Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-jpv8-hv7x-q4mr | Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could… | 2025-11-05T17:48:28Z | 2025-11-05T17:48:28Z |
| ghsa-j75f-w639-68hc | Snipe-IT before version 8.3.3 contains a remote code execution vulnerability that allows an authent… | 2025-11-05T17:48:28Z | 2025-11-10T18:30:33Z |
| ghsa-gp2g-3xx9-59fw | A vulnerability in the web UI of Cisco Unified CCX could allow an authenticated, remote attacker to… | 2025-11-05T17:48:28Z | 2025-11-05T17:48:28Z |
| ghsa-g7hc-wvj4-v52x | A vulnerability in the web-based management interface of Cisco ISE could allow an authenticated, re… | 2025-11-05T17:48:28Z | 2025-11-05T17:48:28Z |
| ghsa-cfwq-p5hw-9v6p | A vulnerability in the RADIUS setting Reject RADIUS requests from clients with repeated failures on… | 2025-11-05T17:48:28Z | 2025-11-05T17:48:28Z |
| ghsa-97fq-qprm-p8vj | Multiple vulnerabilities in the web-based management interface of Cisco ISE and Cisco ISE-PIC could… | 2025-11-05T17:48:28Z | 2025-11-05T17:48:28Z |
| ghsa-7c9g-mrww-7986 | OS command injection vulnerability in Dynatrace ActiveGate ping extension up to 1.016 via crafted i… | 2025-11-05T17:48:28Z | 2025-11-05T21:31:01Z |
| ghsa-qw9x-cqr3-wc7r | runc container escape with malicious config due to /dev/console mount and related races | 2025-11-05T17:34:49Z | 2025-11-06T23:12:51Z |
| ghsa-9493-h29p-rfm2 | runc container escape via "masked path" abuse due to mount race conditions | 2025-11-05T16:37:15Z | 2025-11-06T23:12:38Z |
| ghsa-x43x-2mp4-28j4 | MDaemon Mail Server 23.5.2 validates SPF, DKIM, and DMARC using the email enclosed in angle bracket… | 2025-11-05T15:31:07Z | 2025-11-05T17:48:28Z |
| ghsa-qw25-v68c-qjf3 | Django has a denial-of-service vulnerability in HttpResponseRedirect and HttpResponsePermanentRedir… | 2025-11-05T15:31:07Z | 2025-11-05T19:55:37Z |
| ghsa-j793-63pp-pmv8 | HCL BigFix Query is affected by a sensitive information disclosure in the WebUI Query application. … | 2025-11-05T15:31:07Z | 2025-11-05T15:31:07Z |
| ghsa-frmv-pr5f-9mcr | Django vulnerable to SQL injection via _connector keyword argument in QuerySet and Q objects. | 2025-11-05T15:31:07Z | 2025-11-05T19:55:43Z |
| ghsa-pmj8-xcc6-hfrp | A denial of service vulnerability exists in the g_assert_not_reached functionality of Entr'ouve… | 2025-11-05T15:31:06Z | 2025-11-05T17:48:28Z |
| ghsa-j9px-r24r-fm3p | A type confusion vulnerability exists in the lasso_node_impl_init_from_xml functionality of Entr… | 2025-11-05T15:31:06Z | 2025-11-05T17:48:28Z |
| ghsa-4p4q-6835-5w79 | A denial of service vulnerability exists in the lasso_node_init_from_message_with_format functional… | 2025-11-05T15:31:06Z | 2025-11-05T17:48:28Z |
| ghsa-mg7h-mgjw-mg5g | An arbitrary file upload vulnerability exists in multiple WSO2 products due to improper input valid… | 2025-11-05T15:31:05Z | 2025-11-05T15:31:05Z |
| ghsa-2vvf-4m7q-pvpx | A denial of service vulnerability exists in the lasso_provider_verify_saml_signature functionality … | 2025-11-05T15:31:05Z | 2025-11-05T17:48:28Z |
| ghsa-w6ph-hrmj-vffx | The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin f… | 2025-11-05T12:30:19Z | 2025-11-05T12:30:19Z |
| ghsa-m35w-xx8c-6xc7 | Apache Doris-MCP-Server: Improper Access Control results in bypassing a "read-only" mode | 2025-11-05T12:30:19Z | 2025-11-07T16:48:36Z |
| ghsa-f5fh-r4mj-fqj8 | The Ad Inserter – Ad Manager & AdSense Ads plugin for WordPress is vulnerable to Stored Cross-Site … | 2025-11-05T12:30:19Z | 2025-11-05T12:30:19Z |
| ghsa-99fv-75qw-h59w | The Premium Portfolio Features for Phlox theme plugin for WordPress is vulnerable to Local File Inc… | 2025-11-05T12:30:19Z | 2025-11-05T12:30:19Z |
| ghsa-5ppg-2735-mfmv | The FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce plugin f… | 2025-11-05T12:30:19Z | 2025-11-05T12:30:19Z |
| ghsa-wjrf-gc3h-428q | The Visual Link Preview plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the p… | 2025-11-05T12:30:18Z | 2025-11-05T12:30:19Z |
| ghsa-8rfp-386c-p2rw | The Graphina – Elementor Charts and Graphs plugin for WordPress is vulnerable to Stored Cross-Site … | 2025-11-05T12:30:18Z | 2025-11-05T12:30:19Z |
| ghsa-7r77-r49w-qf55 | The Events Calendar plugin for WordPress is vulnerable to information disclosure in versions up to,… | 2025-11-05T12:30:18Z | 2025-11-05T12:30:18Z |
| ghsa-p7ww-wjh2-g3gw | The Control-M/Agent is vulnerable to unauthenticated remote code execution, arbitrary file read and… | 2025-11-05T09:30:26Z | 2025-11-05T09:30:26Z |
| ghsa-vcpc-5m37-qv5v | Optical Disc Archive Software provided by Sony Corporation registers a Windows service with an unqu… | 2025-11-05T09:30:25Z | 2025-11-05T09:30:25Z |
| ghsa-rjf9-fxg3-f244 | The B Carousel Block – Responsive Image and Content Carousel plugin for WordPress is vulnerable to … | 2025-11-05T09:30:25Z | 2025-11-05T09:30:25Z |
| ghsa-qjg9-678q-xgw7 | Multiple Roboticsware products provided by Roboticsware PTE. LTD. register Windows services with un… | 2025-11-05T09:30:25Z | 2025-11-05T09:30:25Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-63307 | N/A | alexusmai laravel-file-manager 3.3.1 is vulnerabl… |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-06T19:08:37.837Z |
| cve-2025-60541 | N/A | A Server-Side Request Forgery (SSRF) in the /api/… |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-07T15:20:19.324Z |
| cve-2025-59396 | N/A | {'rejectedReasons': [{'lang': 'en', 'value': 'Not a security vulnerability'}], 'providerMetadata': {'orgId': '5d1c2695-1a31-4499-88ae-e847036fd7e3', 'shortName': 'WatchGuard', 'dateUpdated': '2025-11-10T22:50:06.864Z'}, 'x_generator': {'engine': 'cveClient/1.0.15'}} | N/A | N/A | 2025-11-06T00:00:00.000Z | 2025-11-10T22:50:06.864Z |
| cve-2025-59392 | N/A | On Elspec G5 devices through 1.2.2.19, a person w… |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-06T16:38:10.176Z |
| cve-2025-27919 | N/A | An issue was discovered in AnyDesk through 9.0.4.… |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-06T17:09:39.979Z |
| cve-2025-27918 | N/A | An issue was discovered in AnyDesk before 9.0.0. … |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-06T17:08:56.573Z |
| cve-2025-27917 | N/A | An issue was discovered in AnyDesk through 9.0.4.… |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-10T20:51:39.798Z |
| cve-2025-27916 | N/A | An issue was discovered in AnyDesk through 9.0.4.… |
n/a |
n/a |
2025-11-06T00:00:00.000Z | 2025-11-10T19:49:52.216Z |
| cve-2025-64163 | DataEase's DB2 is vulnerable to SSRF |
dataease |
dataease |
2025-11-05T23:52:05.196Z | 2025-11-06T21:18:12.403Z | |
| cve-2025-64114 | ClipBucket v5: SQL Injection possible through ClipBuck… |
MacWarrior |
clipbucket-v5 |
2025-11-05T23:30:59.120Z | 2025-11-06T21:19:38.854Z | |
| cve-2025-62596 | youki container escape and denial of service due to ar… |
youki-dev |
youki |
2025-11-05T23:14:37.167Z | 2025-11-06T16:54:15.942Z | |
| cve-2025-62161 | youki container escape via "masked path" abuse due to … |
youki-dev |
youki |
2025-11-05T23:09:09.014Z | 2025-11-06T21:20:19.865Z | |
| cve-2025-55278 | 8.1 (v3.1) | HCL DevOps Loop is susceptible to an improper authenti… |
HCL Software |
DevOps Loop |
2025-11-05T22:44:17.256Z | 2025-11-06T21:20:55.355Z |
| cve-2025-12779 | 8.8 (v4.0) 8.8 (v3.1) | Improper handling of the authentication token in … |
Amazon |
Amazon WorkSpaces |
2025-11-05T21:20:51.567Z | 2025-11-10T18:52:51.286Z |
| cve-2025-10853 | 5.2 (v3.1) | Reflected Cross-Site Scripting (XSS) in Management Con… |
WSO2 |
WSO2 Open Banking IAM |
2025-11-05T19:21:32.971Z | 2025-11-05T19:58:21.875Z |
| cve-2025-5770 | 6.1 (v3.1) | Reflected Cross-Site Scripting (XSS) in Authentication… |
WSO2 |
WSO2 Identity Server |
2025-11-05T19:02:48.434Z | 2025-11-05T20:13:05.330Z |
| cve-2025-43418 | N/A | This issue was addressed by restricting options o… |
Apple |
iOS and iPadOS |
2025-11-05T18:33:35.485Z | 2025-11-05T18:50:52.441Z |
| cve-2023-43000 | N/A | A use-after-free issue was addressed with improve… |
Apple |
macOS |
2025-11-05T18:33:23.777Z | 2025-11-06T04:55:46.892Z |
| cve-2025-12745 | QuickJS quickjs.c js_array_buffer_slice buffer over-read |
n/a |
QuickJS |
2025-11-05T18:32:07.580Z | 2025-11-05T19:26:04.149Z | |
| cve-2025-11093 | 8.4 (v3.1) | Arbitrary Code Execution with higher privileged users … |
WSO2 |
WSO2 Micro Integrator |
2025-11-05T18:31:17.873Z | 2025-11-05T19:39:15.696Z |
| cve-2025-31954 | 5.4 (v3.1) | HCL iAutomate is susceptible to a sensitive informatio… |
HCL Software |
iAutomate |
2025-11-05T18:23:21.019Z | 2025-11-05T18:46:53.781Z |
| cve-2025-10907 | 8.4 (v3.1) | Authenticated Arbitrary File Upload in Multiple WSO2 P… |
WSO2 |
WSO2 API Manager |
2025-11-05T18:03:49.831Z | 2025-11-05T18:49:44.604Z |
| cve-2025-10713 | 6.5 (v3.1) | XML External Entity (XXE) Vulnerability in Multiple WS… |
WSO2 |
WSO2 Enterprise Integrator |
2025-11-05T17:18:24.719Z | 2025-11-05T18:15:56.913Z |
| cve-2025-43990 | 7.3 (v3.1) | Dell Command Monitor (DCM), versions prior to 10.… |
Dell |
Command Monitor (DCM) |
2025-11-05T17:01:23.986Z | 2025-11-06T04:55:47.809Z |
| cve-2025-46366 | 6.7 (v3.1) | Dell CloudLink, versions prior to 8.1.1, contain … |
Dell |
CloudLink |
2025-11-05T16:50:28.754Z | 2025-11-06T04:55:41.794Z |
| cve-2025-46424 | 6.7 (v3.1) | Dell CloudLink, versions prior to 8.2, contain us… |
Dell |
CloudLink |
2025-11-05T16:46:25.707Z | 2025-11-06T04:55:40.938Z |
| cve-2025-46365 | 5.3 (v3.1) | Dell CloudLink, versions prior 8.1.1, contain a C… |
Dell |
CloudLink |
2025-11-05T16:40:39.934Z | 2025-11-06T04:55:40.128Z |
| cve-2025-46364 | 9.1 (v3.1) | Dell CloudLink, versions prior to 8.1.1, contain … |
Dell |
CloudLin |
2025-11-05T16:36:00.347Z | 2025-11-06T04:55:39.277Z |
| cve-2025-20304 | Multiple vulnerabilities in the web-based managem… |
Cisco |
Cisco Identity Services Engine Software |
2025-11-05T16:33:27.573Z | 2025-11-05T20:20:07.804Z | |
| cve-2025-20305 | A vulnerability in the web-based management inter… |
Cisco |
Cisco Identity Services Engine Software |
2025-11-05T16:32:52.800Z | 2025-11-05T20:19:33.833Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-12471 | Hubbub Lite <= 1.36.0 - Reflected Cross-Site Scripting |
nerdpressteam |
Hubbub Lite – Fast, free social sharing and follow buttons |
2025-11-06T06:45:20.224Z | 2025-11-06T15:28:04.500Z | |
| cve-2025-9338 | 7.3 (v4.0) | A improper restriction of operations within the b… |
ASUS |
Armoury Crate |
2025-11-06T06:02:48.738Z | 2025-11-06T15:37:38.417Z |
| cve-2025-12560 | Blog2Social: Social Media Auto Post & Scheduler <= 8.6… |
pr-gateway |
Blog2Social: Social Media Auto Post & Scheduler |
2025-11-06T05:31:24.932Z | 2025-11-06T15:40:57.868Z | |
| cve-2025-61994 | 5.4 (v3.0) 4.8 (v4.0) | Cross-site scripting vulnerability exists in GROW… |
GROWI, Inc. |
GROWI |
2025-11-06T04:14:30.106Z | 2025-11-06T14:09:38.630Z |
| cve-2025-12563 | Blog2Social: Social Media Auto Post & Scheduler <= 8.6… |
pr-gateway |
Blog2Social: Social Media Auto Post & Scheduler |
2025-11-06T04:36:21.892Z | 2025-11-06T14:08:53.571Z | |
| cve-2025-11271 | Easy Digital Download <= 3.5.2 - Insufficient Verifica… |
smub |
Easy Digital Downloads – eCommerce Payments and Subscriptions made easy |
2025-11-06T04:36:22.463Z | 2025-11-06T15:50:35.023Z | |
| cve-2025-64480 | N/A | {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-11-06T03:55:05.652Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} | N/A | N/A | 2025-11-06T03:55:05.652Z | |
| cve-2025-64479 | N/A | {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-11-06T03:55:06.294Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} | N/A | N/A | 2025-11-06T03:55:06.294Z | |
| cve-2025-64478 | N/A | {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-11-06T03:55:06.796Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} | N/A | N/A | 2025-11-06T03:55:06.796Z | |
| cve-2025-64477 | N/A | {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-11-06T03:55:07.255Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} | N/A | N/A | 2025-11-06T03:55:07.255Z | |
| cve-2025-64476 | N/A | {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-11-06T03:55:07.823Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} | N/A | N/A | 2025-11-06T03:55:07.823Z | |
| cve-2025-64475 | N/A | {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-11-06T03:55:08.310Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} | N/A | N/A | 2025-11-06T03:55:08.310Z | |
| cve-2025-64474 | N/A | {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-11-06T03:55:08.778Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} | N/A | N/A | 2025-11-06T03:55:08.778Z | |
| cve-2025-64473 | N/A | {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-11-06T03:55:09.228Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} | N/A | N/A | 2025-11-06T03:55:09.228Z | |
| cve-2025-64472 | N/A | {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-11-06T03:55:09.707Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} | N/A | N/A | 2025-11-06T03:55:09.707Z | |
| cve-2025-10691 | Easy Email Subscription <= 1.3 - Cross-Site Request Fo… |
yudiz |
Easy Email Subscription |
2025-11-06T03:27:01.882Z | 2025-11-06T17:02:19.997Z | |
| cve-2025-10683 | Easy Email Subscription <= 1.3 - Authenticated (Admin+… |
yudiz |
Easy Email Subscription |
2025-11-06T02:31:05.341Z | 2025-11-06T16:54:25.147Z | |
| cve-2025-64171 | MARIN3R: Cross-Namespace Vulnerability in the Operator |
3scale-sre |
marin3r |
2025-11-06T00:23:48.695Z | 2025-11-06T21:17:02.114Z | |
| cve-2025-64164 | DataEase is vulnerable to Oracle JNDI Injection |
dataease |
dataease |
2025-11-06T00:07:58.592Z | 2025-11-06T21:17:41.345Z | |
| cve-2025-64163 | DataEase's DB2 is vulnerable to SSRF |
dataease |
dataease |
2025-11-05T23:52:05.196Z | 2025-11-06T21:18:12.403Z | |
| cve-2025-64114 | ClipBucket v5: SQL Injection possible through ClipBuck… |
MacWarrior |
clipbucket-v5 |
2025-11-05T23:30:59.120Z | 2025-11-06T21:19:38.854Z | |
| cve-2025-62596 | youki container escape and denial of service due to ar… |
youki-dev |
youki |
2025-11-05T23:14:37.167Z | 2025-11-06T16:54:15.942Z | |
| cve-2025-62161 | youki container escape via "masked path" abuse due to … |
youki-dev |
youki |
2025-11-05T23:09:09.014Z | 2025-11-06T21:20:19.865Z | |
| cve-2025-55278 | 8.1 (v3.1) | HCL DevOps Loop is susceptible to an improper authenti… |
HCL Software |
DevOps Loop |
2025-11-05T22:44:17.256Z | 2025-11-06T21:20:55.355Z |
| cve-2025-12779 | 8.8 (v4.0) 8.8 (v3.1) | Improper handling of the authentication token in … |
Amazon |
Amazon WorkSpaces |
2025-11-05T21:20:51.567Z | 2025-11-10T18:52:51.286Z |
| cve-2025-63585 | N/A | OSSN (Open Source Social Network) 8.6 is vulnerab… |
n/a |
n/a |
2025-11-05T00:00:00.000Z | 2025-11-06T21:21:50.790Z |
| cve-2025-60784 | N/A | A vulnerability in the XiaozhangBang Voluntary Li… |
n/a |
n/a |
2025-11-05T00:00:00.000Z | 2025-11-05T21:01:51.302Z |
| cve-2025-63334 | N/A | PocketVJ CP PocketVJ-CP-v3 pvj version 3.9.1 cont… |
n/a |
n/a |
2025-11-05T00:00:00.000Z | 2025-11-05T20:18:30.677Z |
| cve-2025-10853 | 5.2 (v3.1) | Reflected Cross-Site Scripting (XSS) in Management Con… |
WSO2 |
WSO2 Open Banking IAM |
2025-11-05T19:21:32.971Z | 2025-11-05T19:58:21.875Z |
| cve-2025-63418 | N/A | A DOM-based Cross-Site Scripting (XSS) vulnerabil… |
n/a |
n/a |
2025-11-05T00:00:00.000Z | 2025-11-06T16:56:12.356Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-111872 | Malicious code in evolutionary_turkey_maroon-57 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111871 | Malicious code in evolutionary_mole_orange-1 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111870 | Malicious code in evil_sparrow_copper-35 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111869 | Malicious code in evident_vole_jade-66 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111868 | Malicious code in everyday_swift_turquoise-96 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111867 | Malicious code in everyday_dog_tan-13 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111866 | Malicious code in eventual_wolverine_amaranth-75 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111865 | Malicious code in eventual_sawfish_rose-24 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111864 | Malicious code in estimated_viper_olive-74 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111863 | Malicious code in estimated_jay_amethyst-22 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111862 | Malicious code in established_goose_harlequin-39 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111861 | Malicious code in enthusiastic_meerkat_turquoise-24 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111860 | Malicious code in energetic_aphid_brown-23 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111859 | Malicious code in endless_wildfowl_coral-78 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111858 | Malicious code in encouraging_starfish_amethyst-32 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111857 | Malicious code in encouraging_iguana_coral-82 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111856 | Malicious code in enchanting_xerinae_cyan-31 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111855 | Malicious code in empirical_guanaco_yellow-76 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111854 | Malicious code in emotional_quokka_rose-20 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111853 | Malicious code in emotional_meerkat_salmon-53 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111852 | Malicious code in eligible_grouse_harlequin-17 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111851 | Malicious code in eligible_dragon_scarlet-8 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111850 | Malicious code in eligible_cardinal_black-65 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111849 | Malicious code in electronic_guan_blue-58 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111848 | Malicious code in electric_quail_white-38 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111847 | Malicious code in electoral_jaguar_lavender-16 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111846 | Malicious code in electoral_camel_copper-24 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111845 | Malicious code in eldest_planarian_emerald-9 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111844 | Malicious code in elderly_xerinae_turquoise-29 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| mal-2025-111843 | Malicious code in efficient_macaw_moccasin-85 (npm) | 2025-11-11T07:47:12Z | 2025-11-11T07:47:12Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:15122 | Red Hat Security Advisory: python-requests security update | 2025-09-03T13:23:28+00:00 | 2025-11-06T23:59:19+00:00 |
| rhsa-2025:15124 | Red Hat Security Advisory: Satellite 6.16.5.3 Async Update | 2025-09-03T13:15:43+00:00 | 2025-11-06T22:56:32+00:00 |
| rhsa-2025:15121 | Red Hat Security Advisory: python-requests security update | 2025-09-03T13:15:23+00:00 | 2025-11-06T23:59:18+00:00 |
| rhsa-2025:15115 | Red Hat Security Advisory: postgresql:12 security update | 2025-09-03T08:34:17+00:00 | 2025-11-06T22:48:25+00:00 |
| rhsa-2025:15114 | Red Hat Security Advisory: postgresql security update | 2025-09-03T05:40:37+00:00 | 2025-11-06T22:48:25+00:00 |
| rhsa-2025:14919 | Red Hat Security Advisory: Red Hat build of Cryostat 4.0.2: new RHEL 9 container image security update | 2025-09-03T02:15:18+00:00 | 2025-11-08T07:17:51+00:00 |
| rhsa-2025:15102 | Red Hat Security Advisory: pam security update | 2025-09-03T01:35:02+00:00 | 2025-11-07T00:15:22+00:00 |
| rhsa-2025:15106 | Red Hat Security Advisory: pam security update | 2025-09-03T01:33:37+00:00 | 2025-11-07T00:15:23+00:00 |
| rhsa-2025:15105 | Red Hat Security Advisory: pam security update | 2025-09-03T01:33:17+00:00 | 2025-11-07T00:15:23+00:00 |
| rhsa-2025:15103 | Red Hat Security Advisory: pam security update | 2025-09-03T01:31:08+00:00 | 2025-11-07T00:15:22+00:00 |
| rhsa-2025:15104 | Red Hat Security Advisory: pam security update | 2025-09-03T01:29:07+00:00 | 2025-11-07T00:15:23+00:00 |
| rhsa-2025:15101 | Red Hat Security Advisory: pam security update | 2025-09-03T01:27:23+00:00 | 2025-11-07T00:15:25+00:00 |
| rhsa-2025:15107 | Red Hat Security Advisory: pam security update | 2025-09-03T01:15:27+00:00 | 2025-11-07T00:15:24+00:00 |
| rhsa-2025:15099 | Red Hat Security Advisory: pam security update | 2025-09-03T01:08:27+00:00 | 2025-11-06T23:42:13+00:00 |
| rhsa-2025:15100 | Red Hat Security Advisory: pam security update | 2025-09-03T00:46:48+00:00 | 2025-11-07T00:15:21+00:00 |
| rhsa-2025:15095 | Red Hat Security Advisory: httpd security update | 2025-09-02T20:03:51+00:00 | 2025-11-07T10:53:41+00:00 |
| rhsa-2025:14819 | Red Hat Security Advisory: OpenShift Container Platform 4.19.10 bug fix and security update | 2025-09-02T19:25:33+00:00 | 2025-11-06T23:14:45+00:00 |
| rhba-2025:14817 | Red Hat Bug Fix Advisory: OpenShift Container Platform 4.19.10 packages update | 2025-09-02T18:36:11+00:00 | 2025-11-06T23:34:10+00:00 |
| rhsa-2025:15062 | Red Hat Security Advisory: postgresql:15 security update | 2025-09-02T11:52:50+00:00 | 2025-11-06T22:48:25+00:00 |
| rhsa-2025:15058 | Red Hat Security Advisory: aide security update | 2025-09-02T11:18:25+00:00 | 2025-11-06T23:42:13+00:00 |
| rhsa-2025:15057 | Red Hat Security Advisory: postgresql:13 security update | 2025-09-02T11:00:50+00:00 | 2025-11-06T22:48:23+00:00 |
| rhsa-2025:15039 | Red Hat Security Advisory: aide security update | 2025-09-02T07:30:45+00:00 | 2025-11-06T23:42:13+00:00 |
| rhsa-2025:15038 | Red Hat Security Advisory: aide security update | 2025-09-02T07:28:41+00:00 | 2025-11-06T23:42:12+00:00 |
| rhsa-2025:15036 | Red Hat Security Advisory: httpd security update | 2025-09-02T07:20:15+00:00 | 2025-11-06T23:42:13+00:00 |
| rhsa-2025:15011 | Red Hat Security Advisory: kernel security update | 2025-09-02T07:19:50+00:00 | 2025-11-11T09:06:28+00:00 |
| rhsa-2025:15035 | Red Hat Security Advisory: kernel security update | 2025-09-02T06:56:50+00:00 | 2025-11-11T08:53:53+00:00 |
| rhsa-2025:15005 | Red Hat Security Advisory: kernel security update | 2025-09-02T06:55:20+00:00 | 2025-11-11T09:14:40+00:00 |
| rhsa-2025:15034 | Red Hat Security Advisory: postgresql:12 security update | 2025-09-02T06:54:45+00:00 | 2025-11-06T22:48:23+00:00 |
| rhsa-2025:15031 | Red Hat Security Advisory: postgresql:15 security update | 2025-09-02T06:44:25+00:00 | 2025-11-06T22:48:24+00:00 |
| rhsa-2025:15019 | Red Hat Security Advisory: python3.9 security update | 2025-09-02T06:08:54+00:00 | 2025-11-07T10:53:28+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2025-53020 | Apache HTTP Server: HTTP/2 DoS by Memory Increase | 2025-07-02T00:00:00.000Z | 2025-07-18T00:00:00.000Z |
| msrc_cve-2025-52496 | Mbed TLS before 3.6.4 has a race condition in AESNI detection if certain compiler optimizations occur. An attacker may be able to extract an AES key from a multithreaded program, or perform a GCM forgery. | 2025-07-02T00:00:00.000Z | 2025-09-03T23:18:31.000Z |
| msrc_cve-2025-51480 | Path Traversal vulnerability in onnx.external_data_helper.save_external_data in ONNX 1.17.0 allows attackers to overwrite arbitrary files by supplying crafted external_data.location paths containing traversal sequences, bypassing intended directory restrictions. | 2025-07-02T00:00:00.000Z | 2025-09-04T04:33:02.000Z |
| msrc_cve-2025-50104 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50102 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50101 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50100 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50099 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50098 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50097 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Security: Encryption). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50096 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50094 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50093 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50092 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50091 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50087 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50086 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50085 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50084 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50083 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50082 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50081 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50080 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50079 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50078 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.42, 8.4.0-8.4.5 and 9.0.0-9.3.0. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 6.5 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:N/A:H). | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-50077 | Vulnerability in the MySQL Server product of Oracle MySQL | 2025-07-02T00:00:00.000Z | 2025-08-06T00:00:00.000Z |
| msrc_cve-2025-49812 | Apache HTTP Server: mod_ssl TLS upgrade attack | 2025-07-02T00:00:00.000Z | 2025-07-18T00:00:00.000Z |
| msrc_cve-2025-49809 | mtr through 0.95, in certain privileged contexts, mishandles execution of a program specified by the MTR_PACKET environment variable. NOTE: mtr on macOS may often have Sudo rules, as an indirect consequence of Homebrew not installing setuid binaries. | 2025-07-02T00:00:00.000Z | 2025-07-17T00:00:00.000Z |
| msrc_cve-2025-49630 | Apache HTTP Server: mod_proxy_http2 denial of service | 2025-07-02T00:00:00.000Z | 2025-07-18T00:00:00.000Z |
| msrc_cve-2025-48964 | ping in iputils before 20250602 allows a denial of service (application error in adaptive ping mode or incorrect data collection) via a crafted ICMP Echo Reply packet, because a zero timestamp can lead to large intermediate values that have an integer overflow when squared during statistics calculations. NOTE: this issue exists because of an incomplete fix for CVE-2025-47268 (that fix was only about timestamp calculations, and it did not account for a specific scenario where the original timestamp in the ICMP payload is zero). | 2025-07-02T00:00:00.000Z | 2025-09-04T00:40:23.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2022-000065 | Multiple vulnerabilities in Exment | 2022-08-24T14:23+09:00 | 2024-06-14T11:09+09:00 |
| jvndb-2022-002339 | Multiple vulnerabilities in PukiWiki | 2022-08-24T14:17+09:00 | 2024-06-14T11:55+09:00 |
| jvndb-2022-002338 | PLANEX MZK-DP150N contains hidden administrative functionality | 2022-08-23T15:02+09:00 | 2024-06-14T14:06+09:00 |
| jvndb-2022-000063 | PukiWiki vulnerable to cross-site scripting | 2022-08-23T14:40+09:00 | 2024-06-14T12:00+09:00 |
| jvndb-2022-002337 | UNIMO Technology digital video recorders vulnerable to missing authentication for critical functions | 2022-08-23T14:31+09:00 | 2024-06-14T10:24+09:00 |
| jvndb-2022-002295 | Multiple vulnerabilities in Trend Micro Security | 2022-08-19T11:42+09:00 | 2022-08-19T11:42+09:00 |
| jvndb-2022-002265 | Trend Micro Endpoint security products for enterprises vulnerable to Link Following Local Privilege Escalation | 2022-08-18T15:45+09:00 | 2024-06-14T17:11+09:00 |
| jvndb-2022-000062 | Kaitai Struct: compiler vulnerable to denial-of-service (DoS) | 2022-08-04T15:14+09:00 | 2022-08-04T15:14+09:00 |
| jvndb-2022-002112 | CONTEC SolarView Compact vulnerable to insufficient verification in uploading files | 2022-08-03T17:40+09:00 | 2024-06-14T15:21+09:00 |
| jvndb-2022-002143 | Information Disclosure Vulnerability in Hitachi Automation Director and Hitachi Ops Center Automator | 2022-08-01T17:10+09:00 | 2022-08-01T17:10+09:00 |
| jvndb-2022-000056 | Multiple vulnerabilities in Nintendo Wi-Fi Network Adaptor WAP-001 | 2022-07-29T13:43+09:00 | 2024-06-14T16:27+09:00 |
| jvndb-2022-000061 | "JustSystems JUST Online Update for J-License" starts a program with an unquoted file path | 2022-07-28T13:40+09:00 | 2022-07-28T13:40+09:00 |
| jvndb-2022-000060 | "Hulu" App for iOS vulnerable to improper server certificate verification | 2022-07-28T09:51+09:00 | 2024-06-14T12:25+09:00 |
| jvndb-2022-000059 | "Hulu" App for Android uses a hard-coded API key for an external service | 2022-07-28T09:14+09:00 | 2024-06-14T14:42+09:00 |
| jvndb-2022-000057 | WordPress Plugin "Newsletter" vulnerable to cross-site scripting | 2022-07-25T14:30+09:00 | 2024-06-18T11:21+09:00 |
| jvndb-2022-000058 | Multiple vulnerabilities in untangle | 2022-07-25T14:18+09:00 | 2024-06-17T11:03+09:00 |
| jvndb-2022-000055 | Booked vulnerable to open redirect | 2022-07-22T13:40+09:00 | 2024-06-14T17:43+09:00 |
| jvndb-2022-000054 | Multiple vulnerabilities in Cybozu Office | 2022-07-20T17:28+09:00 | 2024-06-14T14:02+09:00 |
| jvndb-2022-002017 | U-Boot squashfs filesystem implementation vulnerable to heap-based buffer overflow | 2022-07-14T15:59+09:00 | 2024-06-14T17:53+09:00 |
| jvndb-2022-000053 | Django Extract and Trunc functions vulnerable to SQL injection | 2022-07-12T13:47+09:00 | 2024-06-18T11:57+09:00 |
| jvndb-2022-000052 | Passage Drive vulnerable to insufficient data verification | 2022-07-08T13:42+09:00 | 2024-06-14T17:48+09:00 |
| jvndb-2022-000051 | Multiple vulnerabilities in Cybozu Garoon | 2022-07-04T14:17+09:00 | 2024-06-17T16:49+09:00 |
| jvndb-2022-000050 | LiteCart vulnerable to cross-site scripting | 2022-07-04T14:12+09:00 | 2024-06-17T10:39+09:00 |
| jvndb-2022-000049 | HOME SPOT CUBE2 vulnerable to OS command injection | 2022-06-29T13:42+09:00 | 2024-06-17T10:45+09:00 |
| jvndb-2022-000048 | L2Blocker Sensor setup screen vulnerable to authentication bypass | 2022-06-24T14:21+09:00 | 2024-06-18T10:45+09:00 |
| jvndb-2022-000047 | web2py vulnerable to open redirect | 2022-06-23T14:21+09:00 | 2024-06-18T10:48+09:00 |
| jvndb-2022-000046 | Gitlab vulnerable to server-side request forgery | 2022-06-17T12:26+09:00 | 2024-06-20T15:39+09:00 |
| jvndb-2022-001953 | Growi vulnerable to weak password requirements | 2022-06-15T17:47+09:00 | 2022-06-15T17:47+09:00 |
| jvndb-2022-000045 | FreeBSD vulnerable to denial-of-service (DoS) | 2022-06-15T12:28+09:00 | 2024-06-13T16:31+09:00 |
| jvndb-2022-000044 | Cisco Catalyst 2940 Series Switches vulnerable to cross-site scripting | 2022-06-14T13:46+09:00 | 2024-06-18T10:51+09:00 |
| ID | Description | Updated |
|---|