Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-2vg5-px79-v62f | This issue was addressed by restricting options offered on a locked device. This issue is fixed in … | 2025-11-05T21:31:01Z | 2025-11-05T21:31:02Z |
| ghsa-wwqv-p2pp-99h5 | LangGraph Checkpoint affected by RCE in "json" mode of JsonPlusSerializer | 2025-11-05T19:52:50Z | 2025-11-07T21:55:55Z |
| ghsa-x4qj-2f4q-r4rx | Parse Server Vulnerable to Server-Side Request Forgery (SSRF) in File Upload via URI Format | 2025-11-05T19:52:27Z | 2025-11-07T20:31:43Z |
| ghsa-cpf4-pmr4-w6cx | IDOR Vulnerabilities in ZITADEL's Organization API allows Cross-Tenant Data Tempering | 2025-11-05T19:52:01Z | 2025-11-07T21:55:43Z |
| ghsa-gr35-vpx2-qxhc | Weblate leaks the IP of project member inviting user to be reviewer in Audit log | 2025-11-05T18:45:59Z | 2025-11-06T23:13:28Z |
| ghsa-vf95-55w6-qmrf | youki container escape and denial of service due to arbitrary write gadgets and procfs write redirects | 2025-11-05T18:45:18Z | 2025-11-06T15:29:58Z |
| ghsa-4g74-7cff-xcv8 | youki container escape via "masked path" abuse due to mount race conditions | 2025-11-05T18:44:18Z | 2025-11-06T15:29:34Z |
| ghsa-cgrx-mc8f-2prm | runc container escape and denial of service due to arbitrary write gadgets and procfs write redirects | 2025-11-05T18:40:40Z | 2025-11-07T12:31:34Z |
| ghsa-fvfq-q238-j7j3 | WSO2 Carbon Mediation vulnerable to XML External Entity (XXE) attacks | 2025-11-05T18:31:31Z | 2025-11-06T15:12:30Z |
| ghsa-fc89-q8rg-m49m | An arbitrary file upload vulnerability exists in multiple WSO2 products due to insufficient validat… | 2025-11-05T18:31:31Z | 2025-11-05T18:31:31Z |
| ghsa-6mv5-ch6p-7g97 | Tonec Internet Download Manager 6.42.41.1 and earlier suffers from Missing SSL Certificate Validati… | 2025-11-05T18:31:31Z | 2025-11-05T21:31:01Z |
| ghsa-x3h8-2mvf-vv78 | A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to… | 2025-11-05T17:48:29Z | 2025-11-05T17:48:29Z |
| ghsa-vhqc-4wgw-frfj | Dell CloudLink, versions prior 8.1.1, contain a Command Injection vulnerability which can be exploi… | 2025-11-05T17:48:29Z | 2025-11-05T17:48:29Z |
| ghsa-vcvf-6gw2-rm4v | A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to… | 2025-11-05T17:48:29Z | 2025-11-05T17:48:29Z |
| ghsa-v789-p96v-5f4v | Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known p… | 2025-11-05T17:48:29Z | 2025-11-05T17:48:29Z |
| ghsa-qwqm-p386-7vch | Dell Command Monitor (DCM), versions prior to 10.12.3.28, contains an Execution with Unnecessary Pr… | 2025-11-05T17:48:29Z | 2025-11-05T17:48:29Z |
| ghsa-qf98-5p3c-j3vc | DWSurvey 6.14.0 is vulnerable to Incorrect Access Control. When deleting a questionnaire, replacing… | 2025-11-05T17:48:29Z | 2025-11-05T21:31:01Z |
| ghsa-mhhg-8h3j-q9xm | Dell CloudLink, versions prior to 8.2, contain use of a Cryptographic Primitive with a Risky Implem… | 2025-11-05T17:48:29Z | 2025-11-05T17:48:29Z |
| ghsa-j6fc-gfmx-7g9v | Dell CloudLink, versions prior to 8.2, contain a vulnerability where a privileged user with known p… | 2025-11-05T17:48:29Z | 2025-11-05T17:48:29Z |
| ghsa-gqj5-fpvg-f47f | OpenKM Community Edition 6.3.12 is vulnerable to stored cross-site scripting (XSS) in the user acco… | 2025-11-05T17:48:29Z | 2025-11-05T21:31:01Z |
| ghsa-cwm4-q4jj-2w4v | Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user may exploi… | 2025-11-05T17:48:29Z | 2025-11-05T17:48:29Z |
| ghsa-cgv7-rqxr-q664 | Dell CloudLink, versions prior to 8.1.1, contain a vulnerability where a privileged user with known… | 2025-11-05T17:48:29Z | 2025-11-05T17:48:29Z |
| ghsa-967j-jc6x-3jm4 | ownCloud Guests before 0.12.5 allows unauthenticated user enumeration via the /apps/guests/register… | 2025-11-05T17:48:29Z | 2025-11-05T21:31:01Z |
| ghsa-79m5-m533-xq7v | Dell CloudLink, versions 8.0 through 8.1.2, contain vulnerability on restricted shell. A Privileged… | 2025-11-05T17:48:29Z | 2025-11-05T17:48:29Z |
| ghsa-46m8-44h2-g6m9 | A vulnerability in the API subsystem of Cisco Unified Intelligence Center could allow an authentica… | 2025-11-05T17:48:29Z | 2025-11-05T17:48:29Z |
| ghsa-xc2m-hmp7-hc44 | An Incorrect Access Control vulnerability in the user management component of ZwiiCMS up to v13.6.0… | 2025-11-05T17:48:28Z | 2025-11-05T17:48:28Z |
| ghsa-w3hc-3vf9-xjj9 | A vulnerability in the Contact Center Express (CCX) Editor application of Cisco Unified CCX could a… | 2025-11-05T17:48:28Z | 2025-11-05T17:48:28Z |
| ghsa-qm3h-46xc-w7w4 | An issue was discovered in libarchive bsdtar before version 3.8.1 in function apply_substitution in… | 2025-11-05T17:48:28Z | 2025-11-05T17:48:28Z |
| ghsa-px5r-4v6x-q5mv | A vulnerability in the Java Remote Method Invocation (RMI) process of Cisco Unified CCX could allow… | 2025-11-05T17:48:28Z | 2025-11-05T17:48:28Z |
| ghsa-mvgf-2h8p-jh4x | Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could… | 2025-11-05T17:48:28Z | 2025-11-05T17:48:28Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-22288 | N/A | WordPress Smush Image Compression and Optimization plu… |
WPMU DEV - Your All-in-One WordPress Platform |
Smush Image Compression and Optimization |
2025-11-06T15:53:18.126Z | 2025-11-07T20:32:23.564Z |
| cve-2025-12556 | 8.7 (v4.0) 8.8 (v3.1) | IDIS ICM Viewer Argument Injection |
IDIS |
ICM Viewer |
2025-11-06T15:35:58.447Z | 2025-11-06T15:47:08.878Z |
| cve-2025-11956 | 8.9 (v3.1) | XSS in Proliz's OBS |
Proliz Software Ltd. Co. |
OBS (Student Affairs Information System) |
2025-11-06T14:51:51.292Z | 2025-11-06T15:07:43.302Z |
| cve-2025-10955 | 6.1 (v3.1) | HTML Injection in Netcad Software's Netigma |
Netcad Software Inc. |
Netigma |
2025-11-06T14:46:09.596Z | 2025-11-07T08:38:36.099Z |
| cve-2025-37735 | 7 (v3.1) | Improper preservation of permissions in Elastic D… |
Elastic |
Kibana |
2025-11-06T14:27:26.235Z | 2025-11-07T04:56:11.390Z |
| cve-2025-36054 | 6.1 (v3.1) | Cross-site scripting vulnerability affect IBM Business… |
IBM |
Business Automation Workflow containers |
2025-11-06T14:11:49.396Z | 2025-11-06T14:32:53.254Z |
| cve-2025-11268 | Strong Testimonials <= 3.2.16 - Unauthenticated Arbitr… |
wpchill |
Strong Testimonials |
2025-11-06T08:26:27.860Z | 2025-11-06T14:46:59.939Z | |
| cve-2025-12360 | Better Find and Replace <= 1.7.7 - Missing Authorization |
codesolz |
Better Find and Replace – AI-Powered Suggestions |
2025-11-06T07:27:05.431Z | 2025-11-06T14:51:40.221Z | |
| cve-2025-10259 | 5.3 (v3.1) | Denial-of-Service(DoS) Vulnerability in TCP Communicat… |
Mitsubishi Electric Corporation |
MELSEC iQ-F Series FX5U-32MT/ES |
2025-11-06T07:12:24.252Z | 2025-11-06T15:22:22.596Z |
| cve-2025-12471 | Hubbub Lite <= 1.36.0 - Reflected Cross-Site Scripting |
nerdpressteam |
Hubbub Lite – Fast, free social sharing and follow buttons |
2025-11-06T06:45:20.224Z | 2025-11-06T15:28:04.500Z | |
| cve-2025-9338 | 7.3 (v4.0) | A improper restriction of operations within the b… |
ASUS |
Armoury Crate |
2025-11-06T06:02:48.738Z | 2025-11-06T15:37:38.417Z |
| cve-2025-12560 | Blog2Social: Social Media Auto Post & Scheduler <= 8.6… |
pr-gateway |
Blog2Social: Social Media Auto Post & Scheduler |
2025-11-06T05:31:24.932Z | 2025-11-06T15:40:57.868Z | |
| cve-2025-11271 | Easy Digital Download <= 3.5.2 - Insufficient Verifica… |
smub |
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy |
2025-11-06T04:36:22.463Z | 2025-11-06T15:50:35.023Z | |
| cve-2025-12563 | Blog2Social: Social Media Auto Post & Scheduler <= 8.6… |
pr-gateway |
Blog2Social: Social Media Auto Post & Scheduler |
2025-11-06T04:36:21.892Z | 2025-11-06T14:08:53.571Z | |
| cve-2025-61994 | 5.4 (v3.0) 4.8 (v4.0) | Cross-site scripting vulnerability exists in GROW… |
GROWI, Inc. |
GROWI |
2025-11-06T04:14:30.106Z | 2025-11-06T14:09:38.630Z |
| cve-2025-10691 | Easy Email Subscription <= 1.3 - Cross-Site Request Fo… |
yudiz |
Easy Email Subscription |
2025-11-06T03:27:01.882Z | 2025-11-06T17:02:19.997Z | |
| cve-2025-10683 | Easy Email Subscription <= 1.3 - Authenticated (Admin+… |
yudiz |
Easy Email Subscription |
2025-11-06T02:31:05.341Z | 2025-11-06T16:54:25.147Z | |
| cve-2025-64171 | MARIN3R: Cross-Namespace Vulnerability in the Operator |
3scale-sre |
marin3r |
2025-11-06T00:23:48.695Z | 2025-11-06T21:17:02.114Z | |
| cve-2025-64164 | DataEase is vulnerable to Oracle JNDI Injection |
dataease |
dataease |
2025-11-06T00:07:58.592Z | 2025-11-06T21:17:41.345Z | |
| cve-2025-63589 | N/A | A reflected XSS vulnerability exists in CMSimple_… |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-06T19:12:48.998Z |
| cve-2025-63588 | N/A | An unauthenticated reflected cross-site scripting… |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-06T19:10:56.777Z |
| cve-2025-63560 | N/A | An issue in KiloView Dual Channel 4k HDMI & 3G-SD… |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-10T17:04:00.611Z |
| cve-2025-63551 | N/A | A Server-Side Request Forgery (SSRF) vulnerabilit… |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-07T15:11:56.765Z |
| cve-2025-63307 | N/A | alexusmai laravel-file-manager 3.3.1 is vulnerabl… |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-06T19:08:37.837Z |
| cve-2025-60541 | N/A | A Server-Side Request Forgery (SSRF) in the /api/… |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-07T15:20:19.324Z |
| cve-2025-59396 | N/A | {'rejectedReasons': [{'lang': 'en', 'value': 'Not a security vulnerability'}], 'providerMetadata': {'orgId': '5d1c2695-1a31-4499-88ae-e847036fd7e3', 'shortName': 'WatchGuard', 'dateUpdated': '2025-11-10T22:50:06.864Z'}, 'x_generator': {'engine': 'cveClient/1.0.15'}} | N/A | N/A | 2025-11-06T00:00:00.000Z | 2025-11-10T22:50:06.864Z |
| cve-2025-59392 | N/A | On Elspec G5 devices through 1.2.2.19, a person w… |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-06T16:38:10.176Z |
| cve-2025-27919 | N/A | An issue was discovered in AnyDesk through 9.0.4.… |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-06T17:09:39.979Z |
| cve-2025-27918 | N/A | An issue was discovered in AnyDesk before 9.0.0. … |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-06T17:08:56.573Z |
| cve-2025-27917 | N/A | An issue was discovered in AnyDesk through 9.0.4.… |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-10T20:51:39.798Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-48085 | N/A | WordPress Simple Stripe plugin <= 0.9.17 - Cross Site … |
ZIPANG |
Simple Stripe |
2025-11-06T15:53:41.777Z | 2025-11-10T19:53:36.546Z |
| cve-2025-48083 | N/A | WordPress wpNamedUsers plugin <= 0.5 - Cross Site Requ… |
andriassundskard |
wpNamedUsers |
2025-11-06T15:53:40.546Z | 2025-11-10T19:53:42.815Z |
| cve-2025-48078 | N/A | WordPress Slick Google Map plugin <= 0.3 - Cross Site … |
Norbert |
Slick Google Map |
2025-11-06T15:53:37.443Z | 2025-11-10T19:53:50.504Z |
| cve-2025-48077 | N/A | WordPress Block Country plugin <= 1.0 - Cross Site Req… |
nitinmaurya12 |
Block Country |
2025-11-06T15:53:36.642Z | 2025-11-10T19:53:57.882Z |
| cve-2025-47588 | N/A | WordPress Dynamic Pricing With Discount Rules for WooC… |
acowebs |
Dynamic Pricing With Discount Rules for WooCommerce |
2025-11-06T15:53:35.904Z | 2025-11-10T19:54:06.119Z |
| cve-2025-39468 | N/A | WordPress Modal Survey plugin <= 2.0.2.0.1 - Local Fil… |
pantherius |
Modal Survey |
2025-11-06T15:53:34.539Z | 2025-11-10T19:54:12.439Z |
| cve-2025-39467 | N/A | WordPress Wanderland theme <= 1.7.1 - Local File Inclu… |
Mikado-Themes |
Wanderland |
2025-11-06T15:53:33.195Z | 2025-11-10T19:54:18.577Z |
| cve-2025-39466 | N/A | WordPress Dør theme <= 2.4 - Local File Inclusion Vuln… |
Mikado-Themes |
Dør |
2025-11-06T15:53:30.016Z | 2025-11-10T19:54:24.503Z |
| cve-2025-39465 | N/A | WordPress Advanced Google Maps plugin <= 5.8.4 - Broke… |
flippercode |
Advanced Google Maps |
2025-11-06T15:53:29.145Z | 2025-11-10T20:02:29.234Z |
| cve-2025-39463 | N/A | WordPress Dessau theme < 1.9 - Local File Inclusion vu… |
Select-Themes |
Dessau |
2025-11-06T15:53:23.424Z | 2025-11-10T20:02:35.975Z |
| cve-2025-32222 | N/A | WordPress Widget Logic <= 6.0.5 - Remote Code Executio… |
Widgetlogic.org |
Widget Logic |
2025-11-06T15:53:22.717Z | 2025-11-10T20:02:45.118Z |
| cve-2025-31029 | N/A | WordPress replyMail plugin <= 1.2.0 - Cross Site Reque… |
bingu |
replyMail |
2025-11-06T15:53:19.694Z | 2025-11-10T20:02:50.744Z |
| cve-2025-28953 | N/A | WordPress smart SEO plugin <= 4.0 - SQL Injection Vuln… |
axiomthemes |
smart SEO |
2025-11-06T15:53:18.852Z | 2025-11-10T16:16:55.832Z |
| cve-2025-22288 | N/A | WordPress Smush Image Compression and Optimization plu… |
WPMU DEV - Your All-in-One WordPress Platform |
Smush Image Compression and Optimization |
2025-11-06T15:53:18.126Z | 2025-11-07T20:32:23.564Z |
| cve-2025-12556 | 8.7 (v4.0) 8.8 (v3.1) | IDIS ICM Viewer Argument Injection |
IDIS |
ICM Viewer |
2025-11-06T15:35:58.447Z | 2025-11-06T15:47:08.878Z |
| cve-2025-37735 | 7 (v3.1) | Improper preservation of permissions in Elastic D… |
Elastic |
Kibana |
2025-11-06T14:27:26.235Z | 2025-11-07T04:56:11.390Z |
| cve-2025-36054 | 6.1 (v3.1) | Cross-site scripting vulnerability affect IBM Business… |
IBM |
Business Automation Workflow containers |
2025-11-06T14:11:49.396Z | 2025-11-06T14:32:53.254Z |
| cve-2025-11956 | 8.9 (v3.1) | XSS in Proliz's OBS |
Proliz Software Ltd. Co. |
OBS (Student Affairs Information System) |
2025-11-06T14:51:51.292Z | 2025-11-06T15:07:43.302Z |
| cve-2025-10955 | 6.1 (v3.1) | HTML Injection in Netcad Software's Netigma |
Netcad Software Inc. |
Netigma |
2025-11-06T14:46:09.596Z | 2025-11-07T08:38:36.099Z |
| cve-2025-11268 | Strong Testimonials <= 3.2.16 - Unauthenticated Arbitr… |
wpchill |
Strong Testimonials |
2025-11-06T08:26:27.860Z | 2025-11-06T14:46:59.939Z | |
| cve-2025-12360 | Better Find and Replace <= 1.7.7 - Missing Authorization |
codesolz |
Better Find and Replace – AI-Powered Suggestions |
2025-11-06T07:27:05.431Z | 2025-11-06T14:51:40.221Z | |
| cve-2025-10259 | 5.3 (v3.1) | Denial-of-Service(DoS) Vulnerability in TCP Communicat… |
Mitsubishi Electric Corporation |
MELSEC iQ-F Series FX5U-32MT/ES |
2025-11-06T07:12:24.252Z | 2025-11-06T15:22:22.596Z |
| cve-2025-12471 | Hubbub Lite <= 1.36.0 - Reflected Cross-Site Scripting |
nerdpressteam |
Hubbub Lite – Fast, free social sharing and follow buttons |
2025-11-06T06:45:20.224Z | 2025-11-06T15:28:04.500Z | |
| cve-2025-9338 | 7.3 (v4.0) | A improper restriction of operations within the b… |
ASUS |
Armoury Crate |
2025-11-06T06:02:48.738Z | 2025-11-06T15:37:38.417Z |
| cve-2025-12560 | Blog2Social: Social Media Auto Post & Scheduler <= 8.6… |
pr-gateway |
Blog2Social: Social Media Auto Post & Scheduler |
2025-11-06T05:31:24.932Z | 2025-11-06T15:40:57.868Z | |
| cve-2025-61994 | 5.4 (v3.0) 4.8 (v4.0) | Cross-site scripting vulnerability exists in GROW… |
GROWI, Inc. |
GROWI |
2025-11-06T04:14:30.106Z | 2025-11-06T14:09:38.630Z |
| cve-2025-12563 | Blog2Social: Social Media Auto Post & Scheduler <= 8.6… |
pr-gateway |
Blog2Social: Social Media Auto Post & Scheduler |
2025-11-06T04:36:21.892Z | 2025-11-06T14:08:53.571Z | |
| cve-2025-11271 | Easy Digital Download <= 3.5.2 - Insufficient Verifica… |
smub |
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy |
2025-11-06T04:36:22.463Z | 2025-11-06T15:50:35.023Z | |
| cve-2025-64480 | N/A | {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-11-06T03:55:05.652Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} | N/A | N/A | 2025-11-06T03:55:05.652Z | |
| cve-2025-64479 | N/A | {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-11-06T03:55:06.294Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} | N/A | N/A | 2025-11-06T03:55:06.294Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-111902 | Malicious code in final_moth_indigo-60 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111901 | Malicious code in final_grouse_beige-65 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111900 | Malicious code in filthy_termite_bronze-71 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111899 | Malicious code in filthy_seahorse_salmon-84 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111898 | Malicious code in filthy_roadrunner_cyan-89 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111897 | Malicious code in few_ox_fuchsia-83 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111896 | Malicious code in feminist_beetle_silver-78 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111895 | Malicious code in female_albatross_gold-91 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111894 | Malicious code in fellow_silverfish_black-67 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111893 | Malicious code in fellow_beaver_moccasin-4 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111892 | Malicious code in favourite_frog_rose-90 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111891 | Malicious code in favourable_swordfish_gold-80 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111890 | Malicious code in fast_kiwi_crimson-47 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111889 | Malicious code in far_earthworm_peach-80 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111888 | Malicious code in familiar_chinchilla_cyan-60 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111887 | Malicious code in fair_cow_bronze-92 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111886 | Malicious code in exuberant_wolverine_moccasin-61 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111885 | Malicious code in extraordinary_wildebeest_crimson-7 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111884 | Malicious code in extraordinary_ant_cyan-53 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111883 | Malicious code in external_sheep_bronze-18 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111882 | Malicious code in extended_woodpecker_cyan-64 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111881 | Malicious code in experienced_wombat_teal-87 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111880 | Malicious code in expensive_roadrunner_silver-30 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111879 | Malicious code in exclusive_macaw_white-1 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111878 | Malicious code in exclusive_goldfish_maroon-30 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111877 | Malicious code in exciting_reindeer_maroon-48 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111876 | Malicious code in exciting_lynx_tan-96 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111875 | Malicious code in excited_haddock_blue-36 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111874 | Malicious code in excessive_cat_purple-22 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111873 | Malicious code in excellent_eagle_blue-33 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:15387 | Red Hat Security Advisory: Red Hat OpenShift GitOps security update | 2025-09-04T19:38:44+00:00 | 2025-10-20T16:56:53+00:00 |
| rhsa-2025:15388 | Red Hat Security Advisory: Red Hat OpenShift GitOps security update | 2025-09-04T19:38:37+00:00 | 2025-10-20T15:51:28+00:00 |
| rhsa-2025:14858 | Red Hat Security Advisory: OpenShift Container Platform 4.16.47 bug fix and security update | 2025-09-04T17:05:36+00:00 | 2025-11-06T23:14:46+00:00 |
| rhsa-2025:14853 | Red Hat Security Advisory: OpenShift Container Platform 4.14.56 bug fix and security update | 2025-09-04T17:05:30+00:00 | 2025-11-06T23:14:46+00:00 |
| rhsa-2025:14818 | Red Hat Security Advisory: OpenShift Container Platform 4.18.23 bug fix and security update | 2025-09-04T17:03:51+00:00 | 2025-11-06T23:14:45+00:00 |
| rhsa-2025:15358 | Red Hat Security Advisory: updated RHEL-8 based Middleware Containers container images | 2025-09-04T16:29:43+00:00 | 2025-11-07T10:53:51+00:00 |
| rhsa-2025:15371 | Red Hat Security Advisory: Satellite 6 Client Bug Fix Update | 2025-09-04T15:54:46+00:00 | 2025-11-06T22:56:31+00:00 |
| rhsa-2025:15359 | Red Hat Security Advisory: postgresql:13 security update | 2025-09-04T14:50:26+00:00 | 2025-11-06T22:48:28+00:00 |
| rhsa-2025:14820 | Red Hat Security Advisory: OpenShift Container Platform 4.18.23 bug fix and security update | 2025-09-04T14:47:49+00:00 | 2025-11-11T10:24:15+00:00 |
| rhsa-2025:15361 | Red Hat Security Advisory: postgresql:12 security update | 2025-09-04T14:39:07+00:00 | 2025-11-06T22:48:33+00:00 |
| rhsa-2025:14859 | Red Hat Security Advisory: OpenShift Container Platform 4.16.47 bug fix and security update | 2025-09-04T13:50:12+00:00 | 2025-11-11T10:24:12+00:00 |
| rhsa-2025:15348 | Red Hat Security Advisory: python3.12 security update | 2025-09-04T13:09:46+00:00 | 2025-11-07T10:53:29+00:00 |
| rhsa-2025:15337 | Red Hat Security Advisory: Red Hat build of Keycloak 26.0.15 Images Update | 2025-09-04T11:24:04+00:00 | 2025-11-07T18:37:09+00:00 |
| rhsa-2025:15338 | Red Hat Security Advisory: Red Hat build of Keycloak 26.2.8 Images Security Update | 2025-09-04T11:22:48+00:00 | 2025-11-07T18:37:10+00:00 |
| rhsa-2025:15339 | Red Hat Security Advisory: Red Hat build of Keycloak 26.2.8 Security Update | 2025-09-04T11:13:13+00:00 | 2025-11-07T18:37:10+00:00 |
| rhsa-2025:15336 | Red Hat Security Advisory: Red Hat build of Keycloak 26.0.15 Update | 2025-09-04T11:09:19+00:00 | 2025-11-07T18:37:09+00:00 |
| rhsa-2025:14855 | Red Hat Security Advisory: OpenShift Container Platform 4.14.56 bug fix and security update | 2025-09-04T04:22:43+00:00 | 2025-11-10T13:43:31+00:00 |
| rhsa-2025:14856 | Red Hat Security Advisory: OpenShift Container Platform 4.14.56 security and extras update | 2025-09-04T03:47:46+00:00 | 2025-11-06T22:56:26+00:00 |
| rhsa-2025:15227 | Red Hat Security Advisory: kernel security update | 2025-09-04T01:50:25+00:00 | 2025-11-11T09:06:29+00:00 |
| rhsa-2025:15224 | Red Hat Security Advisory: kernel-rt security update | 2025-09-04T01:18:44+00:00 | 2025-11-11T09:06:29+00:00 |
| rhsa-2025:14821 | Red Hat Security Advisory: OpenShift Container Platform 4.18.23 security and extras update | 2025-09-03T18:51:10+00:00 | 2025-11-10T01:32:42+00:00 |
| rhsa-2025:14860 | Red Hat Security Advisory: OpenShift Container Platform 4.16.47 security and extras update | 2025-09-03T14:26:28+00:00 | 2025-11-07T00:15:34+00:00 |
| rhsa-2025:15123 | Red Hat Security Advisory: httpd:2.4 security update | 2025-09-03T13:23:28+00:00 | 2025-11-07T10:53:41+00:00 |
| rhsa-2025:15122 | Red Hat Security Advisory: python-requests security update | 2025-09-03T13:23:28+00:00 | 2025-11-06T23:59:19+00:00 |
| rhsa-2025:15124 | Red Hat Security Advisory: Satellite 6.16.5.3 Async Update | 2025-09-03T13:15:43+00:00 | 2025-11-06T22:56:32+00:00 |
| rhsa-2025:15121 | Red Hat Security Advisory: python-requests security update | 2025-09-03T13:15:23+00:00 | 2025-11-06T23:59:18+00:00 |
| rhsa-2025:15115 | Red Hat Security Advisory: postgresql:12 security update | 2025-09-03T08:34:17+00:00 | 2025-11-06T22:48:25+00:00 |
| rhsa-2025:15114 | Red Hat Security Advisory: postgresql security update | 2025-09-03T05:40:37+00:00 | 2025-11-06T22:48:25+00:00 |
| rhsa-2025:14919 | Red Hat Security Advisory: Red Hat build of Cryostat 4.0.2: new RHEL 9 container image security update | 2025-09-03T02:15:18+00:00 | 2025-11-08T07:17:51+00:00 |
| rhsa-2025:15102 | Red Hat Security Advisory: pam security update | 2025-09-03T01:35:02+00:00 | 2025-11-07T00:15:22+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2025-7545 | GNU Binutils objcopy.c copy_section heap-based overflow | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-7519 | Polkit: xml policy file with a large number of nested elements may lead to out-of-bounds write | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-7458 | SQLite integer overflow in key info allocation may lead to information disclosure. | 2025-07-02T00:00:00.000Z | 2025-08-14T00:00:00.000Z |
| msrc_cve-2025-7425 | Libxslt: heap use-after-free in libxslt caused by atype corruption in xmlattrptr | 2025-07-02T00:00:00.000Z | 2025-09-04T02:04:37.000Z |
| msrc_cve-2025-7424 | Libxslt: type confusion in xmlnode.psvi between stylesheet and source nodes | 2025-07-02T00:00:00.000Z | 2025-09-04T02:12:04.000Z |
| msrc_cve-2025-7395 | Domain Name Validation Bypass with Apple Native Certificate Validation | 2025-07-02T00:00:00.000Z | 2025-09-04T03:52:58.000Z |
| msrc_cve-2025-7394 | In the OpenSSL compatibility layer implementation, the function RAND_poll() was not behaving as expected and leading to the potential for predictable values returned from RAND_bytes() after fork() is called. This can lead to weak or predictable random numbers generated in applications that are both using RAND_bytes() and doing fork() operations. This only affects applications explicitly calling RAND_bytes() after fork() and does not affect any internal TLS operations. Although RAND_bytes() documentation in OpenSSL calls out not being safe for use with fork() without first calling RAND_poll(), an additional code change was also made in wolfSSL to make RAND_bytes() behave similar to OpenSSL after a fork() call without calling RAND_poll(). Now the Hash-DRBG used gets reseeded after detecting running in a new process. If making use of RAND_bytes() and calling fork() we recommend updating to the latest version of wolfSSL. Thanks to Per Allansson from Appgate for the report. | 2025-07-02T00:00:00.000Z | 2025-09-04T03:46:05.000Z |
| msrc_cve-2025-7345 | Gdk‑pixbuf: heap‑buffer‑overflow in gdk‑pixbuf | 2025-07-02T00:00:00.000Z | 2025-07-18T00:00:00.000Z |
| msrc_cve-2025-7339 | on-headers vulnerable to http response header manipulation | 2025-07-02T00:00:00.000Z | 2025-09-17T01:01:34.000Z |
| msrc_cve-2025-7207 | mruby nregs codegen.c scope_new heap-based overflow | 2025-07-02T00:00:00.000Z | 2025-09-04T02:39:43.000Z |
| msrc_cve-2025-7069 | HDF5 H5FSsection.c H5FS__sect_link_size heap-based overflow | 2025-07-02T00:00:00.000Z | 2025-09-04T01:57:23.000Z |
| msrc_cve-2025-7068 | HDF5 H5FL.c H5FL__malloc memory leak | 2025-07-02T00:00:00.000Z | 2025-09-03T22:54:55.000Z |
| msrc_cve-2025-7067 | HDF5 H5FScache.c H5FS__sinfo_serialize_node_cb heap-based overflow | 2025-07-02T00:00:00.000Z | 2025-09-03T22:51:04.000Z |
| msrc_cve-2025-6965 | Integer Truncation on SQLite | 2025-07-02T00:00:00.000Z | 2025-08-14T00:00:00.000Z |
| msrc_cve-2025-6491 | NULL Pointer Dereference in PHP SOAP Extension via Large XML Namespace Prefix | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-6395 | Gnutls: null pointer dereference in _gnutls_figure_common_ciphersuite() | 2025-07-02T00:00:00.000Z | 2025-07-25T00:00:00.000Z |
| msrc_cve-2025-5994 | Cache poisoning via the ECS-enabled Rebirthday Attack | 2025-07-02T00:00:00.000Z | 2025-09-04T02:52:05.000Z |
| msrc_cve-2025-5987 | Libssh: invalid return code for chacha20 poly1305 with openssl backend | 2025-07-02T00:00:00.000Z | 2025-07-18T00:00:00.000Z |
| msrc_cve-2025-54567 | hw/pci/pcie_sriov.c in QEMU through 10.0.3 mishandles the VF Enable bit write mask, a related issue to CVE-2024-26327. | 2025-07-02T00:00:00.000Z | 2025-09-04T04:37:16.000Z |
| msrc_cve-2025-54566 | hw/pci/pcie_sriov.c in QEMU through 10.0.3 has a migration state inconsistency, a related issue to CVE-2024-26327. | 2025-07-02T00:00:00.000Z | 2025-09-04T04:40:47.000Z |
| msrc_cve-2025-54314 | Thor before 1.4.0 can construct an unsafe shell command from library input. NOTE: this is disputed by the Supplier because "the method that was fixed can only be used with arguments that are controlled by Thor, and there is no way an attacker can take control of those arguments." | 2025-07-02T00:00:00.000Z | 2025-09-04T04:06:48.000Z |
| msrc_cve-2025-54126 | WebAssembly Micro Runtime's `--addr-pool` option allows all IPv4 addresses when subnet mask is not specified | 2025-07-02T00:00:00.000Z | 2025-09-04T03:22:55.000Z |
| msrc_cve-2025-54090 | Apache HTTP Server: 'RewriteCond expr' always evaluates to true in 2.4.64 | 2025-07-02T00:00:00.000Z | 2025-08-07T00:00:00.000Z |
| msrc_cve-2025-53906 | Vim has path traversal issue with zip.vim and special crafted zip archives | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-53905 | Vim has path traversial issue with tar.vim and special crafted tar files | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-5372 | Libssh: incorrect return code handling in ssh_kdf() in libssh | 2025-07-02T00:00:00.000Z | 2025-07-18T00:00:00.000Z |
| msrc_cve-2025-53605 | The protobuf crate before 3.7.2 for Rust allows uncontrolled recursion in the protobuf::coded_input_stream::CodedInputStream::skip_group parsing of unknown fields in untrusted input. | 2025-07-02T00:00:00.000Z | 2025-09-04T03:26:57.000Z |
| msrc_cve-2025-53547 | Helm Chart Dependency Updating With Malicious Chart.yaml Content And Symlink Can Lead To Code Execution | 2025-07-02T00:00:00.000Z | 2025-07-16T00:00:00.000Z |
| msrc_cve-2025-5351 | Libssh: double free vulnerability in libssh key export functions | 2025-07-02T00:00:00.000Z | 2025-07-18T00:00:00.000Z |
| msrc_cve-2025-53023 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Replication). | 2025-07-02T00:00:00.000Z | 2025-08-07T00:00:00.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2022-000087 | Multiple vulnerabilities in WordPress | 2022-11-08T14:59+09:00 | 2024-06-06T16:27+09:00 |
| jvndb-2022-000079 | Multiple vulnerabilities in the web interfaces of Kyocera Document Solutions MFPs and printers | 2022-11-01T14:51+09:00 | 2024-06-06T17:01+09:00 |
| jvndb-2022-000084 | Multiple vulnerabilities in FUJI SOFT network devices | 2022-10-28T15:12+09:00 | 2024-06-06T16:48+09:00 |
| jvndb-2022-000083 | Multiple vulnerabilities in SHIRASAGI | 2022-10-25T15:10+09:00 | 2024-06-05T16:06+09:00 |
| jvndb-2022-000082 | Multiple vulnerabilities in nadesiko3 | 2022-10-20T16:58+09:00 | 2024-06-05T17:28+09:00 |
| jvndb-2022-002544 | Multiple vulnerabilities in Trend Micro Apex One and Apex One as a Service | 2022-10-20T16:18+09:00 | 2024-06-13T13:58+09:00 |
| jvndb-2022-002537 | Stack-based buffer overflow vulnerability in Yokogawa Test & Measurement WTViewerE | 2022-10-19T16:23+09:00 | 2024-06-12T16:54+09:00 |
| jvndb-2022-000081 | Lemon8 App fails to restrict access permissions | 2022-10-19T14:08+09:00 | 2024-06-12T16:39+09:00 |
| jvndb-2022-000080 | Android App "IIJ SmartKey" vulnerable to information disclosure | 2022-10-14T13:57+09:00 | 2024-06-27T13:40+09:00 |
| jvndb-2022-002451 | Multiple vulnerabilities in SVMPC1 and SVMPC2 | 2022-10-13T17:27+09:00 | 2024-05-30T16:38+09:00 |
| jvndb-2022-000078 | bingo!CMS vulnerable to authentication bypass | 2022-10-11T17:49+09:00 | 2024-05-30T17:57+09:00 |
| jvndb-2022-002448 | Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security agents for Windows | 2022-10-11T17:02+09:00 | 2024-06-13T14:30+09:00 |
| jvndb-2022-000077 | The installer of Sony Content Transfer may insecurely load Dynamic Link Libraries | 2022-10-11T15:08+09:00 | 2024-06-12T12:12+09:00 |
| jvndb-2022-000076 | Growi vulnerable to improper access control | 2022-10-07T14:30+09:00 | 2024-06-12T12:04+09:00 |
| jvndb-2022-000075 | IPFire WebUI vulnerable to cross-site scripting | 2022-10-06T13:05+09:00 | 2024-06-12T14:28+09:00 |
| jvndb-2022-002444 | Multiple vulnerabilities in Buffalo network devices | 2022-10-05T17:44+09:00 | 2022-10-13T16:28+09:00 |
| jvndb-2022-002443 | Privilege Escalation Vulnerability in Hitachi Storage Plug-in for VMware vCenter | 2022-10-05T17:28+09:00 | 2022-10-05T17:28+09:00 |
| jvndb-2022-000074 | BookStack vulnerable to cross-site scripting | 2022-09-30T14:48+09:00 | 2024-06-12T14:07+09:00 |
| jvndb-2022-002367 | OpenAM (OpenAM Consortium Edition) vulnerable to open redirect | 2022-09-16T15:30+09:00 | 2024-06-13T11:39+09:00 |
| jvndb-2022-000073 | Multiple vulnerabilities in EC-CUBE | 2022-09-15T16:30+09:00 | 2024-06-13T11:09+09:00 |
| jvndb-2022-000072 | EC-CUBE plugin "Product Image Bulk Upload Plugin" vulnerable to insufficient verification in uploading files | 2022-09-15T16:13+09:00 | 2024-06-13T11:03+09:00 |
| jvndb-2022-000071 | Multiple vulnerabilities in Trend Micro Apex One and Trend Micro Apex One as a Service | 2022-09-14T18:15+09:00 | 2024-06-13T11:34+09:00 |
| jvndb-2022-002364 | DoS Vulnerability in uCosminexus TP1/Client/J and Cosminexus Service Coordinator | 2022-09-14T11:34+09:00 | 2022-09-14T11:34+09:00 |
| jvndb-2022-000070 | Movable Type plugin A-Form vulnerable to cross-site scripting | 2022-09-09T15:01+09:00 | 2024-06-13T13:49+09:00 |
| jvndb-2022-000068 | SYNCK GRAPHICA Mailform Pro CGI vulnerable to information disclosure | 2022-09-05T15:22+09:00 | 2024-06-13T16:00+09:00 |
| jvndb-2022-002346 | Multiple vulnerabilities in Contec FLEXLAN FX3000 and FX2000 series | 2022-09-02T18:08+09:00 | 2022-09-02T18:08+09:00 |
| jvndb-2022-000069 | PowerCMS XMLRPC API vulnerable to command injection | 2022-09-02T15:49+09:00 | 2024-06-13T11:44+09:00 |
| jvndb-2022-000066 | Multiple vulnerabilities in CentreCOM AR260S V2 | 2022-08-29T17:37+09:00 | 2024-06-13T16:21+09:00 |
| jvndb-2022-000067 | Installer of Ricoh Device Software Manager may insecurely load Dynamic Link Libraries | 2022-08-29T15:57+09:00 | 2024-06-13T13:53+09:00 |
| jvndb-2022-000064 | Movable Type XMLRPC API vulnerable to command injection | 2022-08-24T15:58+09:00 | 2024-06-13T18:11+09:00 |
| ID | Description | Updated |
|---|