Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-qwx9-mmhx-chg8 | Missing Authorization vulnerability in Crocoblock JetBlog allows Exploiting Incorrectly Configured … | 2025-12-30T00:32:58Z | 2025-12-30T00:32:58Z |
| ghsa-p3hp-24mv-wr6w | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2025-12-30T00:32:58Z | 2025-12-30T00:32:58Z |
| ghsa-m6vw-2qvg-8xgj | Authentication Bypass Using an Alternate Path or Channel vulnerability in Mobile Builder Mobile bui… | 2025-12-30T00:32:58Z | 2025-12-30T00:32:58Z |
| ghsa-hfg8-jg35-3hqr | A vulnerability has been found in Campcodes Supplier Management System 1.0. Affected is an unknown … | 2025-12-30T00:32:58Z | 2025-12-30T00:32:58Z |
| ghsa-cjpf-7pxx-hqc7 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2025-12-30T00:32:58Z | 2025-12-30T00:32:58Z |
| ghsa-94f7-w8j3-ppqr | Unrestricted Upload of File with Dangerous Type vulnerability in RomanCode MapSVG allows Upload a W… | 2025-12-30T00:32:58Z | 2025-12-30T00:32:58Z |
| ghsa-786g-jpf2-55wg | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2025-12-30T00:32:58Z | 2025-12-30T00:32:59Z |
| ghsa-4x3m-m7qg-rjvc | A flaw has been found in Campcodes Supplier Management System 1.0. This impacts an unknown function… | 2025-12-30T00:32:58Z | 2025-12-30T00:32:58Z |
| ghsa-29xr-58g9-8qfq | Authorization Bypass Through User-Controlled Key vulnerability in Crocoblock JetPopup allows Exploi… | 2025-12-30T00:32:58Z | 2025-12-30T00:32:58Z |
| ghsa-2844-9647-m4rw | Vulnerability in CodexThemes TheGem (Elementor), CodexThemes TheGem (WPBakery).This issue affects T… | 2025-12-30T00:32:58Z | 2025-12-30T00:32:59Z |
| ghsa-cffc-mxrf-mhh4 | Picklescan is vulnerable to RCE via missing detection when calling numpy.f2py.crackfortran.param_eval | 2025-12-29T22:44:26Z | 2025-12-29T22:44:27Z |
| ghsa-jv8r-hv7q-p6vc | phpMyFAQ has Stored XSS in user list via admin-managed display_name | 2025-12-29T22:12:35Z | 2025-12-31T22:13:13Z |
| ghsa-vvxf-wj5w-6gj5 | hemmelig allows SSRF Filter bypass via Secret Request functionality | 2025-12-29T21:31:04Z | 2025-12-29T21:31:04Z |
| ghsa-g3j9-h256-3c38 | A vulnerability was identified in code-projects Student File Management System 1.0. Affected by thi… | 2025-12-29T21:30:26Z | 2025-12-29T21:30:26Z |
| ghsa-wgr2-qr2w-94qw | givanz VvvebJs 1.7.2 suffers from a File Upload vulnerability via save.php. | 2025-12-29T21:30:25Z | 2025-12-29T21:30:25Z |
| ghsa-w5v4-r6mh-235c | A vulnerability in the SSH server of TP-Link TL-WR820N v2.80 allows the use of a weak cryptographic… | 2025-12-29T21:30:25Z | 2025-12-29T21:30:25Z |
| ghsa-w2wc-5vr8-f58p | A vulnerability has been found in SohuTV CacheCloud up to 3.2.0. This affects the function taskQueu… | 2025-12-29T21:30:25Z | 2025-12-29T21:30:25Z |
| ghsa-q38m-7hwc-v39w | DedeCMS v5.7 was discovered to contain a Cross-Site Request Forgery (CSRF) vulnerability via /src/d… | 2025-12-29T21:30:25Z | 2025-12-31T18:30:23Z |
| ghsa-m3w5-5pmv-9m9q | A vulnerability was determined in SohuTV CacheCloud up to 3.2.0. Affected is the function doQuartzL… | 2025-12-29T21:30:25Z | 2025-12-29T21:30:26Z |
| ghsa-frgf-2qjw-vqvw | A stack-based buffer overflow exists in the GoAhead-Webs HTTP daemon on KuWFi 4G LTE AC900 devices … | 2025-12-29T21:30:25Z | 2025-12-31T18:30:23Z |
| ghsa-cj98-23mv-wprf | givanz VvvebJs 1.7.2 is vulnerable to Directory Traversal via scan.php. | 2025-12-29T21:30:25Z | 2025-12-30T18:30:16Z |
| ghsa-c28f-cg8m-7xv9 | A vulnerability was found in SohuTV CacheCloud up to 3.2.0. This impacts the function index of the … | 2025-12-29T21:30:25Z | 2025-12-29T21:30:25Z |
| ghsa-5r6q-cg35-jr9q | A critical vulnerability has been identified in givanz VvvebJs 1.7.2, which allows both Server-Side… | 2025-12-29T21:30:25Z | 2025-12-30T18:30:16Z |
| ghsa-2rqx-6v8j-7xmq | givanz VvvebJs 1.7.2 is vulnerable to Insecure File Upload. | 2025-12-29T21:30:25Z | 2025-12-29T21:30:25Z |
| ghsa-x6h4-24w5-wf3q | A security vulnerability has been detected in code-projects College Notes Uploading System 1.0. Imp… | 2025-12-29T21:30:24Z | 2025-12-29T21:30:24Z |
| ghsa-r87x-jm9x-rwc9 | The PixelYourSite plugin for WordPress is vulnerable to Sensitive Information Exposure in all versi… | 2025-12-29T21:30:24Z | 2025-12-29T21:30:24Z |
| ghsa-r2fc-j4gv-f88r | The Advanced Ads plugin for WordPress is vulnerable to Remote Code Execution in versions up to, and… | 2025-12-29T21:30:24Z | 2025-12-29T21:30:24Z |
| ghsa-pmf7-wfpv-2m87 | A flaw has been found in SohuTV CacheCloud up to 3.2.0. The impacted element is the function redire… | 2025-12-29T21:30:24Z | 2025-12-29T21:30:24Z |
| ghsa-mwfx-853j-whj2 | NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnaps… | 2025-12-29T21:30:24Z | 2025-12-31T18:30:23Z |
| ghsa-fh4j-chp9-mvg5 | Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers tha… | 2025-12-29T21:30:24Z | 2025-12-29T21:30:24Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-68861 | 7.1 (v3.1) | WordPress Plugin Optimizer plugin <= 1.3.7 - Broken Ac… |
Plugin Optimizer |
Plugin Optimizer |
2025-12-29T17:23:08.542Z | 2025-12-29T18:54:46.003Z |
| cve-2025-55063 | 4.8 (v3.1) | Priority - CWE-79 Improper Neutralization of Input Dur… |
Priority |
Web |
2025-12-29T17:19:52.718Z | 2025-12-29T18:00:32.074Z |
| cve-2025-55062 | 4.8 (v3.1) | Priority - CWE-79 Improper Neutralization of Input Dur… |
Priority |
Web |
2025-12-29T17:18:00.526Z | 2025-12-29T18:01:06.869Z |
| cve-2025-55061 | 8.8 (v3.1) | Priority - CWE-434 Unrestricted Upload of File with Da… |
Priority |
Web |
2025-12-29T17:14:36.328Z | 2025-12-29T18:02:34.082Z |
| cve-2025-55060 | 6.1 (v3.1) | Priority - CWE-601: URL Redirection to Untrusted Site … |
Priority |
Web |
2025-12-29T17:11:10.544Z | 2025-12-29T18:03:14.911Z |
| cve-2025-15197 | code-projects/anirbandutta9 Content Management System/… |
code-projects |
Content Management System |
2025-12-29T17:02:06.458Z | 2025-12-30T15:58:27.509Z | |
| cve-2025-15196 | code-projects Assessment Management login.php sql injection |
code-projects |
Assessment Management |
2025-12-29T16:32:06.461Z | 2025-12-29T16:53:08.767Z | |
| cve-2025-53627 | Meshtastic firmware allows forged DMs with no PKC to s… |
meshtastic |
firmware |
2025-12-29T16:18:29.680Z | 2025-12-29T16:52:03.331Z | |
| cve-2025-68868 | 6.5 (v3.1) | WordPress Wp Text Slider Widget plugin <= 1.0 - Cross … |
Codeaffairs |
Wp Text Slider Widget |
2025-12-29T16:12:32.664Z | 2025-12-29T16:51:15.274Z |
| cve-2025-68870 | 7.5 (v3.1) | WordPress CookieHint WP plugin <= 1.0.0 - Local File I… |
reDim GmbH |
CookieHint WP |
2025-12-29T16:09:05.270Z | 2025-12-29T16:50:40.971Z |
| cve-2025-68876 | 7.1 (v3.1) | WordPress Invelity SPS connect plugin <= 1.0.8 - Refle… |
INVELITY |
Invelity SPS connect |
2025-12-29T16:05:23.287Z | 2025-12-29T16:50:09.822Z |
| cve-2025-68877 | 7.5 (v3.1) | WordPress CedCommerce Integration for Good Market plug… |
CedCommerce |
CedCommerce Integration for Good Market |
2025-12-29T16:03:22.206Z | 2025-12-29T16:50:15.997Z |
| cve-2025-15195 | code-projects Assessment Management add-module.php sql… |
code-projects |
Assessment Management |
2025-12-29T16:02:06.204Z | 2025-12-29T16:50:21.963Z | |
| cve-2025-69211 | Nest has a Fastify URL Encoding Middleware Bypass (TOCTOU) |
nestjs |
nest |
2025-12-29T16:01:22.801Z | 2025-12-29T16:50:02.429Z | |
| cve-2025-68878 | 7.1 (v3.1) | WordPress Advanced Custom CSS plugin <= 1.1.0 - Reflec… |
Prasadkirpekar |
Advanced Custom CSS |
2025-12-29T16:00:20.652Z | 2025-12-29T16:49:10.084Z |
| cve-2025-68879 | 7.1 (v3.1) | WordPress Content Grid Slider plugin <= 1.5 - Reflecte… |
Councilsoft |
Content Grid Slider |
2025-12-29T15:58:57.851Z | 2025-12-29T16:48:36.247Z |
| cve-2025-68893 | 4.9 (v3.1) | WordPress WordPress Image shrinker plugin <= 1.1.0 - S… |
HETWORKS |
WordPress Image shrinker |
2025-12-29T15:56:47.504Z | 2025-12-29T16:50:28.337Z |
| cve-2025-68897 | 9.9 (v3.1) | WordPress IF AS Shortcode plugin <= 1.2 - Remote Code … |
Mohammad I. Okfie |
IF AS Shortcode |
2025-12-29T15:55:13.564Z | 2025-12-29T16:50:36.615Z |
| cve-2025-69206 | Hemmelig has SSRF Filter bypass in Secret Request func… |
HemmeligOrg |
Hemmelig.app |
2025-12-29T15:55:12.761Z | 2025-12-29T16:50:43.152Z | |
| cve-2025-69201 | Tugtainer has RCE in Agent Command Execution Api |
Quenary |
tugtainer |
2025-12-29T15:51:41.461Z | 2025-12-29T16:50:49.919Z | |
| cve-2025-15194 | D-Link DIR-600 HTTP Header hedwig.cgi stack-based overflow |
D-Link |
DIR-600 |
2025-12-29T15:32:09.818Z | 2025-12-29T16:10:13.239Z | |
| cve-2025-69200 | phpMyFAQ has unauthenticated config backup download vi… |
thorsten |
phpMyFAQ |
2025-12-29T15:24:51.844Z | 2025-12-29T16:14:32.476Z | |
| cve-2025-68951 | phpMyFAQ has stored XSS in admin "List of users" via d… |
thorsten |
phpMyFAQ |
2025-12-29T15:18:58.000Z | 2025-12-29T16:13:54.598Z | |
| cve-2025-68929 | Frappe may be vulnerable remote code execution due to … |
frappe |
frappe |
2025-12-29T15:10:59.510Z | 2025-12-29T16:13:17.680Z | |
| cve-2025-68928 | Frappe CRM vulnerable to authenticated XSS via website field |
frappe |
crm |
2025-12-29T15:06:31.756Z | 2025-12-29T16:12:29.988Z | |
| cve-2025-15193 | D-Link DWR-M920 formParentControl sub_423848 buffer overflow |
D-Link |
DWR-M920 |
2025-12-29T15:02:08.698Z | 2025-12-29T16:10:51.648Z | |
| cve-2025-15192 | D-Link DWR-M920 formLtefotaUpgradeQuectel sub_415328 c… |
D-Link |
DWR-M920 |
2025-12-29T14:32:08.392Z | 2025-12-29T16:11:38.000Z | |
| cve-2025-15191 | D-Link DWR-M920 formLtefotaUpgradeFibocom sub_4155B4 c… |
D-Link |
DWR-M920 |
2025-12-29T14:02:07.207Z | 2025-12-29T14:26:08.160Z | |
| cve-2025-15190 | D-Link DWR-M920 formFilter sub_42261C stack-based overflow |
D-Link |
DWR-M920 |
2025-12-29T13:32:08.616Z | 2025-12-29T14:26:52.164Z | |
| cve-2025-15189 | D-Link DWR-M920 formDefRoute sub_464794 buffer overflow |
D-Link |
DWR-M920 |
2025-12-29T13:02:11.742Z | 2025-12-29T13:15:00.973Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-15216 | Tenda AC23 SetIpMacBind fromSetIpMacBind stack-based o… |
Tenda |
AC23 |
2025-12-30T02:32:08.203Z | 2025-12-30T18:45:52.248Z | |
| cve-2025-15215 | Tenda AC10U HTTP POST Request setPptpUserList formSetP… |
Tenda |
AC10U |
2025-12-30T02:02:08.414Z | 2025-12-30T18:46:13.307Z | |
| cve-2025-69235 | N/A | Whale browser before 4.35.351.12 allows an attack… |
NAVER |
NAVER Whale browser |
2025-12-30T01:22:57.770Z | 2025-12-31T17:15:35.598Z |
| cve-2025-69234 | N/A | Whale browser before 4.35.351.12 allows an attack… |
NAVER |
NAVER Whale browser |
2025-12-30T01:18:05.718Z | 2025-12-31T17:17:34.260Z |
| cve-2025-15214 | Campcodes Park Ticketing System admin_class.php save_p… |
Campcodes |
Park Ticketing System |
2025-12-30T01:32:07.496Z | 2025-12-30T18:46:38.082Z | |
| cve-2025-69217 | Coturn has unsafe nonce and relay port randomization d… |
coturn |
coturn |
2025-12-30T00:41:18.792Z | 2025-12-30T15:57:25.040Z | |
| cve-2025-15213 | code-projects Student File Management System File Down… |
code-projects |
Student File Management System |
2025-12-30T01:02:07.571Z | 2025-12-30T18:47:10.060Z | |
| cve-2025-15212 | code-projects Refugee Food Management System regfood.p… |
code-projects |
Refugee Food Management System |
2025-12-30T00:32:06.172Z | 2025-12-30T18:47:27.338Z | |
| cve-2025-15211 | code-projects Refugee Food Management System refugee.p… |
code-projects |
Refugee Food Management System |
2025-12-30T00:02:07.439Z | 2025-12-30T18:47:48.669Z | |
| cve-2025-68499 | 6.5 (v3.1) | WordPress JetTabs plugin <= 2.2.12 - Cross Site Script… |
Crocoblock |
JetTabs |
2025-12-29T23:10:45.157Z | 2025-12-30T18:48:49.402Z |
| cve-2025-68498 | 6.5 (v3.1) | WordPress JetTabs plugin <= 2.2.12 - Broken Access Con… |
Crocoblock |
JetTabs |
2025-12-29T23:13:35.444Z | 2025-12-30T18:48:36.471Z |
| cve-2025-68120 | N/A | Unexpected untrusted code execution in github.com/gola… |
github.com/golang/vscode-go |
github.com/golang/vscode-go |
2025-12-29T23:46:52.451Z | 2025-12-30T16:05:04.576Z |
| cve-2025-68040 | 6.5 (v3.1) | WordPress WP Project Manager plugin <= 3.0.1 - Sensiti… |
weDevs |
WP Project Manager |
2025-12-29T23:25:11.382Z | 2025-12-30T15:53:32.540Z |
| cve-2025-68036 | 7.5 (v3.1) | WordPress CubeWP plugin <= 1.1.27 - Broken Access Cont… |
Emraan Cheema |
CubeWP |
2025-12-29T23:26:17.386Z | 2025-12-30T15:54:23.634Z |
| cve-2025-23554 | 7.1 (v3.1) | WordPress Off Page SEO plugin <= 3.0.3 - Reflected Cro… |
Jakub Glos |
Off Page SEO |
2025-12-29T23:51:32.627Z | 2025-12-30T18:48:17.168Z |
| cve-2025-23550 | 7.1 (v3.1) | WordPress Product Puller plugin <= 1.5.1 - Reflected C… |
Kemal YAZICI |
Product Puller |
2025-12-29T23:50:08.713Z | 2025-12-30T15:57:24.653Z |
| cve-2025-23469 | 7.1 (v3.1) | WordPress Sleekplan plugin <= 0.2.0 - Reflected Cross … |
Sleekplan |
Sleekplan |
2025-12-29T23:48:36.314Z | 2025-12-30T15:56:45.138Z |
| cve-2025-23458 | 7.1 (v3.1) | WordPress Ads24 Lite plugin <= 1.0 - Reflected Cross S… |
Rakessh |
Ads24 Lite |
2025-12-29T23:32:44.943Z | 2025-12-30T15:55:57.059Z |
| cve-2025-15210 | code-projects Refugee Food Management System editrefug… |
code-projects |
Refugee Food Management System |
2025-12-29T23:32:06.391Z | 2025-12-30T15:57:30.764Z | |
| cve-2023-41656 | 5.4 (v3.1) | WordPress Better Elementor Addons plugin <= 1.3.7 - Br… |
wpdive |
Better Elementor Addons |
2025-12-29T23:22:27.926Z | 2025-12-30T15:52:40.995Z |
| cve-2023-32238 | 5.4 (v3.1) | WordPress TheGem theme < 5.8.1.1 - Broken Access Contr… |
CodexThemes |
TheGem (Elementor) |
2025-12-29T23:18:54.834Z | 2025-12-30T15:51:44.200Z |
| cve-2025-15284 | 8.7 (v4.0) 7.5 (v3.1) | arrayLimit bypass in bracket notation allows DoS via m… |
|
|
2025-12-29T22:56:45.240Z | 2025-12-30T15:57:41.402Z |
| cve-2025-15209 | code-projects Refugee Food Management System editfood.… |
code-projects |
Refugee Food Management System |
2025-12-29T23:02:07.628Z | 2025-12-30T15:57:35.799Z | |
| cve-2025-15208 | code-projects Refugee Food Management System editrefug… |
code-projects |
Refugee Food Management System |
2025-12-29T22:32:08.042Z | 2025-12-30T15:57:46.721Z | |
| cve-2025-68860 | 9.8 (v3.1) | WordPress Mobile builder plugin <= 1.4.2 - Broken Auth… |
Mobile Builder |
Mobile builder |
2025-12-29T21:08:56.358Z | 2025-12-30T15:47:43.775Z |
| cve-2025-68607 | 6.5 (v3.1) | WordPress Custom Field Template plugin <= 2.7.5 - Cros… |
Hiroaki Miyashita |
Custom Field Template |
2025-12-29T21:10:50.618Z | 2025-12-30T15:48:23.658Z |
| cve-2025-68562 | 9.9 (v3.1) | WordPress MapSVG plugin <= 8.7.3 - Arbitrary File Uplo… |
RomanCode |
MapSVG |
2025-12-29T21:13:24.913Z | 2025-12-30T15:49:09.276Z |
| cve-2025-68504 | 6.5 (v3.1) | WordPress JetSearch plugin <= 3.5.16 - Cross Site Scri… |
Crocoblock |
JetSearch |
2025-12-29T21:14:40.576Z | 2025-12-30T15:50:12.903Z |
| cve-2025-68503 | 6.5 (v3.1) | WordPress JetBlog plugin <= 2.4.7 - Broken Access Cont… |
Crocoblock |
JetBlog |
2025-12-29T21:15:43.312Z | 2025-12-29T21:15:43.312Z |
| cve-2025-68502 | 4.3 (v3.1) | WordPress JetPopup plugin <= 2.0.20.1 - Insecure Direc… |
Crocoblock |
JetPopup |
2025-12-29T21:16:55.539Z | 2025-12-29T21:16:55.539Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-192410 | Malicious code in facts-base (npm) | 2025-12-10T01:58:41Z | 2025-12-10T21:09:37Z |
| mal-2025-192409 | Malicious code in ecmascript-runtime-client (npm) | 2025-12-10T01:58:41Z | 2025-12-10T21:09:37Z |
| mal-2025-192408 | Malicious code in ddp-common (npm) | 2025-12-10T01:58:41Z | 2025-12-10T21:09:36Z |
| mal-2025-192404 | Malicious code in callback-hook (npm) | 2025-12-10T01:58:41Z | 2025-12-10T21:09:36Z |
| mal-2025-192403 | Malicious code in allow-deny (npm) | 2025-12-10T01:58:41Z | 2025-12-10T21:09:35Z |
| mal-2025-192419 | Malicious code in wasm-bindgen (npm) | 2025-12-10T01:57:45Z | 2025-12-10T21:09:41Z |
| mal-2025-192418 | Malicious code in sfdc-abstract-legend (npm) | 2025-12-10T01:57:45Z | 2025-12-10T21:09:40Z |
| mal-2025-192417 | Malicious code in rum-events-format (npm) | 2025-12-10T01:57:45Z | 2025-12-24T10:09:30Z |
| mal-2025-192416 | Malicious code in pymongo (npm) | 2025-12-10T01:57:45Z | 2025-12-10T21:09:39Z |
| mal-2025-192411 | Malicious code in fastavro (npm) | 2025-12-10T01:57:45Z | 2025-12-10T21:09:37Z |
| mal-2025-192407 | Malicious code in datadog-checks-downloader (npm) | 2025-12-10T01:57:45Z | 2025-12-10T21:09:36Z |
| mal-2025-192406 | Malicious code in datadog-checks-dependency-provider (npm) | 2025-12-10T01:57:45Z | 2025-12-10T21:09:36Z |
| mal-2025-192405 | Malicious code in confluent-kafka (npm) | 2025-12-10T01:57:45Z | 2025-12-10T21:09:36Z |
| mal-2025-192415 | Malicious code in portal-lim (npm) | 2025-12-10T01:57:26Z | 2025-12-10T21:09:39Z |
| mal-2025-192398 | Malicious code in database-mongoose-kit (npm) | 2025-12-10T01:47:17Z | 2025-12-23T16:45:00Z |
| mal-2025-192397 | Malicious code in @onlytoodles/crypto-jsa (npm) | 2025-12-10T01:45:43Z | 2025-12-10T21:09:35Z |
| mal-2025-192402 | Malicious code in wartsila-text-csv (npm) | 2025-12-10T01:44:48Z | 2025-12-24T10:09:31Z |
| mal-2025-192401 | Malicious code in serval-integrations-common-frontend (npm) | 2025-12-10T01:43:51Z | 2025-12-24T10:09:30Z |
| mal-2025-192400 | Malicious code in node-calculator-0d96 (npm) | 2025-12-10T01:43:14Z | 2025-12-24T10:09:29Z |
| mal-2025-192399 | Malicious code in malicius-pdf (npm) | 2025-12-10T01:32:47Z | 2025-12-10T21:09:38Z |
| mal-2025-192568 | Malicious code in EffetMer.darkgpt (VSCode) | 2025-12-10T00:12:00Z | 2025-12-10T00:12:00Z |
| mal-2025-192395 | Malicious code in libxmlrussia (npm) | 2025-12-09T20:38:15Z | 2025-12-10T21:09:38Z |
| mal-2025-192396 | Malicious code in helloharry123c (PyPI) | 2025-12-09T20:34:47Z | 2025-12-09T20:34:47Z |
| mal-2025-192394 | Malicious code in libxmlussr2 (npm) | 2025-12-09T20:25:55Z | 2025-12-10T21:09:38Z |
| mal-2025-192427 | Malicious code in libxmlussr1 (npm) | 2025-12-09T19:27:53Z | 2025-12-10T21:09:38Z |
| mal-2025-192393 | Malicious code in ctosec-appsec-wb-xray-adapter (PyPI) | 2025-12-09T18:38:25Z | 2025-12-09T21:40:17Z |
| mal-2025-192392 | Malicious code in ajenti-plugin-testing-pyld (PyPI) | 2025-12-09T18:32:50Z | 2025-12-31T02:45:15Z |
| mal-0000-kam193-d21d0d38383da324 | Pentesting or research code in ajenti-plugin-testing-pyld (PyPI) | 2025-12-09T18:32:50Z | 2025-12-12T20:28:04Z |
| mal-0000-kam193-c9f06b3dac61d0ba | Pentesting or research code in ajenti-plugin-testing-pyld (PyPI) | 2025-12-09T18:32:50Z | 2025-12-12T22:42:32Z |
| mal-0000-kam193-4c039df8ba9e4f40 | Pentesting or research code in ajenti-plugin-testing-pyld (PyPI) | 2025-12-09T18:32:50Z | 2025-12-12T22:42:32Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:16504 | Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.19 security, enhancement & bug fix update | 2025-09-23T15:46:00+00:00 | 2025-11-21T19:38:37+00:00 |
| rhsa-2025:16482 | Red Hat Security Advisory: container-tools:rhel8 security update | 2025-09-23T15:24:48+00:00 | 2025-11-21T19:27:03+00:00 |
| rhsa-2025:16481 | Red Hat Security Advisory: podman security update | 2025-09-23T15:19:02+00:00 | 2025-11-21T19:27:03+00:00 |
| rhsa-2025:16480 | Red Hat Security Advisory: podman security update | 2025-09-23T14:06:08+00:00 | 2025-11-21T19:27:02+00:00 |
| rhsa-2025:16483 | Red Hat Security Advisory: OpenShift Virtualization 4.12.20 Images | 2025-09-23T13:46:22+00:00 | 2025-11-27T15:01:01+00:00 |
| rhsa-2025:16461 | Red Hat Security Advisory: Red Hat Product OCP Tools 4.14 OpenShift Jenkins security update | 2025-09-23T10:10:12+00:00 | 2025-11-21T19:27:02+00:00 |
| rhsa-2025:16462 | Red Hat Security Advisory: Red Hat Product OCP Tools 4.15 OpenShift Jenkins security update | 2025-09-23T10:09:56+00:00 | 2025-11-21T19:27:02+00:00 |
| rhsa-2025:16460 | Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update | 2025-09-23T10:09:41+00:00 | 2025-11-21T19:27:01+00:00 |
| rhsa-2025:16459 | Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 OpenShift Jenkins security update | 2025-09-23T09:47:46+00:00 | 2025-11-21T19:27:01+00:00 |
| rhsa-2025:16457 | Red Hat Security Advisory: Red Hat Product OCP Tools 4.16 OpenShift Jenkins security update | 2025-09-23T09:44:56+00:00 | 2025-11-21T19:27:00+00:00 |
| rhsa-2025:16456 | Red Hat Security Advisory: Red Hat Product OCP Tools 4.17 OpenShift Jenkins security update | 2025-09-23T09:44:51+00:00 | 2025-11-21T19:26:59+00:00 |
| rhsa-2025:16454 | Red Hat Security Advisory: Red Hat Product OCP Tools 4.19 OpenShift Jenkins security update | 2025-09-23T09:44:32+00:00 | 2025-11-21T19:26:58+00:00 |
| rhsa-2025:16455 | Red Hat Security Advisory: Red Hat Product OCP Tools 4.18 Openshift Jenkins security update | 2025-09-23T09:40:23+00:00 | 2025-11-21T19:26:59+00:00 |
| rhsa-2025:16441 | Red Hat Security Advisory: avahi security update | 2025-09-23T08:32:26+00:00 | 2025-11-21T19:26:58+00:00 |
| rhsa-2025:16428 | Red Hat Security Advisory: libtpms security update | 2025-09-23T08:27:06+00:00 | 2025-11-21T19:26:55+00:00 |
| rhsa-2025:16432 | Red Hat Security Advisory: opentelemetry-collector security update | 2025-09-23T08:27:01+00:00 | 2025-11-21T19:26:57+00:00 |
| rhsa-2025:16411 | Red Hat Security Advisory: NetworkManager security update | 2025-09-23T02:37:25+00:00 | 2025-11-21T19:26:54+00:00 |
| rhsa-2025:16414 | Red Hat Security Advisory: ncurses security update | 2025-09-23T02:06:40+00:00 | 2025-11-21T19:26:55+00:00 |
| rhsa-2025:16418 | Red Hat Security Advisory: ncurses security update | 2025-09-23T01:37:10+00:00 | 2025-11-21T19:26:55+00:00 |
| rhsa-2025:16398 | Red Hat Security Advisory: kernel security update | 2025-09-23T01:04:55+00:00 | 2025-11-21T19:26:50+00:00 |
| rhsa-2025:16409 | Red Hat Security Advisory: Red Hat AMQ Broker 7.12.5 release and security update | 2025-09-22T23:39:35+00:00 | 2025-11-27T17:36:43+00:00 |
| rhsa-2025:16407 | Red Hat Security Advisory: Streams for Apache Kafka 3.0.1 release and security update | 2025-09-22T21:48:11+00:00 | 2025-11-21T19:26:51+00:00 |
| rhsa-2025:16404 | Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Container Release Update | 2025-09-22T20:31:19+00:00 | 2025-11-21T19:26:50+00:00 |
| rhsa-2025:16403 | Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update | 2025-09-22T18:14:13+00:00 | 2025-11-21T19:26:49+00:00 |
| rhsa-2025:16399 | Red Hat Security Advisory: Red Hat build of Keycloak 26.2.9 Security Update | 2025-09-22T15:36:01+00:00 | 2025-11-21T19:26:48+00:00 |
| rhsa-2025:16400 | Red Hat Security Advisory: Red Hat build of Keycloak 26.2.9 Images Security Update | 2025-09-22T15:35:49+00:00 | 2025-11-21T19:26:48+00:00 |
| rhsa-2025:16372 | Red Hat Security Advisory: kernel security update | 2025-09-22T14:18:04+00:00 | 2025-11-21T19:26:44+00:00 |
| rhsa-2025:16373 | Red Hat Security Advisory: kernel-rt security update | 2025-09-22T11:07:39+00:00 | 2025-11-21T19:26:46+00:00 |
| rhsa-2025:16354 | Red Hat Security Advisory: kernel security update | 2025-09-22T10:43:33+00:00 | 2025-11-26T18:17:23+00:00 |
| rhsa-2025:16346 | Red Hat Security Advisory: command-line-assistant security update | 2025-09-22T09:58:43+00:00 | 2025-11-21T19:26:42+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2025-12058 | Vulnerability in Keras Model.load_model Leading to Arbitrary Local File Loading and SSRF | 2025-10-02T00:00:00.000Z | 2025-10-31T01:03:15.000Z |
| msrc_cve-2025-11840 | GNU Binutils ldmisc.c vfinfo out-of-bounds | 2025-10-02T00:00:00.000Z | 2025-10-29T01:04:28.000Z |
| msrc_cve-2025-11839 | GNU Binutils prdbg.c tg_tag_type return value | 2025-10-02T00:00:00.000Z | 2025-10-25T14:01:37.000Z |
| msrc_cve-2025-11731 | Libxslt: type confusion in exsltfuncresultcompfunction of libxslt | 2025-10-02T00:00:00.000Z | 2025-12-07T01:38:20.000Z |
| msrc_cve-2025-11495 | GNU Binutils Linker elf64-x86-64.c elf_x86_64_relocate_section heap-based overflow | 2025-10-02T00:00:00.000Z | 2025-10-11T01:02:13.000Z |
| msrc_cve-2025-11494 | GNU Binutils Linker elfxx-x86.c _bfd_x86_elf_late_size_sections out-of-bounds | 2025-10-02T00:00:00.000Z | 2025-12-03T01:39:19.000Z |
| msrc_cve-2025-11414 | GNU Binutils Linker elflink.c get_link_hash_entry out-of-bounds | 2025-10-02T00:00:00.000Z | 2025-10-11T01:02:35.000Z |
| msrc_cve-2025-11413 | GNU Binutils Linker elflink.c elf_link_add_object_symbols out-of-bounds | 2025-10-02T00:00:00.000Z | 2025-10-11T01:02:24.000Z |
| msrc_cve-2025-11412 | GNU Binutils Linker elflink.c bfd_elf_gc_record_vtentry out-of-bounds | 2025-10-02T00:00:00.000Z | 2025-10-11T01:02:46.000Z |
| msrc_cve-2025-11411 | Possible domain hijacking via promiscuous records in the authority section | 2025-10-02T00:00:00.000Z | 2025-12-07T01:39:13.000Z |
| msrc_cve-2025-11234 | Qemu-kvm: vnc websocket handshake use-after-free | 2025-10-02T00:00:00.000Z | 2025-10-07T01:01:16.000Z |
| msrc_cve-2025-10729 | Use-after-free vulnerability in Qt SVG qsvghandler.cpp allows denial of service via crafted SVG | 2025-10-02T00:00:00.000Z | 2025-10-07T01:01:34.000Z |
| msrc_cve-2025-10728 | Uncontrolled recursion in Qt SVG module | 2025-10-02T00:00:00.000Z | 2025-10-07T01:01:25.000Z |
| msrc_cve-2024-31573 | XMLUnit for Java before 2.10.0, in the default configuration, might allow code execution via an untrusted stylesheet (used for an XSLT transformation), because XSLT extension functions are enabled. | 2025-10-02T00:00:00.000Z | 2025-10-19T01:01:21.000Z |
| msrc_cve-2023-53469 | af_unix: Fix null-ptr-deref in unix_stream_sendpage(). | 2025-10-02T00:00:00.000Z | 2025-10-02T01:07:32.000Z |
| msrc_cve-2022-50502 | mm: /proc/pid/smaps_rollup: fix no vma's null-deref | 2025-10-02T00:00:00.000Z | 2025-10-06T01:38:02.000Z |
| msrc_cve-2025-59220 | Windows Bluetooth Service Elevation of Privilege Vulnerability | 2025-09-09T07:00:00.000Z | 2025-10-10T07:00:00.000Z |
| msrc_cve-2025-55319 | Agentic AI and Visual Studio Code Remote Code Execution Vulnerability | 2025-09-09T07:00:00.000Z | 2025-12-23T08:00:00.000Z |
| msrc_cve-2025-54114 | Windows Connected Devices Platform Service Elevation of Privilege Vulnerability | 2025-09-09T07:00:00.000Z | 2025-11-21T08:00:00.000Z |
| msrc_cve-2025-54112 | Microsoft Virtual Hard Disk Elevation of Privilege Vulnerability | 2025-09-09T07:00:00.000Z | 2025-10-14T07:00:00.000Z |
| msrc_cve-2025-54099 | Windows Ancillary Function Driver for WinSock Elevation of Privilege Vulnerability | 2025-09-09T07:00:00.000Z | 2025-11-20T08:00:00.000Z |
| msrc_cve-2025-9906 | Arbitrary Code execution in Keras Safe Mode | 2025-09-02T00:00:00.000Z | 2025-09-20T01:03:50.000Z |
| msrc_cve-2025-9905 | Arbitary Code execution in Keras load_model() | 2025-09-02T00:00:00.000Z | 2025-09-20T01:03:44.000Z |
| msrc_cve-2025-9901 | Libsoup: improper handling of http vary header in libsoup caching | 2025-09-02T00:00:00.000Z | 2025-09-07T01:17:16.000Z |
| msrc_cve-2025-9900 | Libtiff: libtiff write-what-where | 2025-09-02T00:00:00.000Z | 2025-09-27T01:03:04.000Z |
| msrc_cve-2025-9648 | Denial of Service in CivetWeb | 2025-09-02T00:00:00.000Z | 2025-10-03T01:01:47.000Z |
| msrc_cve-2025-9566 | Podman: podman kube play command may overwrite host files | 2025-09-02T00:00:00.000Z | 2025-09-07T01:16:18.000Z |
| msrc_cve-2025-9232 | Out-of-bounds read in HTTP client no_proxy handling | 2025-09-02T00:00:00.000Z | 2025-10-02T01:05:50.000Z |
| msrc_cve-2025-9231 | Timing side-channel in SM2 algorithm on 64 bit ARM | 2025-09-02T00:00:00.000Z | 2025-10-02T01:05:45.000Z |
| msrc_cve-2025-9230 | Out-of-bounds read & write in RFC 3211 KEK Unwrap | 2025-09-02T00:00:00.000Z | 2025-11-25T01:38:07.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2022-001809 | Trend Micro Password Manager vulnerable to privilege escalation | 2022-05-24T15:27+09:00 | 2024-06-18T17:52+09:00 |
| jvndb-2022-000038 | WordPress plugin "WP Statistics" vulnerable to cross-site scripting | 2022-05-24T15:00+09:00 | 2024-06-18T15:41+09:00 |
| jvndb-2022-000037 | Spring Security OAuth (spring-security-oauth2) vulnerable to denial-of-service (DoS) | 2022-05-20T17:04+09:00 | 2024-06-20T12:09+09:00 |
| jvndb-2022-000036 | Multiple vulnerabilities in Rakuten Casa | 2022-05-19T15:13+09:00 | 2024-06-18T12:09+09:00 |
| jvndb-2022-000035 | Multiple vulnerabilities in Cybozu Garoon | 2022-05-16T14:25+09:00 | 2024-06-17T16:34+09:00 |
| jvndb-2022-000033 | Strapi vulnerable to cross-site scripting | 2022-05-13T16:45+09:00 | 2024-06-18T11:17+09:00 |
| jvndb-2022-000034 | EC-CUBE plugin "Easy Blog for EC-CUBE4" vulnerable to cross-site request forgery | 2022-05-13T16:31+09:00 | 2024-06-18T12:13+09:00 |
| jvndb-2022-001800 | Installer of Trend Micro HouseCall for Home Networks may insecurely load Dynamic Link Libraries | 2022-05-13T16:24+09:00 | 2022-05-13T16:24+09:00 |
| jvndb-2022-001795 | Command injection vulnerability in QNAP VioStar series NVR | 2022-05-12T18:07+09:00 | 2024-06-20T11:31+09:00 |
| jvndb-2022-000032 | Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries | 2022-05-11T15:21+09:00 | 2024-06-18T17:46+09:00 |
| jvndb-2022-000031 | GENEREX RCCMD vulnerable to directory traversal | 2022-05-10T15:47+09:00 | 2024-06-18T15:35+09:00 |
| jvndb-2022-000030 | Multiple vulnerabilities in Operation management interface of FUJITSU Network IPCOM | 2022-05-09T15:02+09:00 | 2024-07-18T16:30+09:00 |
| jvndb-2022-000029 | KOYO Electronics Screen Creator Advance2 vulnerable to authentication bypass | 2022-05-09T14:43+09:00 | 2024-06-19T16:03+09:00 |
| jvndb-2022-000028 | Multiple vulnerabilities in multiple MEIKYO ELECTRIC products | 2022-05-09T14:31+09:00 | 2024-06-19T15:55+09:00 |
| jvndb-2022-000027 | Hammock AssetView missing authentication for critical functions | 2022-04-22T13:53+09:00 | 2024-06-20T12:15+09:00 |
| jvndb-2022-000026 | WordPress Plugin "MicroPayments - Paid Author Subscriptions, Content, Downloads, Membership" vulnerable to cross-site request forgery | 2022-04-15T13:15+09:00 | 2024-06-25T18:04+09:00 |
| jvndb-2022-001526 | Trend Micro Antivirus for Mac vulnerable to privilege escalation | 2022-04-07T16:58+09:00 | 2022-04-07T16:58+09:00 |
| jvndb-2022-001494 | Trend Micro Apex Central and Trend Micro Apex Central as a Service vulnerable to improper check for file contents | 2022-03-31T17:25+09:00 | 2022-03-31T17:25+09:00 |
| jvndb-2022-000024 | Zero-channel BBS Plus vulnerable to cross-site scripting | 2022-03-30T15:36+09:00 | 2024-06-20T17:34+09:00 |
| jvndb-2022-000023 | WordPress Plugin "Advanced Custom Fields" vulnerable to missing authorization | 2022-03-30T15:23+09:00 | 2024-06-21T12:25+09:00 |
| jvndb-2022-000022 | AttacheCase may insecurely load Dynamic Link Libraries | 2022-03-30T14:00+09:00 | 2024-06-21T11:42+09:00 |
| jvndb-2022-001477 | Netcommunity OG410X and OG810X VoIP gateway/Hikari VoIP adapter for business offices vulnerable to OS command injection | 2022-03-23T12:08+09:00 | 2022-03-23T12:08+09:00 |
| jvndb-2022-000021 | Multiple vulnerabilities in KINGSOFT "WPS Office" and "KINGSOFT Internet Security" | 2022-03-16T14:46+09:00 | 2022-03-16T14:46+09:00 |
| jvndb-2022-000020 | Multiple vulnerabilities in pfSense | 2022-03-15T14:58+09:00 | 2024-06-21T11:59+09:00 |
| jvndb-2021-008345 | Installer of Trend Micro Portable Security may insecurely load Dynamic Link Libraries | 2022-03-14T16:43+09:00 | 2022-03-14T16:43+09:00 |
| jvndb-2022-001404 | Installer of Trend Micro Password Manager may insecurely load Dynamic Link Libraries | 2022-03-11T15:55+09:00 | 2022-03-11T15:55+09:00 |
| jvndb-2022-000016 | UNIVERGE WA Series vulnerable to OS command injection | 2022-03-10T14:31+09:00 | 2022-03-10T14:31+09:00 |
| jvndb-2022-001387 | Installer of WPS Office for Windows misconfigures the ACL for the installation directory | 2022-03-09T12:30+09:00 | 2024-06-21T11:37+09:00 |
| jvndb-2022-001384 | Multiple vulnerabilities in OMRON CX-Programmer | 2022-03-08T15:56+09:00 | 2024-06-21T11:32+09:00 |
| jvndb-2022-001383 | Directory Permission Vulnerability in Hitachi Ops Center Viewpoint | 2022-03-07T15:45+09:00 | 2022-03-07T15:45+09:00 |
| ID | Description | Updated |
|---|