Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-mwfx-853j-whj2 | NagiosXI 2026R1.0.1 build 1762361101 is vulnerable to Directory Traversal in /admin/coreconfigsnaps… | 2025-12-29T21:30:24Z | 2025-12-31T18:30:23Z |
| ghsa-fh4j-chp9-mvg5 | Rapid7 Velociraptor versions before 0.75.6 contain a directory traversal issue on Linux servers tha… | 2025-12-29T21:30:24Z | 2025-12-29T21:30:24Z |
| ghsa-c2fm-8hf4-2g8g | A vulnerability was detected in SohuTV CacheCloud up to 3.2.0. The affected element is the function… | 2025-12-29T21:30:24Z | 2025-12-29T21:30:24Z |
| ghsa-2wcx-prwg-mc24 | In NagiosXI 2026R1.0.1 build 1762361101, Dashboard parameters lack proper filtering, allowing any a… | 2025-12-29T21:30:24Z | 2025-12-31T18:30:23Z |
| ghsa-3329-ghmp-jmv5 | Picklescan is vulnerable to RCE through missing detection when calling numpy.f2py.crackfortran.myeval | 2025-12-29T20:04:09Z | 2025-12-29T20:04:09Z |
| ghsa-x843-g5mx-g377 | Picklescan is vulnerable to RCE through missing detection when calling built-in python operator.met… | 2025-12-29T20:03:30Z | 2025-12-29T20:03:30Z |
| ghsa-x23q-75qm-3p39 | CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-w7vq-ff8g-w2pj | Missing Authorization vulnerability in Plugin Optimizer allows Exploiting Incorrectly Configured Ac… | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-w7q9-f5xc-px27 | Buffer overflow vulnerability in function dcputchar in decompile.c in libming 0.4.8. | 2025-12-29T18:30:55Z | 2025-12-30T18:30:16Z |
| ghsa-w539-2pgj-g759 | An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allow… | 2025-12-29T18:30:55Z | 2025-12-30T18:30:16Z |
| ghsa-vphr-3984-5c8w | An issue was discovered in function d_discriminator in file cp-demangle.c in BinUtils 2.26 allows a… | 2025-12-29T18:30:55Z | 2025-12-30T18:30:16Z |
| ghsa-rhg5-g54m-7cq3 | A buffer overflow vulnerability in function gnu_special in file cplus-dem.c in BinUtils 2.26 allows… | 2025-12-29T18:30:55Z | 2025-12-30T18:30:16Z |
| ghsa-r326-pp3g-7cq4 | An issue was discovered in function d_unqualified_name in file cp-demangle.c in BinUtils 2.26 allow… | 2025-12-29T18:30:55Z | 2025-12-31T18:30:23Z |
| ghsa-jxvc-pvpc-6q2f | A vulnerability was identified in code-projects Assessment Management 1.0. This affects an unknown … | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-jx54-629h-v4m4 | Server-Side Request Forgery (SSRF) vulnerability in HETWORKS WordPress Image shrinker allows Server… | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-j684-xhfg-8929 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-gjrj-58f4-pgrh | An issue was discovered in function d_abi_tags in file cp-demangle.c in BinUtils 2.26 allows attack… | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-g3fh-r5q2-x687 | An issue was discovered in function d_print_comp_inner in file cp-demangle.c in BinUtils 2.26 allow… | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-fp65-99h2-h27f | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-fg2q-6f3h-w7w8 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-cw44-2fxg-4q3m | Improper Control of Generation of Code ('Code Injection') vulnerability in Mohammad I. Okfie IF AS … | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-97m2-wmvc-crmh | Buffer overflow vulnerability in function strcat in asan_interceptors.cpp in libming 0.4.8. | 2025-12-29T18:30:55Z | 2025-12-30T18:30:16Z |
| ghsa-5qcm-c65c-c4f2 | CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-59vq-r2p7-239g | A weakness has been identified in code-projects College Notes Uploading System 1.0. This issue affe… | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-535h-mv4w-87cj | CWE-434 Unrestricted Upload of File with Dangerous Type | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-4rr4-crgj-v968 | CWE-79 Improper Neutralization of Input During Web Page Generation (XSS or 'Cross-site Scripting') | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-4gpw-hw2g-ph5w | CWE-601 URL Redirection to Untrusted Site ('Open Redirect') | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-366r-cgmr-hgv3 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusi… | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-2g7v-6q7q-7mp6 | A security flaw has been discovered in code-projects/anirbandutta9 Content Management System and Ne… | 2025-12-29T18:30:55Z | 2025-12-29T18:30:55Z |
| ghsa-jrvx-v9w9-54rr | A vulnerability was found in D-Link DIR-600 up to 2.15WWb02. Affected by this vulnerability is an u… | 2025-12-29T18:30:54Z | 2025-12-29T18:30:54Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-15189 | D-Link DWR-M920 formDefRoute sub_464794 buffer overflow |
D-Link |
DWR-M920 |
2025-12-29T13:02:11.742Z | 2025-12-29T13:15:00.973Z | |
| cve-2025-15188 | Campcodes Complete Online Beauty Parlor Management Sys… |
Campcodes |
Complete Online Beauty Parlor Management System |
2025-12-29T12:32:06.935Z | 2025-12-29T13:17:11.342Z | |
| cve-2025-15187 | GreenCMS File DataController.class.php path traversal |
n/a |
GreenCMS |
2025-12-29T12:02:08.285Z | 2025-12-29T12:59:20.144Z | |
| cve-2025-15186 | code-projects Refugee Food Management System addusers.… |
code-projects |
Refugee Food Management System |
2025-12-29T11:32:06.009Z | 2025-12-29T13:17:51.214Z | |
| cve-2025-15185 | code-projects Refugee Food Management System refugeesr… |
code-projects |
Refugee Food Management System |
2025-12-29T11:02:07.163Z | 2025-12-29T13:24:46.871Z | |
| cve-2025-15184 | code-projects Refugee Food Management System refugeesr… |
code-projects |
Refugee Food Management System |
2025-12-29T10:32:08.687Z | 2025-12-29T13:30:04.962Z | |
| cve-2025-15183 | code-projects Refugee Food Management System viewtaken… |
code-projects |
Refugee Food Management System |
2025-12-29T10:02:07.718Z | 2025-12-29T13:52:13.840Z | |
| cve-2025-15182 | code-projects Refugee Food Management System served.ph… |
code-projects |
Refugee Food Management System |
2025-12-29T09:32:11.171Z | 2025-12-29T16:41:01.231Z | |
| cve-2025-15181 | code-projects Refugee Food Management System pagenateR… |
code-projects |
Refugee Food Management System |
2025-12-29T09:02:05.761Z | 2025-12-29T16:41:40.624Z | |
| cve-2025-15180 | Tenda WH450 HTTP Request webExcptypemanFilte stack-bas… |
Tenda |
WH450 |
2025-12-29T08:32:07.342Z | 2025-12-29T16:43:05.384Z | |
| cve-2025-15179 | Tenda WH450 qossetting stack-based overflow |
Tenda |
WH450 |
2025-12-29T08:02:08.052Z | 2025-12-29T16:44:16.742Z | |
| cve-2025-15178 | Tenda WH450 HTTP Request VirtualSer stack-based overflow |
Tenda |
WH450 |
2025-12-29T07:32:09.177Z | 2025-12-29T16:44:43.007Z | |
| cve-2025-15228 | 9.3 (v4.0) 9.8 (v3.1) | WELLTEND TECHNOLOGY| BPMFlowWebkit - Arbitrary File Upload |
WELLTEND TECHNOLOGY |
BPMFlowWebkit |
2025-12-29T07:18:59.303Z | 2025-12-29T16:45:14.701Z |
| cve-2025-15227 | 8.7 (v4.0) 7.5 (v3.1) | WELLTEND TECHNOLOGY| BPMFlowWebkit - Arbitrary File Read |
WELLTEND TECHNOLOGY |
BPMFlowWebkit |
2025-12-29T07:10:24.624Z | 2025-12-29T14:31:48.689Z |
| cve-2025-15177 | Tenda WH450 HTTP Request SetIpBind stack-based overflow |
Tenda |
WH450 |
2025-12-29T07:02:07.082Z | 2025-12-29T14:33:44.092Z | |
| cve-2025-15226 | 9.3 (v4.0) 9.8 (v3.1) | Sunnet|WMPro - Arbitrary File Upload |
Sunnet |
WMPro |
2025-12-29T06:39:27.426Z | 2025-12-29T14:34:29.835Z |
| cve-2025-15176 | Open5GS PFCP Session Establishment Request rule-match.… |
n/a |
Open5GS |
2025-12-29T06:32:06.957Z | 2025-12-29T14:38:33.043Z | |
| cve-2025-15225 | 8.7 (v4.0) 7.5 (v3.1) | Sunnet|WMPro - Arbitrary File Read |
Sunnet |
WMPro |
2025-12-29T06:31:49.460Z | 2025-12-29T16:45:35.087Z |
| cve-2025-15175 | SohuTV CacheCloud AppController.java appCommandAnalysi… |
SohuTV |
CacheCloud |
2025-12-29T06:02:06.400Z | 2025-12-29T16:46:17.772Z | |
| cve-2025-13958 | N/A | YaMaps < 0.6.40 - Contributor+ Stored XSS |
Unknown |
YaMaps for WordPress Plugin |
2025-12-29T06:00:10.716Z | 2025-12-29T20:16:35.365Z |
| cve-2025-13417 | N/A | Plugin Organizer < 10.2.4 - Subscriber+ SQLi |
Unknown |
Plugin Organizer |
2025-12-29T06:00:08.587Z | 2025-12-29T20:15:42.608Z |
| cve-2025-15174 | SohuTV CacheCloud AppManageController.java doAppAuditL… |
SohuTV |
CacheCloud |
2025-12-29T05:32:06.622Z | 2025-12-29T16:46:51.322Z | |
| cve-2025-15070 | 6.8 (v4.0) 5.5 (v3.1) | Data Exposure in Gmission Web FAX |
Gmission |
Web Fax |
2025-12-29T05:06:21.656Z | 2025-12-29T17:16:42.132Z |
| cve-2025-15069 | 8.4 (v4.0) 7.1 (v3.1) | Privilege Escalation in Gmission Web FAX |
Gmission |
Web Fax |
2025-12-29T05:05:58.228Z | 2025-12-29T17:22:58.014Z |
| cve-2025-15068 | 8.5 (v4.0) 7.7 (v3.1) | Account Takeover in Gmission Web FAX |
Gmission |
Web Fax |
2025-12-29T05:05:42.777Z | 2025-12-29T17:36:55.788Z |
| cve-2025-15173 | SohuTV CacheCloud InstanceController.java advancedAnal… |
SohuTV |
CacheCloud |
2025-12-29T05:02:05.724Z | 2025-12-29T17:50:08.853Z | |
| cve-2025-15172 | SohuTV CacheCloud RedisConfigTemplateController.java p… |
SohuTV |
CacheCloud |
2025-12-29T04:32:08.554Z | 2025-12-29T17:51:46.399Z | |
| cve-2025-15171 | SohuTV CacheCloud ServerController.java index cross si… |
SohuTV |
CacheCloud |
2025-12-29T04:02:05.763Z | 2025-12-29T14:39:27.399Z | |
| cve-2025-15170 | Advaya Softech GEMS ERP Portal Error Message home.jsp … |
Advaya Softech |
GEMS ERP Portal |
2025-12-29T03:32:07.618Z | 2025-12-29T14:40:15.648Z | |
| cve-2025-15169 | BiggiDroid Simple PHP CMS editsite.php sql injection |
BiggiDroid |
Simple PHP CMS |
2025-12-29T03:02:09.145Z | 2025-12-29T16:09:31.243Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-68503 | 6.5 (v3.1) | WordPress JetBlog plugin <= 2.4.7 - Broken Access Cont… |
Crocoblock |
JetBlog |
2025-12-29T21:15:43.312Z | 2025-12-29T21:15:43.312Z |
| cve-2025-68502 | 4.3 (v3.1) | WordPress JetPopup plugin <= 2.0.20.1 - Insecure Direc… |
Crocoblock |
JetPopup |
2025-12-29T21:16:55.539Z | 2025-12-29T21:16:55.539Z |
| cve-2025-15207 | Campcodes Supplier Management System view_products.php… |
Campcodes |
Supplier Management System |
2025-12-29T22:02:06.250Z | 2025-12-30T15:57:51.672Z | |
| cve-2025-15206 | Campcodes Supplier Management System add_area.php sql … |
Campcodes |
Supplier Management System |
2025-12-29T21:32:07.186Z | 2025-12-30T15:57:56.776Z | |
| cve-2025-69205 | In µURU, a Specially Crafted Federation Name Allows Di… |
olell |
uURU |
2025-12-29T20:52:17.516Z | 2025-12-30T15:46:56.380Z | |
| cve-2025-15205 | code-projects Student File Management System download.… |
code-projects |
Student File Management System |
2025-12-29T21:02:06.928Z | 2025-12-30T15:58:03.924Z | |
| cve-2025-15204 | SohuTV CacheCloud QuartzManageController.java doQuartz… |
SohuTV |
CacheCloud |
2025-12-29T20:32:06.147Z | 2025-12-30T15:58:09.878Z | |
| cve-2024-27480 | N/A | givanz VvvebJs 1.7.2 is vulnerable to Insecure Fi… |
n/a |
n/a |
2025-12-29T00:00:00.000Z | 2025-12-29T20:27:33.820Z |
| cve-2024-25183 | N/A | givanz VvvebJs 1.7.2 is vulnerable to Directory T… |
n/a |
n/a |
2025-12-29T00:00:00.000Z | 2025-12-30T15:58:32.923Z |
| cve-2024-25182 | N/A | givanz VvvebJs 1.7.2 suffers from a File Upload v… |
n/a |
n/a |
2025-12-29T00:00:00.000Z | 2025-12-29T20:40:54.229Z |
| cve-2025-69202 | axios-cache-interceptor Vulnerable to Cache Poisoning … |
arthurfiorette |
axios-cache-interceptor |
2025-12-29T19:13:27.880Z | 2025-12-30T22:25:39.052Z | |
| cve-2025-15203 | SohuTV CacheCloud ResourceController.java index cross … |
SohuTV |
CacheCloud |
2025-12-29T20:02:06.187Z | 2025-12-30T15:58:16.027Z | |
| cve-2025-15202 | SohuTV CacheCloud TaskController.java taskQueueList cr… |
SohuTV |
CacheCloud |
2025-12-29T19:32:06.804Z | 2025-12-30T15:58:21.861Z | |
| cve-2025-14175 | 6 (v4.0) | Weak Algorithm Support in SSH Server on TL-WR820N |
TP-Link Systems Inc. |
TL-WR820N v2.8 |
2025-12-29T19:31:23.473Z | 2025-12-29T19:31:23.473Z |
| cve-2024-30855 | N/A | DedeCMS v5.7 was discovered to contain a Cross-Si… |
n/a |
n/a |
2025-12-29T00:00:00.000Z | 2025-12-31T16:58:55.120Z |
| cve-2024-25181 | N/A | A critical vulnerability has been identified in g… |
n/a |
n/a |
2025-12-29T00:00:00.000Z | 2025-12-30T15:58:38.236Z |
| cve-2025-68706 | N/A | A stack-based buffer overflow exists in the GoAhe… |
n/a |
n/a |
2025-12-29T00:00:00.000Z | 2025-12-31T16:59:00.763Z |
| cve-2025-68431 | libheif has Potential Heap Buffer Over-Read |
strukturag |
libheif |
2025-12-29T19:09:54.628Z | 2025-12-30T22:26:20.374Z | |
| cve-2025-67255 | N/A | In NagiosXI 2026R1.0.1 build 1762361101, Dashboar… |
n/a |
n/a |
2025-12-29T00:00:00.000Z | 2025-12-31T16:59:06.948Z |
| cve-2025-67254 | N/A | NagiosXI 2026R1.0.1 build 1762361101 is vulnerabl… |
n/a |
n/a |
2025-12-29T00:00:00.000Z | 2025-12-31T16:59:12.600Z |
| cve-2025-15201 | SohuTV CacheCloud WebResourceController.java redirectN… |
SohuTV |
CacheCloud |
2025-12-29T19:02:07.207Z | 2025-12-30T22:27:14.236Z | |
| cve-2025-15200 | SohuTV CacheCloud AppClientDataShowController.java doI… |
SohuTV |
CacheCloud |
2025-12-29T18:32:06.529Z | 2025-12-30T22:29:49.105Z | |
| cve-2025-15199 | code-projects College Notes Uploading System userprofi… |
code-projects |
College Notes Uploading System |
2025-12-29T18:02:06.000Z | 2025-12-30T22:32:46.863Z | |
| cve-2025-14728 | 6.8 (v3.1) | Rapid7 Velociraptor Directory Traversal Vulnerability |
Rapid7 |
Velociraptor |
2025-12-29T19:04:27.820Z | 2025-12-30T22:26:47.316Z |
| cve-2025-14280 | PixelYourSite <= 11.1.5 - Sensitive Information Exposu… |
pixelyoursite |
PixelYourSite – Your smart PIXEL (TAG) & API Manager |
2025-12-29T18:20:49.929Z | 2025-12-30T22:30:31.768Z | |
| cve-2025-13592 | Advanced Ads <= 2.0.14 - Authenticated (Editor+) Remot… |
monetizemore |
Advanced Ads – Ad Manager & AdSense |
2025-12-29T18:20:50.576Z | 2025-12-30T22:30:07.259Z | |
| cve-2025-68861 | 7.1 (v3.1) | WordPress Plugin Optimizer plugin <= 1.3.7 - Broken Ac… |
Plugin Optimizer |
Plugin Optimizer |
2025-12-29T17:23:08.542Z | 2025-12-29T18:54:46.003Z |
| cve-2025-66877 | N/A | Buffer overflow vulnerability in function dcputch… |
n/a |
n/a |
2025-12-29T00:00:00.000Z | 2025-12-30T15:24:13.771Z |
| cve-2025-55064 | 4.8 (v3.1) | Priority - CWE-79 Improper Neutralization of Input Dur… |
Priority |
Web |
2025-12-29T17:23:31.236Z | 2025-12-29T18:54:19.110Z |
| cve-2025-55063 | 4.8 (v3.1) | Priority - CWE-79 Improper Neutralization of Input Dur… |
Priority |
Web |
2025-12-29T17:19:52.718Z | 2025-12-29T18:00:32.074Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-192426 | Malicious code in libxmljsololo2 (npm) | 2025-12-09T18:10:28Z | 2025-12-10T21:09:38Z |
| mal-2025-192391 | Malicious code in bignum (PyPI) | 2025-12-09T16:32:42Z | 2025-12-31T02:45:15Z |
| mal-0000-kam193-656d75a27ce114b2 | Malicious code in bignum (PyPI) | 2025-12-09T16:32:42Z | 2025-12-10T01:33:06Z |
| mal-2025-192390 | Malicious code in libxmljs2woter (npm) | 2025-12-09T14:46:17Z | 2025-12-19T16:25:56Z |
| mal-2025-192389 | Malicious code in libxmljs2qwerty (npm) | 2025-12-09T13:57:36Z | 2025-12-10T21:09:38Z |
| mal-2025-192425 | Malicious code in libxmlfinal2 (npm) | 2025-12-09T13:50:46Z | 2025-12-10T21:09:38Z |
| mal-2025-192388 | Malicious code in libxmljs2varaboba (npm) | 2025-12-09T12:17:55Z | 2025-12-10T21:09:38Z |
| mal-0000-kam193-ba206991cd762792 | Malicious code in do-not-install-this-package-001 (PyPI) | 2025-12-09T11:27:51Z | 2025-12-09T20:27:37Z |
| mal-2025-192424 | Malicious code in baidu-oscp (npm) | 2025-12-09T09:25:51Z | 2025-12-10T21:09:36Z |
| mal-2025-192387 | Malicious code in do-not-install-this-package-001 (PyPI) | 2025-12-09T09:25:41Z | 2025-12-31T02:45:15Z |
| mal-2025-192386 | Malicious code in telcoo (PyPI) | 2025-12-09T08:05:51Z | 2025-12-31T02:45:16Z |
| mal-0000-kam193-e3f30e917ee86ce1 | Malicious code in telcoo (PyPI) | 2025-12-09T08:05:51Z | 2025-12-09T08:08:53Z |
| mal-2025-192385 | Malicious code in graphsync (PyPI) | 2025-12-09T08:01:54Z | 2025-12-31T02:45:15Z |
| mal-0000-kam193-5f90028620c243d8 | Malicious code in graphsync (PyPI) | 2025-12-09T08:01:54Z | 2025-12-09T08:01:54Z |
| mal-2025-192384 | Malicious code in jsonify-errors (npm) | 2025-12-09T07:55:28Z | 2025-12-10T21:09:38Z |
| mal-2025-192383 | Malicious code in chai-uuids (npm) | 2025-12-09T07:55:28Z | 2025-12-10T21:09:36Z |
| mal-0000-kam193-040868c9ddc20f1f | Pentesting or research code in sketchfab-spinner (PyPI) | 2025-12-09T06:53:12Z | 2025-12-09T06:53:12Z |
| mal-2025-192382 | Malicious code in raft-dask (PyPI) | 2025-12-09T06:49:43Z | 2025-12-31T02:45:15Z |
| mal-0000-kam193-1cdff39a386ea8fe | Pentesting or research code in raft-dask (PyPI) | 2025-12-09T06:49:43Z | 2025-12-09T06:49:43Z |
| mal-2025-192381 | Malicious code in configurator-framework (npm) | 2025-12-09T04:40:47Z | 2025-12-19T16:25:54Z |
| mal-2025-192380 | Malicious code in sketchfab-spinner (PyPI) | 2025-12-09T03:35:56Z | 2025-12-31T02:45:16Z |
| mal-2025-192379 | Malicious code in helloharry123p (PyPI) | 2025-12-08T23:54:54Z | 2025-12-09T16:44:22Z |
| mal-2025-192378 | Malicious code in shop-api-sdk (npm) | 2025-12-08T19:09:22Z | 2025-12-11T09:27:50Z |
| mal-2025-192377 | Malicious code in gs-uitk-lodash (npm) | 2025-12-08T15:40:53Z | 2025-12-11T09:27:48Z |
| mal-2025-192376 | Malicious code in graphnode (PyPI) | 2025-12-08T14:14:35Z | 2025-12-31T02:45:15Z |
| mal-0000-kam193-eb2a6c67b4c9b8f9 | Malicious code in graphnode (PyPI) | 2025-12-08T14:14:35Z | 2025-12-08T14:14:35Z |
| mal-2025-192373 | Malicious code in @notrainers/nobtrainer-sdk (npm) | 2025-12-08T03:36:55Z | 2025-12-10T21:09:35Z |
| mal-2025-192375 | Malicious code in tensor-fi-utils-core (npm) | 2025-12-08T03:36:17Z | 2025-12-24T10:09:31Z |
| mal-2025-192374 | Malicious code in solana-dexco-basic (npm) | 2025-12-08T03:36:17Z | 2025-12-10T21:09:40Z |
| mal-2025-192368 | Malicious code in paysera-checkout-modal (npm) | 2025-12-07T22:30:57Z | 2025-12-10T21:09:39Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:16345 | Red Hat Security Advisory: command-line-assistant security update | 2025-09-22T09:25:28+00:00 | 2025-11-21T19:26:41+00:00 |
| rhsa-2025:16313 | Red Hat Security Advisory: ImageMagick security update | 2025-09-22T05:39:13+00:00 | 2025-11-21T19:26:39+00:00 |
| rhsa-2025:16260 | Red Hat Security Advisory: firefox security update | 2025-09-22T01:28:33+00:00 | 2025-11-21T19:26:38+00:00 |
| rhsa-2025:16262 | Red Hat Security Advisory: python3 security update | 2025-09-22T01:17:47+00:00 | 2025-11-21T19:26:39+00:00 |
| rhsa-2025:16130 | Red Hat Security Advisory: udisks2 security update | 2025-09-18T14:23:10+00:00 | 2025-11-21T19:26:32+00:00 |
| rhsa-2025:16157 | Red Hat Security Advisory: thunderbird security update | 2025-09-18T13:10:56+00:00 | 2025-11-21T19:26:37+00:00 |
| rhsa-2025:16156 | Red Hat Security Advisory: thunderbird security update | 2025-09-18T10:30:09+00:00 | 2025-11-21T19:26:37+00:00 |
| rhsa-2025:16154 | Red Hat Security Advisory: grub2 security update | 2025-09-18T08:45:20+00:00 | 2025-11-21T19:26:36+00:00 |
| rhsa-2025:16153 | Red Hat Security Advisory: python3 security update | 2025-09-18T07:56:44+00:00 | 2025-11-21T19:26:35+00:00 |
| rhsa-2025:16152 | Red Hat Security Advisory: python3.9 security update | 2025-09-18T07:56:08+00:00 | 2025-11-21T19:26:34+00:00 |
| rhsa-2025:16151 | Red Hat Security Advisory: python3 security update | 2025-09-18T07:55:09+00:00 | 2025-11-21T19:26:34+00:00 |
| rhsa-2025:15672 | Red Hat Security Advisory: OpenShift Container Platform 4.13.60 bug fix and security update | 2025-09-18T05:46:13+00:00 | 2025-11-29T00:08:55+00:00 |
| rhsa-2025:15673 | Red Hat Security Advisory: OpenShift Container Platform 4.13.60 bug fix and security update | 2025-09-18T04:52:06+00:00 | 2025-11-29T06:53:07+00:00 |
| rhsa-2025:15674 | Red Hat Security Advisory: OpenShift Container Platform 4.13.60 security and extras update | 2025-09-18T04:25:22+00:00 | 2025-11-29T00:08:55+00:00 |
| rhsa-2025:16125 | Red Hat Security Advisory: udisks2 security update | 2025-09-17T20:37:27+00:00 | 2025-11-21T19:26:30+00:00 |
| rhsa-2025:16124 | Red Hat Security Advisory: Custom Metrics Autoscaler Operator for Red Hat OpenShift 2.17.2-1 Update | 2025-09-17T19:43:34+00:00 | 2025-11-25T21:54:39+00:00 |
| rhsa-2025:16122 | Red Hat Security Advisory: udisks2 security update | 2025-09-17T18:58:27+00:00 | 2025-11-21T19:26:30+00:00 |
| rhsa-2025:16121 | Red Hat Security Advisory: udisks2 security update | 2025-09-17T18:30:12+00:00 | 2025-11-21T19:26:28+00:00 |
| rhsa-2025:16116 | Red Hat Security Advisory: gnutls security, bug fix, and enhancement update | 2025-09-17T18:17:11+00:00 | 2025-11-21T19:26:25+00:00 |
| rhsa-2025:16118 | Red Hat Security Advisory: python39:3.9 security update | 2025-09-17T17:59:12+00:00 | 2025-11-21T19:26:27+00:00 |
| rhsa-2025:16117 | Red Hat Security Advisory: python3 security update | 2025-09-17T17:59:11+00:00 | 2025-11-21T19:26:27+00:00 |
| rhsa-2025:16115 | Red Hat Security Advisory: gnutls security, bug fix, and enhancement update | 2025-09-17T17:13:16+00:00 | 2025-11-21T19:26:29+00:00 |
| rhsa-2025:16108 | Red Hat Security Advisory: firefox security update | 2025-09-17T15:53:46+00:00 | 2025-11-21T19:26:22+00:00 |
| rhsa-2025:16109 | Red Hat Security Advisory: firefox security update | 2025-09-17T15:41:36+00:00 | 2025-11-21T19:26:22+00:00 |
| rhsa-2025:16086 | Red Hat Security Advisory: mysql security update | 2025-09-17T15:33:11+00:00 | 2025-11-21T19:26:21+00:00 |
| rhsa-2025:16099 | Red Hat Security Advisory: postgresql security update | 2025-09-17T15:33:06+00:00 | 2025-11-21T19:26:20+00:00 |
| rhsa-2025:16106 | Red Hat Security Advisory: udisks2 security update | 2025-09-17T15:30:26+00:00 | 2025-11-21T19:26:22+00:00 |
| rhsa-2025:16090 | Red Hat Security Advisory: udisks2 security update | 2025-09-17T14:51:21+00:00 | 2025-11-21T19:26:20+00:00 |
| rhsa-2025:16078 | Red Hat Security Advisory: python39:3.9 security update | 2025-09-17T14:45:21+00:00 | 2025-11-21T19:26:18+00:00 |
| rhsa-2025:16062 | Red Hat Security Advisory: python39:3.9 security update | 2025-09-17T14:27:11+00:00 | 2025-11-21T19:26:17+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2025-9086 | Out of bounds read for cookie path | 2025-09-02T00:00:00.000Z | 2025-12-06T14:37:40.000Z |
| msrc_cve-2025-8869 | Fallback tar extraction in pip doesn't check symbolic links point to extraction directory | 2025-09-02T00:00:00.000Z | 2025-09-27T01:02:56.000Z |
| msrc_cve-2025-8277 | Libssh: memory exhaustion via repeated key exchange in libssh | 2025-09-02T00:00:00.000Z | 2025-12-06T14:37:35.000Z |
| msrc_cve-2025-7039 | Glib: buffer under-read on glib through glib/gfileutils.c via get_tmp_file() | 2025-09-02T00:00:00.000Z | 2025-09-05T01:05:05.000Z |
| msrc_cve-2025-60019 | Glib-networking: uninitialized memory dereferences on glib-networking through glib-networking/tls/openssl/gtlsbio.c via g_tls_bio_new_from_iostream() and g_tls_bio_new_from_datagram_based() | 2025-09-02T00:00:00.000Z | 2025-09-29T01:01:23.000Z |
| msrc_cve-2025-60018 | Glib-networking: out of bound reads on glib-networking through tls/openssl/gtlscertificate-openssl.c via "g_tls_certificate_openssl_get_property()" | 2025-09-02T00:00:00.000Z | 2025-09-29T01:01:31.000Z |
| msrc_cve-2025-59825 | astral-tokio-tar has a path traversal in tar extraction | 2025-09-02T00:00:00.000Z | 2025-09-27T01:03:20.000Z |
| msrc_cve-2025-59375 | libexpat in Expat before 2.7.2 allows attackers to trigger large dynamic memory allocations via a small document that is submitted for parsing. | 2025-09-02T00:00:00.000Z | 2025-09-16T01:01:15.000Z |
| msrc_cve-2025-59362 | Squid through 7.1 mishandles ASN.1 encoding of long SNMP OIDs. This occurs in asn_build_objid in lib/snmplib/asn1.c. | 2025-09-02T00:00:00.000Z | 2025-09-28T01:02:19.000Z |
| msrc_cve-2025-58767 | REXML has a DoS condition when parsing malformed XML file | 2025-09-02T00:00:00.000Z | 2025-09-21T01:04:06.000Z |
| msrc_cve-2025-58754 | Axios is vulnerable to DoS attack through lack of data size check | 2025-09-02T00:00:00.000Z | 2025-09-16T01:02:01.000Z |
| msrc_cve-2025-58749 | WAMR runtime hangs or crashes with large memory.fill addresses in LLVM-JIT mode | 2025-09-02T00:00:00.000Z | 2025-09-21T01:03:55.000Z |
| msrc_cve-2025-58364 | cups: Remote DoS via null dereference | 2025-09-02T00:00:00.000Z | 2025-09-12T01:09:13.000Z |
| msrc_cve-2025-58354 | Kata Containers coco-tdx malicious host can circumvent initdata verification | 2025-09-02T00:00:00.000Z | 2025-12-07T01:35:50.000Z |
| msrc_cve-2025-58063 | CoreDNS: DNS Cache Pinning via etcd Lease ID Confusion | 2025-09-02T00:00:00.000Z | 2025-09-11T01:01:49.000Z |
| msrc_cve-2025-58060 | cups has Authentication bypass with AuthType Negotiate | 2025-09-02T00:00:00.000Z | 2025-09-12T01:08:34.000Z |
| msrc_cve-2025-57052 | cJSON 1.5.0 through 1.7.18 allows out-of-bounds access via the decode_array_index_from_pointer function in cJSON_Utils.c, allowing remote attackers to bypass array bounds checking and access restricted data via malformed JSON pointer strings containing alphanumeric characters. | 2025-09-02T00:00:00.000Z | 2025-09-07T01:15:37.000Z |
| msrc_cve-2025-55560 | An issue in pytorch v2.7.0 can lead to a Denial of Service (DoS) when a PyTorch model consists of torch.Tensor.to_sparse() and torch.Tensor.to_dense() and is compiled by Inductor. | 2025-09-02T00:00:00.000Z | 2025-12-07T01:36:29.000Z |
| msrc_cve-2025-55558 | A buffer overflow occurs in pytorch v2.7.0 when a PyTorch model consists of torch.nn.Conv2d, torch.nn.functional.hardshrink, and torch.Tensor.view-torch.mv() and is compiled by Inductor, leading to a Denial of Service (DoS). | 2025-09-02T00:00:00.000Z | 2025-11-25T01:38:02.000Z |
| msrc_cve-2025-55557 | A Name Error occurs in pytorch v2.7.0 when a PyTorch model consists of torch.cummin and is compiled by Inductor, leading to a Denial of Service (DoS). | 2025-09-02T00:00:00.000Z | 2025-10-02T01:05:13.000Z |
| msrc_cve-2025-55554 | pytorch v2.8.0 was discovered to contain an integer overflow in the component torch.nan_to_num-.long(). | 2025-09-02T00:00:00.000Z | 2025-12-07T01:37:47.000Z |
| msrc_cve-2025-55553 | A syntax error in the component proxy_tensor.py of pytorch v2.7.0 allows attackers to cause a Denial of Service (DoS). | 2025-09-02T00:00:00.000Z | 2025-10-01T17:11:29.000Z |
| msrc_cve-2025-55552 | pytorch v2.8.0 was discovered to display unexpected behavior when the components torch.rot90 and torch.randn_like are used together. | 2025-09-02T00:00:00.000Z | 2025-12-07T01:37:33.000Z |
| msrc_cve-2025-55551 | An issue in the component torch.linalg.lu of pytorch v2.8.0 allows attackers to cause a Denial of Service (DoS) when performing a slice operation. | 2025-09-02T00:00:00.000Z | 2025-12-07T01:37:15.000Z |
| msrc_cve-2025-4953 | Podman: build context bind mount | 2025-09-02T00:00:00.000Z | 2025-12-03T01:39:03.000Z |
| msrc_cve-2025-48041 | SSH_FXP_OPENDIR may Lead to Exhaustion of File Handles | 2025-09-02T00:00:00.000Z | 2025-09-12T01:08:55.000Z |
| msrc_cve-2025-48040 | Malicious Key Exchange Messages may Lead to Excessive Resource Consumption | 2025-09-02T00:00:00.000Z | 2025-09-13T01:06:10.000Z |
| msrc_cve-2025-48039 | Unverified Paths can Cause Excessive Use of System Resources | 2025-09-02T00:00:00.000Z | 2025-09-12T01:09:04.000Z |
| msrc_cve-2025-48038 | Unverified File Handles can Cause Excessive Use of System Resources | 2025-09-02T00:00:00.000Z | 2025-09-12T01:08:45.000Z |
| msrc_cve-2025-46153 | PyTorch before 3.7.0 has a bernoulli_p decompose function in decompositions.py even though it lacks full consistency with the eager CPU implementation, negatively affecting nn.Dropout1d, nn.Dropout2d, and nn.Dropout3d for fallback_random=True. | 2025-09-02T00:00:00.000Z | 2025-10-02T01:04:57.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2022-001382 | File Permission Vulnerability in Hitachi Command Suite | 2022-03-07T15:35+09:00 | 2022-03-07T15:35+09:00 |
| jvndb-2022-000008 | i-FILTER vulnerable to improper check for certificate revocation | 2022-03-04T14:12+09:00 | 2022-03-04T14:12+09:00 |
| jvndb-2022-000019 | pfSense-pkg-WireGuard vulnerable to directory traversal | 2022-03-03T15:08+09:00 | 2024-06-20T16:51+09:00 |
| jvndb-2022-001381 | Multiple vulnerabilities in Trend Micro ServerProtect | 2022-03-03T14:42+09:00 | 2024-06-21T17:58+09:00 |
| jvndb-2022-000018 | MarkText vulnerable to cross-site scripting | 2022-03-03T14:40+09:00 | 2024-06-20T16:46+09:00 |
| jvndb-2022-000017 | Norton Security for Mac improperly processes ICMP packets | 2022-03-03T14:32+09:00 | 2022-03-03T14:32+09:00 |
| jvndb-2022-001380 | Multiples security updates for Trend Micro Endpoint security products for enterprises (March 2022) | 2022-03-02T17:07+09:00 | 2022-03-02T17:07+09:00 |
| jvndb-2022-000015 | EC-CUBE improperly handles HTTP Host header values | 2022-02-22T14:22+09:00 | 2024-06-21T17:39+09:00 |
| jvndb-2022-000013 | EC-CUBE plugin "Mail Magazine Management Plugin" vulnerable to cross-site request forgery | 2022-02-22T14:09+09:00 | 2024-06-21T14:05+09:00 |
| jvndb-2022-000014 | Multiple vulnerabilities in a-blog cms | 2022-02-18T15:55+09:00 | 2022-02-18T15:55+09:00 |
| jvndb-2022-001372 | Trend Micro Antivirus for MAC vulnerable to privilege escalation | 2022-02-18T14:55+09:00 | 2024-06-21T18:04+09:00 |
| jvndb-2022-000012 | Multiple vulnerabilities in phpUploader | 2022-02-17T15:20+09:00 | 2022-02-17T15:20+09:00 |
| jvndb-2022-000011 | HPE Agentless Management registers unquoted service paths | 2022-02-09T15:49+09:00 | 2022-02-09T15:49+09:00 |
| jvndb-2022-001299 | Cross-site Scripting Vulnerability in JP1/IT Desktop Management 2 | 2022-02-08T17:15+09:00 | 2022-02-08T17:15+09:00 |
| jvndb-2022-000009 | CSV+ vulnerable to cross-site scripting | 2022-02-08T16:33+09:00 | 2022-02-08T16:33+09:00 |
| jvndb-2022-000010 | Multiple vulnerabilities in multiple ELECOM LAN routers | 2022-02-08T16:13+09:00 | 2022-02-08T16:13+09:00 |
| jvndb-2016-008013 | Multiple ESET products for macOS vulnerable to improper server certificate verification | 2022-02-07T14:18+09:00 | 2022-02-07T14:18+09:00 |
| jvndb-2022-000007 | Multiple vulnerabilities in TransmitMail | 2022-01-25T15:31+09:00 | 2022-01-25T15:31+09:00 |
| jvndb-2022-001097 | Multiple vulnerabilities in Trend Micro Deep Security and Cloud One - Workload Security Agent for Linux | 2022-01-25T13:35+09:00 | 2022-01-25T13:35+09:00 |
| jvndb-2022-001087 | GROWI vulnerable to authorization bypass through user-controlled key | 2022-01-24T14:07+09:00 | 2022-01-24T14:07+09:00 |
| jvndb-2022-000006 | Multiple cross-site scripting vulnerabilities in php_mailform | 2022-01-20T15:42+09:00 | 2022-01-20T15:42+09:00 |
| jvndb-2022-000001 | Canon laser printers and small office multifunctional printers vulnerable to cross-site scripting | 2022-01-19T14:00+09:00 | 2022-01-19T14:00+09:00 |
| jvndb-2022-000005 | PASSWORD MANAGER "MIRUPASS" PW10 / PW20 missing encryption | 2022-01-13T15:26+09:00 | 2022-01-13T15:26+09:00 |
| jvndb-2022-000004 | Label printers "TEPRA" PRO SR5900P / SR-R7900P vulnerable to insufficiently protected credentials | 2022-01-13T15:21+09:00 | 2022-01-13T15:21+09:00 |
| jvndb-2022-000003 | Jimoty App for Android uses a hard-coded API key for an external service | 2022-01-12T15:37+09:00 | 2022-01-12T15:37+09:00 |
| jvndb-2022-000002 | Multiple vulnerabilities in WordPress Plugin "Quiz And Survey Master" | 2022-01-12T15:33+09:00 | 2022-01-12T15:33+09:00 |
| jvndb-2021-006146 | Multiple vulnerabilities in KONICA MINOLTA MFPs and printing systems | 2021-12-28T11:51+09:00 | 2021-12-28T11:51+09:00 |
| jvndb-2021-006117 | Multiple vulnerabilities in IDEC PLCs | 2021-12-27T16:54+09:00 | 2022-01-11T16:36+09:00 |
| jvndb-2021-006026 | TP-Link TL-WR802N V4(JP) vulnerable to OS command injection | 2021-12-24T15:31+09:00 | 2021-12-24T15:31+09:00 |
| jvndb-2021-005998 | Multiple vulnerabilities in QNAP VioStar NVR | 2021-12-24T10:58+09:00 | 2021-12-24T10:58+09:00 |
| ID | Description | Updated |
|---|