |
2025-12-27T00:37:08.917Z | 2025-12-29T15:53:36.804Z | |
| cve-2025-68948 | SiYuan: Information Disclosure and Authentication Bypa… |
siyuan-note |
siyuan |
2025-12-27T00:21:31.864Z | 2025-12-29T16:51:19.102Z | |
| cve-2025-68927 | Improper Neutralization of HTML Tags in a Web Page in… |
abhinavxd |
libredesk |
2025-12-27T00:04:49.621Z | 2025-12-29T16:51:24.522Z | |
| cve-2025-54322 | Xspeeder SXZOS through 2025-12-26 allows root rem… |
Xspeeder |
SXZOS |
2025-12-27T00:00:00.000Z | 2025-12-29T16:51:30.437Z | |
| cve-2025-68474 | ESF-IDF Has Out-of-Bounds Write in ESP32 Bluetooth AVR… |
espressif |
esp-idf |
2025-12-26T23:57:54.853Z | 2025-12-29T16:51:36.305Z | |
| cve-2025-68473 | ESF-IDF Has Out-of-Bounds Read in ESP32 Bluetooth SDP … |
espressif |
esp-idf |
2025-12-26T23:54:47.709Z | 2025-12-29T16:51:42.074Z | |
| cve-2025-68148 | FreshRSS globally denies access to feed via proxy modi… |
FreshRSS |
FreshRSS |
2025-12-26T23:46:53.337Z | 2025-12-29T16:51:47.993Z | |
| cve-2025-68932 | FreshRSS has weak cryptographic randomness in remember… |
FreshRSS |
FreshRSS |
2025-12-26T23:43:34.693Z | 2025-12-29T16:51:53.481Z | |
| cve-2025-66203 | StreamVault is Vulnerable to Authenticated Remote Code… |
lemon8866 |
StreamVault |
2025-12-26T23:37:03.817Z | 2025-12-29T15:52:51.712Z | |
| cve-2025-67729 | lmdeploy vulnerable to Arbitrary Code Execution via In… |
InternLM |
lmdeploy |
2025-12-26T21:54:10.137Z | 2025-12-26T22:10:54.833Z | |
| cve-2025-68697 | Self-hosted n8n has Legacy Code node that enables arbi… |
n8n-io |
n8n |
2025-12-26T21:51:12.216Z | 2025-12-26T22:12:04.529Z | |
| cve-2025-68668 | n8n Vulnerable to Arbitrary Command Execution in Pyodi… |
n8n-io |
n8n |
2025-12-26T21:49:20.695Z | 2025-12-26T21:59:34.256Z | |
| cve-2025-61914 | n8n's Possible Stored XSS in "Respond to Webhook" Node… |
n8n-io |
n8n |
2025-12-26T21:48:59.778Z | 2025-12-26T21:59:25.288Z | |
| cve-2025-13158 | 9.3 (v4.0) | apidoc-core - prototype pollution in api_group.js, api… |
apiDoc |
apidoc-core |
2025-12-26T16:00:27.208Z | 2025-12-26T19:26:12.935Z |
| cve-2025-64645 | 7.7 (v3.1) | Time-of-check Time-of-use (TOCTOU) in IBM Concert Software. |
IBM |
Concert |
2025-12-26T14:24:57.880Z | 2025-12-30T04:55:27.810Z |
| cve-2025-36230 | 5.4 (v3.1) | XSS in IBM Aspera Faspex |
IBM |
Aspera Faspex 5 |
2025-12-26T14:22:46.035Z | 2025-12-26T15:14:53.108Z |
| cve-2025-36229 | 3.1 (v3.1) | Exposure of Sensitive System Information to an Unautho… |
IBM |
Aspera Faspex 5 |
2025-12-26T14:15:03.417Z | 2025-12-26T15:14:58.269Z |
| cve-2025-36228 | 3.8 (v3.1) | Incorrect Execution-Assigned Permissions in IBM Aspera… |
IBM |
Aspera Faspex 5 |
2025-12-26T14:11:45.492Z | 2025-12-26T15:15:06.304Z |
| cve-2025-36192 | 6.7 (v3.1) | Missing Authorization with the DS8900F and DS8A00 Hard… |
IBM |
DS8A00( R10.1) |
2025-12-26T13:58:51.713Z | 2025-12-26T15:15:11.888Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-15138 | prasathmani TinyFileManager tinyfilemanager.php path t… |
prasathmani |
TinyFileManager |
2025-12-28T13:32:08.843Z | 2025-12-29T16:40:10.063Z | |
| cve-2025-15137 | TRENDnet TEW-800MB NTPSyncWithHost.cgi sub_F934 comma… |
TRENDnet |
TEW-800MB |
2025-12-28T13:02:05.931Z | 2025-12-29T17:19:47.335Z | |
| cve-2025-15136 | TRENDnet TEW-800MB Management wizardset do_setWizard_a… |
TRENDnet |
TEW-800MB |
2025-12-28T12:32:06.349Z | 2025-12-29T17:20:27.000Z | |
| cve-2025-15135 | joey-zhou xiaozhi-esp32-server-java Cookie Authenticat… |
joey-zhou |
xiaozhi-esp32-server-java |
2025-12-28T12:02:07.346Z | 2025-12-29T17:58:51.665Z | |
| cve-2025-15134 | yourmaileyes MOOC Submission MainController.java subre… |
yourmaileyes |
MOOC |
2025-12-28T11:32:05.791Z | 2025-12-29T17:59:32.211Z | |
| cve-2025-15133 | ZSPACE Z4Pro+ HTTP POST Request close zfilev2_api_Clos… |
ZSPACE |
Z4Pro+ |
2025-12-28T11:02:10.256Z | 2025-12-29T18:00:13.048Z | |
| cve-2025-15132 | ZSPACE Z4Pro+ HTTP POST Request open zfilev2_api_open … |
ZSPACE |
Z4Pro+ |
2025-12-28T10:32:05.208Z | 2025-12-29T18:00:46.951Z | |
| cve-2025-15131 | ZSPACE Z4Pro+ HTTP POST Request status zfilev2_api_Saf… |
ZSPACE |
Z4Pro+ |
2025-12-28T10:02:06.337Z | 2025-12-29T18:01:13.797Z | |
| cve-2025-15130 | shanyu SyCms Administrative Panel FileManageController… |
shanyu |
SyCms |
2025-12-28T09:32:10.325Z | 2025-12-29T18:01:53.351Z | |
| cve-2025-15129 | ChenJinchuang Lin-CMS-TP5 File Upload LocalUploader.ph… |
ChenJinchuang |
Lin-CMS-TP5 |
2025-12-28T09:02:10.127Z | 2025-12-29T18:55:29.222Z | |
| cve-2025-15128 | ZKTeco BioTime Endpoint safe_setting credentials storage |
ZKTeco |
BioTime |
2025-12-28T08:32:10.069Z | 2025-12-29T16:06:03.528Z | |
| cve-2025-15127 | FantasticLBP Hotels_Server Room.php sql injection |
FantasticLBP |
Hotels_Server |
2025-12-28T08:02:06.225Z | 2025-12-29T16:02:17.068Z | |
| cve-2025-15126 | JeecgBoot getPositionUserList improper authorization |
n/a |
JeecgBoot |
2025-12-28T07:32:06.264Z | 2025-12-29T16:03:06.162Z | |
| cve-2025-15125 | JeecgBoot queryDepartPermission improper authorization |
n/a |
JeecgBoot |
2025-12-28T07:02:06.680Z | 2025-12-29T16:03:49.238Z | |
| cve-2025-15124 | JeecgBoot list getParameterMap improper authorization |
n/a |
JeecgBoot |
2025-12-28T06:32:06.920Z | 2025-12-29T16:04:32.586Z | |
| cve-2025-15123 | JeecgBoot datarule improper authorization |
n/a |
JeecgBoot |
2025-12-28T06:02:05.781Z | 2025-12-29T16:05:08.309Z | |
| cve-2025-15122 | JeecgBoot datarule loadDatarule improper authorization |
n/a |
JeecgBoot |
2025-12-28T05:02:05.798Z | 2025-12-29T16:42:57.874Z | |
| cve-2025-15121 | JeecgBoot getDeptRoleByUserId information disclosure |
n/a |
JeecgBoot |
2025-12-28T04:32:06.152Z | 2025-12-29T16:41:44.256Z | |
| cve-2025-15120 | JeecgBoot getDeptRoleList improper authorization |
n/a |
JeecgBoot |
2025-12-28T04:02:06.291Z | 2025-12-29T16:40:55.481Z | |
| cve-2025-15119 | JeecgBoot list queryPageList improper authorization |
n/a |
JeecgBoot |
2025-12-28T03:32:06.719Z | 2025-12-29T19:04:57.949Z | |
| cve-2025-15118 | macrozheng mall Member Endpoint update improper author… |
macrozheng |
mall |
2025-12-28T03:02:05.540Z | 2025-12-29T16:40:10.112Z | |
| cve-2025-15117 | Dromara Sa-Token SaJdkSerializer.java ObjectInputStrea… |
Dromara |
Sa-Token |
2025-12-28T02:32:05.652Z | 2025-12-29T16:39:15.402Z | |
| cve-2025-15116 | OpenCart Single-Use Coupon race condition |
n/a |
OpenCart |
2025-12-28T02:02:06.876Z | 2025-12-29T16:38:27.409Z | |
| cve-2025-68972 | 5.9 (v3.1) | In GnuPG through 2.4.8, if a signed message has \… |
GnuPG |
GnuPG |
2025-12-27T22:52:30.957Z | 2025-12-29T16:51:02.621Z |
| cve-2025-15110 | jackq XCMS Backend ProductImageController.class.php up… |
jackq |
XCMS |
2025-12-27T20:02:09.663Z | 2025-12-29T16:51:10.398Z | |
| cve-2025-14180 | 8.2 (v4.0) | NULL Pointer Dereference in PDO quoting |
PHP Group |
PHP |
2025-12-27T19:21:20.768Z | 2025-12-29T16:00:11.239Z |
| cve-2025-14178 | 6.5 (v3.1) | Heap buffer overflow in array_merge() |
PHP Group |
PHP |
2025-12-27T19:27:41.691Z | 2025-12-29T16:01:02.639Z |
| cve-2025-14177 | 6.3 (v4.0) | Information Leak of Memory in getimagesize |
PHP Group |
PHP |
2025-12-27T19:33:23.973Z | 2025-12-29T16:01:36.231Z |
| cve-2025-15109 | jackq XCMS upload.php unrestricted upload |
jackq |
XCMS |
2025-12-27T18:32:08.961Z | 2025-12-29T15:59:07.141Z | |
| cve-2025-15108 | PandaXGO PandaX JWT Secret config.yml hard-coded key |
PandaXGO |
PandaX |
2025-12-27T16:32:05.829Z | 2025-12-29T15:58:13.566Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-192475 | Malicious code in elf-stats-candystriped-cookiejar-799 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T16:45:01Z |
| mal-2025-192474 | Malicious code in elf-stats-candystriped-bauble-740 (npm) | 2025-12-11T19:46:09Z | 2025-12-23T16:45:01Z |
| mal-2025-192473 | Malicious code in elf-stats-candlelit-train-228 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192472 | Malicious code in elf-stats-candlelit-nutcracker-184 (npm) | 2025-12-11T19:46:09Z | 2025-12-15T05:25:54Z |
| mal-2025-192471 | Malicious code in elf-stats-aurora-sparkler-752 (npm) | 2025-12-11T19:46:09Z | 2025-12-11T19:46:09Z |
| mal-2025-192470 | Malicious code in elf-stats-aurora-sleigh-694 (npm) | 2025-12-11T19:46:09Z | 2025-12-16T09:26:26Z |
| mal-2025-192469 | Malicious code in elf-stats (npm) | 2025-12-11T19:46:09Z | 2025-12-19T09:25:43Z |
| mal-2025-192468 | Malicious code in yzip (PyPI) | 2025-12-11T15:53:42Z | 2025-12-11T17:12:54Z |
| mal-2025-192543 | Malicious code in mw-proto-ts (npm) | 2025-12-11T12:17:38Z | 2025-12-23T19:24:03Z |
| mal-2025-192541 | Malicious code in mui-wrapper-icons (npm) | 2025-12-11T12:17:23Z | 2025-12-23T19:24:03Z |
| mal-2025-192542 | Malicious code in mui-wrapper-styles (npm) | 2025-12-11T12:15:41Z | 2025-12-23T19:24:03Z |
| mal-0000-ossf-package-analysis-ba19fbf2e13483ed | Malicious code in @cheqplease/structured-logger (npm) | 2025-12-11T07:37:23Z | 2025-12-11T07:37:23Z |
| mal-0000-ossf-package-analysis-c6ef1fa05f2ae34a | Malicious code in @cheqplease/structured-logger (npm) | 2025-12-11T05:38:58Z | 2025-12-11T05:38:58Z |
| mal-2025-192466 | Malicious code in tnaxmlparserctf (npm) | 2025-12-11T01:47:51Z | 2025-12-11T01:47:51Z |
| mal-2025-192465 | Malicious code in tnaparserxml (npm) | 2025-12-11T01:47:51Z | 2025-12-19T09:25:46Z |
| mal-2025-192464 | Malicious code in ofjaaah12 (npm) | 2025-12-11T01:47:51Z | 2025-12-19T09:25:45Z |
| mal-2025-192463 | Malicious code in libxmlussr (npm) | 2025-12-11T01:47:51Z | 2025-12-11T01:47:51Z |
| mal-2025-192462 | Malicious code in libxmlpupupu (npm) | 2025-12-11T01:47:51Z | 2025-12-11T01:47:51Z |
| mal-2025-192461 | Malicious code in libxmljsololos (npm) | 2025-12-11T01:47:51Z | 2025-12-11T01:47:51Z |
| mal-2025-192460 | Malicious code in libxmljsololo4 (npm) | 2025-12-11T01:47:51Z | 2025-12-11T01:47:51Z |
| mal-2025-192459 | Malicious code in libxmljsololo3 (npm) | 2025-12-11T01:47:51Z | 2025-12-11T01:47:51Z |
| mal-2025-192458 | Malicious code in libxmljsololo (npm) | 2025-12-11T01:47:51Z | 2025-12-11T01:47:51Z |
| mal-2025-192457 | Malicious code in libxmljs2var234 (npm) | 2025-12-11T01:47:51Z | 2025-12-11T01:47:51Z |
| mal-2025-192456 | Malicious code in libxmljs10 (npm) | 2025-12-11T01:47:51Z | 2025-12-11T01:47:51Z |
| mal-2025-192455 | Malicious code in libxmlhere (npm) | 2025-12-11T01:47:51Z | 2025-12-11T01:47:51Z |
| mal-2025-192454 | Malicious code in libxmlfinal5 (npm) | 2025-12-11T01:47:51Z | 2025-12-11T01:47:51Z |
| mal-2025-192453 | Malicious code in libxmlfinal4 (npm) | 2025-12-11T01:47:51Z | 2025-12-11T01:47:51Z |
| mal-2025-192452 | Malicious code in libxmlfinal3 (npm) | 2025-12-11T01:47:51Z | 2025-12-11T01:47:51Z |
| mal-2025-192451 | Malicious code in libxmlfinal (npm) | 2025-12-11T01:47:51Z | 2025-12-11T01:47:51Z |
| mal-2025-192450 | Malicious code in fadafas3 (npm) | 2025-12-11T01:47:51Z | 2025-12-19T16:25:55Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:17560 | Red Hat Security Advisory: iputils security update | 2025-10-08T12:24:22+00:00 | 2025-11-21T19:28:37+00:00 |
| rhsa-2025:17559 | Red Hat Security Advisory: iputils security update | 2025-10-08T11:42:06+00:00 | 2025-11-21T19:28:36+00:00 |
| rhsa-2025:17509 | Red Hat Security Advisory: open-vm-tools security update | 2025-10-07T17:32:23+00:00 | 2025-11-21T19:28:34+00:00 |
| rhsa-2025:17511 | Red Hat Security Advisory: open-vm-tools security update | 2025-10-07T17:31:58+00:00 | 2025-11-21T19:28:35+00:00 |
| rhsa-2025:17510 | Red Hat Security Advisory: open-vm-tools security update | 2025-10-07T17:29:39+00:00 | 2025-11-21T19:28:35+00:00 |
| rhsa-2025:17512 | Red Hat Security Advisory: open-vm-tools security update | 2025-10-07T17:21:45+00:00 | 2025-11-21T19:28:39+00:00 |
| rhsa-2025:17396 | Red Hat Security Advisory: kernel security update | 2025-10-07T16:56:44+00:00 | 2025-11-25T15:42:36+00:00 |
| rhsa-2025:17501 | Red Hat Security Advisory: RHOAI 2.24.0 - Red Hat OpenShift AI | 2025-10-07T14:43:19+00:00 | 2025-11-21T19:38:44+00:00 |
| rhsa-2025:17500 | Red Hat Security Advisory: Red Hat OpenStack Services on OpenShift 18.0 (python-django) security update | 2025-10-07T14:28:49+00:00 | 2025-11-21T19:28:34+00:00 |
| rhsa-2025:17499 | Red Hat Security Advisory: Red Hat OpenStack Platform 16.2 (python-django20) security update | 2025-10-07T14:22:44+00:00 | 2025-11-21T19:28:33+00:00 |
| rhsa-2025:17498 | Red Hat Security Advisory: Red Hat OpenStack Platform 17.1 (python-django) security update | 2025-10-07T14:22:20+00:00 | 2025-11-21T19:28:32+00:00 |
| rhsa-2025:17453 | Red Hat Security Advisory: firefox security update | 2025-10-07T09:47:39+00:00 | 2025-11-21T19:28:31+00:00 |
| rhsa-2025:17452 | Red Hat Security Advisory: open-vm-tools security update | 2025-10-07T09:30:19+00:00 | 2025-11-21T19:28:34+00:00 |
| rhsa-2025:17445 | Red Hat Security Advisory: open-vm-tools security update | 2025-10-07T08:07:51+00:00 | 2025-11-21T19:28:29+00:00 |
| rhsa-2025:17446 | Red Hat Security Advisory: open-vm-tools security update | 2025-10-07T07:59:24+00:00 | 2025-11-21T19:28:30+00:00 |
| rhsa-2025:17415 | Red Hat Security Advisory: gnutls security, bug fix, and enhancement update | 2025-10-07T07:40:04+00:00 | 2025-11-21T19:28:27+00:00 |
| rhsa-2025:17428 | Red Hat Security Advisory: open-vm-tools security update | 2025-10-07T06:02:39+00:00 | 2025-11-21T19:28:27+00:00 |
| rhsa-2025:17429 | Red Hat Security Advisory: open-vm-tools security update | 2025-10-07T05:56:39+00:00 | 2025-11-21T19:28:28+00:00 |
| rhsa-2025:17430 | Red Hat Security Advisory: perl-JSON-XS security update | 2025-10-07T05:52:14+00:00 | 2025-11-21T19:28:29+00:00 |
| rhsa-2025:17377 | Red Hat Security Advisory: kernel security update | 2025-10-06T23:22:32+00:00 | 2025-11-26T16:45:11+00:00 |
| rhsa-2025:17397 | Red Hat Security Advisory: kernel security update | 2025-10-06T21:45:20+00:00 | 2025-11-25T21:27:13+00:00 |
| rhsa-2025:17398 | Red Hat Security Advisory: kernel-rt security update | 2025-10-06T15:43:29+00:00 | 2025-11-25T21:27:12+00:00 |
| rhsa-2025:17376 | Red Hat Security Advisory: Red Hat build of Cryostat 4.0.3: new RHEL 9 container image security update | 2025-10-06T13:05:24+00:00 | 2025-11-27T12:47:14+00:00 |
| rhsa-2025:17378 | Red Hat Security Advisory: firefox security update | 2025-10-06T11:54:17+00:00 | 2025-11-21T19:28:20+00:00 |
| rhsa-2025:17374 | Red Hat Security Advisory: firefox security update | 2025-10-06T10:07:21+00:00 | 2025-11-21T19:28:19+00:00 |
| rhsa-2025:17373 | Red Hat Security Advisory: firefox security update | 2025-10-06T09:45:01+00:00 | 2025-11-21T19:28:19+00:00 |
| rhsa-2025:17371 | Red Hat Security Advisory: firefox security update | 2025-10-06T09:37:26+00:00 | 2025-11-21T19:28:18+00:00 |
| rhsa-2025:17372 | Red Hat Security Advisory: firefox security update | 2025-10-06T09:36:06+00:00 | 2025-11-21T19:28:19+00:00 |
| rhsa-2025:17367 | Red Hat Security Advisory: firefox security update | 2025-10-06T09:08:41+00:00 | 2025-11-21T19:28:17+00:00 |
| rhsa-2025:17368 | Red Hat Security Advisory: firefox security update | 2025-10-06T09:07:46+00:00 | 2025-11-21T19:28:17+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2025-40087 | NFSD: Define a proc_layoutcommit for the FlexFiles layout type | 2025-10-02T00:00:00.000Z | 2025-12-07T01:44:18.000Z |
| msrc_cve-2025-40085 | ALSA: usb-audio: Fix NULL pointer deference in try_to_register_card | 2025-10-02T00:00:00.000Z | 2025-12-07T01:41:15.000Z |
| msrc_cve-2025-40084 | ksmbd: transport_ipc: validate payload size before reading handle | 2025-10-02T00:00:00.000Z | 2025-12-07T01:40:52.000Z |
| msrc_cve-2025-40083 | net/sched: sch_qfq: Fix null-deref in agg_dequeue | 2025-10-02T00:00:00.000Z | 2025-12-07T01:41:04.000Z |
| msrc_cve-2025-40081 | perf: arm_spe: Prevent overflow in PERF_IDX2OFF() | 2025-10-02T00:00:00.000Z | 2025-10-29T01:04:15.000Z |
| msrc_cve-2025-40080 | nbd: restrict sockets to TCP and UDP | 2025-10-02T00:00:00.000Z | 2025-10-29T01:03:21.000Z |
| msrc_cve-2025-40079 | riscv, bpf: Sign extend struct ops return values properly | 2025-10-02T00:00:00.000Z | 2025-10-29T01:05:01.000Z |
| msrc_cve-2025-40078 | bpf: Explicitly check accesses to bpf_sock_addr | 2025-10-02T00:00:00.000Z | 2025-10-29T01:02:11.000Z |
| msrc_cve-2025-40077 | f2fs: fix to avoid overflow while left shift operation | 2025-10-02T00:00:00.000Z | 2025-10-29T01:03:32.000Z |
| msrc_cve-2025-40075 | tcp_metrics: use dst_dev_net_rcu() | 2025-10-02T00:00:00.000Z | 2025-12-07T01:40:31.000Z |
| msrc_cve-2025-40074 | ipv4: start using dst_dev_rcu() | 2025-10-02T00:00:00.000Z | 2025-12-07T01:39:59.000Z |
| msrc_cve-2025-40071 | tty: n_gsm: Don't block input queue by waiting MSC | 2025-10-02T00:00:00.000Z | 2025-10-29T01:05:06.000Z |
| msrc_cve-2025-40068 | fs: ntfs3: Fix integer overflow in run_unpack() | 2025-10-02T00:00:00.000Z | 2025-10-29T01:04:55.000Z |
| msrc_cve-2025-40065 | RISC-V: KVM: Write hgatp register with valid mode bits | 2025-10-02T00:00:00.000Z | 2025-12-07T01:40:20.000Z |
| msrc_cve-2025-40064 | smc: Fix use-after-free in __pnet_find_base_ndev(). | 2025-10-02T00:00:00.000Z | 2025-12-07T01:40:09.000Z |
| msrc_cve-2025-40061 | RDMA/rxe: Fix race in do_task() when draining | 2025-10-02T00:00:00.000Z | 2025-10-29T01:02:05.000Z |
| msrc_cve-2025-40060 | coresight: trbe: Return NULL pointer for allocation failures | 2025-10-02T00:00:00.000Z | 2025-10-29T01:03:16.000Z |
| msrc_cve-2025-40057 | ptp: Add a upper bound on max_vclocks | 2025-10-02T00:00:00.000Z | 2025-12-07T01:40:40.000Z |
| msrc_cve-2025-40056 | vhost: vringh: Fix copy_to_iter return value check | 2025-10-02T00:00:00.000Z | 2025-10-29T01:02:59.000Z |
| msrc_cve-2025-40055 | ocfs2: fix double free in user_cluster_connect() | 2025-10-02T00:00:00.000Z | 2025-10-29T01:02:49.000Z |
| msrc_cve-2025-40053 | net: dlink: handle copy_thresh allocation failure | 2025-10-02T00:00:00.000Z | 2025-10-29T01:02:38.000Z |
| msrc_cve-2025-40052 | smb: client: fix crypto buffers in non-linear memory | 2025-10-02T00:00:00.000Z | 2025-10-29T01:02:22.000Z |
| msrc_cve-2025-40051 | vhost: vringh: Modify the return value check | 2025-10-02T00:00:00.000Z | 2025-10-29T01:02:54.000Z |
| msrc_cve-2025-40049 | Squashfs: fix uninit-value in squashfs_get_parent | 2025-10-02T00:00:00.000Z | 2025-10-29T01:04:20.000Z |
| msrc_cve-2025-40048 | uio_hv_generic: Let userspace take care of interrupt mask | 2025-10-02T00:00:00.000Z | 2025-10-29T01:04:10.000Z |
| msrc_cve-2025-40044 | fs: udf: fix OOB read in lengthAllocDescs handling | 2025-10-02T00:00:00.000Z | 2025-10-29T01:02:16.000Z |
| msrc_cve-2025-40043 | net: nfc: nci: Add parameter validation for packet data | 2025-10-02T00:00:00.000Z | 2025-10-29T01:03:54.000Z |
| msrc_cve-2025-40042 | tracing: Fix race condition in kprobe initialization causing NULL pointer dereference | 2025-10-02T00:00:00.000Z | 2025-12-07T01:39:37.000Z |
| msrc_cve-2025-40040 | mm/ksm: fix flag-dropping behavior in ksm_madvise | 2025-10-02T00:00:00.000Z | 2025-12-07T01:39:48.000Z |
| msrc_cve-2025-40039 | ksmbd: Fix race condition in RPC handle list access | 2025-10-02T00:00:00.000Z | 2025-10-29T01:03:59.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2023-001215 | Zuken Elmic KASAGO uses insufficient random values for TCP Initial Sequence Numbers | 2023-02-13T14:18+09:00 | 2024-06-14T15:45+09:00 |
| jvndb-2023-000014 | NEC PC Settings Tool vulnerable to missing authentication for critical function | 2023-02-10T14:43+09:00 | 2024-06-10T18:13+09:00 |
| jvndb-2023-001212 | Multiple vulnerabilities in JTEKT ELECTRONICS Screen Creator Advance 2 | 2023-02-08T12:46+09:00 | 2024-06-10T17:25+09:00 |
| jvndb-2023-000013 | Ichiran App vulnerable to improper server certificate verification | 2023-02-06T14:31+09:00 | 2024-06-12T14:25+09:00 |
| jvndb-2023-000012 | Vulnerability in Driver Distributor where passwords are stored in a recoverable format | 2023-01-31T14:14+09:00 | 2024-06-12T11:07+09:00 |
| jvndb-2023-000011 | SUSHIRO App for Android outputs sensitive information to the log file | 2023-01-31T14:10+09:00 | 2024-06-11T17:35+09:00 |
| jvndb-2023-001110 | Improper restriction of XML external entity reference (XXE) vulnerability in OMRON CX-Motion Pro | 2023-01-25T14:28+09:00 | 2023-01-25T14:28+09:00 |
| jvndb-2023-000010 | pgAdmin 4 vulnerable to directory traversal | 2023-01-24T16:00+09:00 | 2024-06-05T16:22+09:00 |
| jvndb-2023-000009 | EasyMail vulnerable to cross-site scripting | 2023-01-24T16:00+09:00 | 2023-01-24T16:00+09:00 |
| jvndb-2023-001108 | Contec CONPROSYS HMI System (CHS) vulnerable to multiple SQL injections | 2023-01-24T13:38+09:00 | 2023-01-24T13:38+09:00 |
| jvndb-2023-000008 | Pgpool-II vulnerable to information disclosure | 2023-01-23T16:35+09:00 | 2024-06-20T17:54+09:00 |
| jvndb-2023-001008 | File and Directory Permissions Vulnerability in Hitachi Tuning Manager | 2023-01-18T13:51+09:00 | 2023-01-18T13:51+09:00 |
| jvndb-2023-000007 | WordPress plugin "Welcart e-Commerce" vulnerable to directory traversal | 2023-01-17T14:17+09:00 | 2023-01-17T14:17+09:00 |
| jvndb-2023-001005 | Active debug code vulnerability in OMRON CP1L-EL20DR-D | 2023-01-12T15:53+09:00 | 2023-01-12T15:53+09:00 |
| jvndb-2023-001003 | Access of uninitialized pointer vulnerability in OMRON CX-Motion-MCH | 2023-01-12T15:06+09:00 | 2023-01-12T15:06+09:00 |
| jvndb-2023-000006 | Multiple vulnerabilities in PIXELA PIX-RT100 | 2023-01-12T14:50+09:00 | 2023-01-12T14:50+09:00 |
| jvndb-2023-001002 | OpenAM Web Policy Agent (OpenAM Consortium Edition) vulnerable to path traversal | 2023-01-11T17:07+09:00 | 2023-01-11T17:07+09:00 |
| jvndb-2023-000005 | Multiple vulnerabilities in MAHO-PBX NetDevancer series | 2023-01-11T16:11+09:00 | 2023-01-11T16:11+09:00 |
| jvndb-2023-000003 | TP-Link SG105PE vulnerable to authentication bypass | 2023-01-11T15:04+09:00 | 2023-01-11T15:04+09:00 |
| jvndb-2023-000004 | pgAdmin 4 vulnerable to open redirect | 2023-01-11T14:23+09:00 | 2023-01-11T14:23+09:00 |
| jvndb-2023-000002 | Digital Arts m-FILTER vulnerable to improper authentication | 2023-01-06T14:57+09:00 | 2023-01-06T14:57+09:00 |
| jvndb-2023-000001 | Multiple code injection vulnerabilities in ruby-git | 2023-01-05T15:51+09:00 | 2023-01-05T15:51+09:00 |
| jvndb-2022-002838 | Multiple vulnerabilities in Fuji Electric V-Server | 2023-01-04T14:21+09:00 | 2023-01-04T14:21+09:00 |
| jvndb-2022-002837 | Multiple vulnerabilities in Fuji Electric V-SFT and TELLUS | 2023-01-04T14:16+09:00 | 2023-01-04T14:16+09:00 |
| jvndb-2022-002836 | Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service | 2022-12-26T16:21+09:00 | 2024-05-30T17:47+09:00 |
| jvndb-2022-000102 | Installers generated by Squirrel.Windows may insecurely load Dynamic Link Libraries | 2022-12-21T14:23+09:00 | 2022-12-21T14:23+09:00 |
| jvndb-2022-000101 | +Message App improper handling of Unicode control characters | 2022-12-21T14:13+09:00 | 2022-12-21T14:13+09:00 |
| jvndb-2022-002783 | Use-after-free vulnerability in Omron CX-Drive | 2022-12-20T15:32+09:00 | 2022-12-20T15:32+09:00 |
| jvndb-2022-002780 | Command injection vulnerability in SHARP Multifunctional Products (MFP) | 2022-12-20T12:12+09:00 | 2022-12-20T12:12+09:00 |
| jvndb-2022-000099 | Corel Roxio Creator LJB starts a program with an unquoted file path | 2022-12-19T13:47+09:00 | 2022-12-19T13:47+09:00 |
| ID | Description | Updated |
|---|