Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-96cx-3fh6-vv56 | The WP2Social Auto Publish plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via… | 2025-11-08T06:30:26Z | 2025-11-08T06:30:26Z |
| ghsa-8h59-9955-wv9r | The Ovatheme Events Manager plugin for WordPress is vulnerable to unauthorized access due to a miss… | 2025-11-08T06:30:26Z | 2025-11-08T06:30:26Z |
| ghsa-6mgg-q6v6-jm65 | The Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI plugin for WordPress is vulnera… | 2025-11-08T06:30:26Z | 2025-11-08T06:30:26Z |
| ghsa-5vw4-6m45-994c | The Download Manager plugin for WordPress is vulnerable to unauthorized access due to a hardcoded C… | 2025-11-08T06:30:26Z | 2025-11-08T06:30:26Z |
| ghsa-4q76-wc8j-pm27 | The Course Booking System plugin for WordPress is vulnerable to unauthorized access of data due to … | 2025-11-08T06:30:26Z | 2025-11-08T06:30:26Z |
| ghsa-2mx4-g8fr-m5m8 | The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Limited … | 2025-11-08T06:30:26Z | 2025-11-08T06:30:27Z |
| ghsa-m598-vr3f-944r | The Asgaros Forum plugin for WordPress is vulnerable to SQL Injection via the '$_COOKIE['asgarosfor… | 2025-11-08T03:31:18Z | 2025-11-08T03:31:18Z |
| ghsa-c563-3pgf-9rc7 | The Simple Downloads List plugin for WordPress is vulnerable to unauthorized modification of data d… | 2025-11-08T03:31:18Z | 2025-11-08T03:31:18Z |
| ghsa-6494-xg3r-pv38 | Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remot… | 2025-11-08T00:31:02Z | 2025-11-08T00:31:02Z |
| ghsa-qv29-2g6c-w6pf | Inappropriate implementation in Passkeys in Google Chrome prior to 140.0.7339.80 allowed a local at… | 2025-11-08T00:31:01Z | 2025-11-08T00:31:02Z |
| ghsa-cvvh-gp7g-9334 | Insufficient policy enforcement in Devtools in Google Chrome prior to 140.0.7339.80 allowed a remot… | 2025-11-08T00:31:01Z | 2025-11-08T00:31:01Z |
| ghsa-885p-rxgp-x27q | Insufficient validation of untrusted input in Devtools in Google Chrome prior to 140.0.7339.80 allo… | 2025-11-08T00:31:01Z | 2025-11-08T00:31:01Z |
| ghsa-5p88-6546-29fh | Improper Authorization in Elastic Cloud Enterprise can lead to Privilege Escalation where the built… | 2025-11-08T00:31:01Z | 2025-11-08T00:31:01Z |
| ghsa-4m4m-6fm5-244f | Inappropriate implementation in Permissions in Google Chrome prior to 140.0.7339.80 allowed a remot… | 2025-11-08T00:31:01Z | 2025-11-08T00:31:01Z |
| ghsa-3jxx-m7vj-jgc2 | Insufficient validation of untrusted input in Downloads in Google Chrome on Android prior to 140.0.… | 2025-11-08T00:31:01Z | 2025-11-08T00:31:01Z |
| ghsa-2327-x98x-57c5 | Inappropriate implementation in Downloads in Google Chrome on Windows prior to 140.0.7339.80 allowe… | 2025-11-08T00:31:01Z | 2025-11-08T00:31:01Z |
| ghsa-j892-g9v8-f728 | Various Ruijie Gateway EG and NBR models firmware versions 11.1(6)B9P1 < 11.9(4)B12P1 contain a cod… | 2025-11-08T00:31:00Z | 2025-11-08T00:31:00Z |
| ghsa-frcm-hvx7-5p9q | Potential Denial of Service issue in all supported versions of Revenera InstallShield version 2025 … | 2025-11-08T00:31:00Z | 2025-11-08T00:31:00Z |
| ghsa-6wcq-272p-hrjw | A Local File Inclusion (LFI) vulnerability has been identified in tQuadra CMS 4.2.1117. The issue e… | 2025-11-08T00:31:00Z | 2025-11-08T00:31:00Z |
| ghsa-4pqv-hw6c-g45v | A stored cross-site scripting (XSS) vulnerability in the CrushFTP 11.3.7_50 Admin Panel (Reports / … | 2025-11-08T00:31:00Z | 2025-11-08T00:31:00Z |
| ghsa-vfpf-xmwh-8m65 | ProsemirrorToHtml has a Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values | 2025-11-07T23:17:31Z | 2025-11-07T23:17:31Z |
| ghsa-f83h-ghpp-7wcc | Insecure Deserialization (pickle) in pdfminer.six CMap Loader — Local Privesc | 2025-11-07T23:17:05Z | 2025-11-07T23:17:05Z |
| ghsa-q269-xqww-45mm | A weakness has been identified in mruby 3.4.0. This vulnerability affects the function ary_fill_exe… | 2025-11-07T21:31:21Z | 2025-11-07T21:31:21Z |
| ghsa-p7g8-g57p-r8qx | A flaw was found in FFmpeg’s ALS audio decoder, where it does not properly check for memory allocat… | 2025-11-07T21:31:21Z | 2025-11-07T21:31:21Z |
| ghsa-fx2p-cf25-w3gm | A reflected cross-site scripting (XSS) vulnerability in CKeditor v46.1.0 & Angular v18.0.0 allows a… | 2025-11-07T21:31:21Z | 2025-11-07T21:31:21Z |
| ghsa-88qg-f543-x242 | A flaw was found in Samba, in the front-end WINS hook handling: NetBIOS names from registration pac… | 2025-11-07T21:31:21Z | 2025-11-07T21:31:21Z |
| ghsa-xvvv-9ch3-x72q | Improper resource management in firmware of some Solidigm DC Products may allow an attacker with lo… | 2025-11-07T21:31:20Z | 2025-11-07T21:31:21Z |
| ghsa-whqj-vxh6-h4wx | IBM Sterling B2B Integrator 6.0.0.0 through 6.1.2.7_1, 6.2.0.0 through 6.2.0.5, and 6.2.1.0 and IBM… | 2025-11-07T21:31:20Z | 2025-11-07T21:31:20Z |
| ghsa-w3m4-2rp8-wq32 | The change password functionality at /pet_grooming/admin/change_pass.php in SourceCodester Pet Groo… | 2025-11-07T21:31:20Z | 2025-11-07T21:31:20Z |
| ghsa-vx5j-462j-vrmg | Sourcecodester AI-Powered To-Do List App v1.0 is vulnerable to Cross-Site Scripting (XSS) in the "T… | 2025-11-07T21:31:20Z | 2025-11-07T21:31:21Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-11748 | Groups <= 6.7.0 - Authenticated (Subscriber+) Insecure… |
itthinx |
Groups |
2025-11-08T03:27:49.308Z | 2025-11-08T03:27:49.308Z | |
| cve-2025-12161 | Smart Auto Upload Images <= 1.2.0 - Authenticated (Con… |
burhandodhy |
Smart Auto Upload Images – Import External Images |
2025-11-08T03:27:48.931Z | 2025-11-08T03:27:48.931Z | |
| cve-2025-12193 | Mang Board WP <= 2.3.1 - Reflected Cross-Site Scripting |
kitae-park |
Mang Board WP |
2025-11-08T03:27:48.543Z | 2025-11-08T03:27:48.543Z | |
| cve-2025-11972 | Tag, Category, and Taxonomy Manager – AI Autotagger wi… |
stevejburge |
Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI |
2025-11-08T03:27:48.135Z | 2025-11-08T03:27:48.135Z | |
| cve-2025-7663 | Ovatheme Events Manager <= 1.8.6 - Missing Authorization |
ovatheme |
Ovatheme Events Manager |
2025-11-08T03:27:47.659Z | 2025-11-08T03:27:47.659Z | |
| cve-2025-12353 | WPFunnels <= 3.6.2 - Unauthorized User Registration |
getwpfunnels |
Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels |
2025-11-08T03:27:47.222Z | 2025-11-08T03:27:47.222Z | |
| cve-2025-12042 | Course Booking System <= 6.1.5 - Missing Authorization… |
werbeagenturcommotion |
Course Booking System |
2025-11-08T03:27:46.819Z | 2025-11-08T03:27:46.819Z | |
| cve-2025-12064 | WP2Social Auto Publish <= 2.4.7 - Reflected Cross-Site… |
f1logic |
WP2Social Auto Publish |
2025-11-08T03:27:46.417Z | 2025-11-08T03:27:46.417Z | |
| cve-2025-12177 | Download Manager <= 3.3.30 - Unauthenticated Cron Trig… |
codename065 |
Download Manager |
2025-11-08T03:27:45.992Z | 2025-11-08T03:27:45.992Z | |
| cve-2025-12167 | Contact Form 7 AWeber Extension <= 0.1.42 - Missing Au… |
rnzo |
Contact Form 7 AWeber Extension |
2025-11-08T03:27:45.362Z | 2025-11-08T03:27:45.362Z | |
| cve-2025-12583 | Simple Downloads List <= 1.4.3 - Missing Authorization… |
neofix |
Simple Downloads List |
2025-11-08T02:28:03.760Z | 2025-11-08T02:28:03.760Z | |
| cve-2025-11452 | Asgaros Forum <= 3.1.0 - Unauthenticated SQL Injection |
asgaros |
Asgaros Forum |
2025-11-08T02:28:01.507Z | 2025-11-08T02:28:01.507Z | |
| cve-2025-64496 | Open WebUI Affected by an External Model Server (Direc… |
open-webui |
open-webui |
2025-11-08T01:29:02.654Z | 2025-11-08T01:29:02.654Z | |
| cve-2025-64495 | Open WebUI vulnerable to Stored DOM XSS via prompts wh… |
open-webui |
open-webui |
2025-11-08T01:25:48.995Z | 2025-11-08T01:25:48.995Z | |
| cve-2025-64494 | Soft Serve does not sanitize ANSI escape sequences in … |
charmbracelet |
soft-serve |
2025-11-08T01:19:01.203Z | 2025-11-08T01:19:01.203Z | |
| cve-2025-64493 | SuiteCRM is Vulnerable to Authenticated Blind SQL Inje… |
SuiteCRM |
SuiteCRM-Core |
2025-11-08T01:16:22.833Z | 2025-11-08T01:16:22.833Z | |
| cve-2025-64492 | SuiteCRM is Vulnerable to Authenticated Time Based Bli… |
SuiteCRM |
SuiteCRM-Core |
2025-11-08T01:07:23.393Z | 2025-11-08T01:07:23.393Z | |
| cve-2025-64491 | SuiteCRM is vulnerable to unauthenticated reflected XS… |
SuiteCRM |
SuiteCRM |
2025-11-08T00:45:07.617Z | 2025-11-08T00:45:07.617Z | |
| cve-2025-64490 | SuiteCRM's Inconsistent RBAC Enforcement Enables Acces… |
SuiteCRM |
SuiteCRM |
2025-11-08T00:22:38.183Z | 2025-11-08T00:22:38.183Z | |
| cve-2025-64489 | SuiteCRM: Privilege Escalation via Improper Session In… |
SuiteCRM |
SuiteCRM |
2025-11-08T00:15:44.728Z | 2025-11-08T00:15:44.728Z | |
| cve-2025-64488 | SuiteCRM: Authenticated SQL Injection Possible in Resc… |
SuiteCRM |
SuiteCRM |
2025-11-07T23:59:46.011Z | 2025-11-07T23:59:46.011Z | |
| cve-2025-64486 | calibre is vulnerable to arbitrary code execution when… |
kovidgoyal |
calibre |
2025-11-07T23:25:55.996Z | 2025-11-07T23:25:55.996Z | |
| cve-2025-12911 | N/A | Inappropriate implementation in Permissions in Go… |
Google |
Chrome |
2025-11-07T23:23:39.451Z | 2025-11-07T23:23:39.451Z |
| cve-2025-12910 | N/A | Inappropriate implementation in Passkeys in Googl… |
Google |
Chrome |
2025-11-07T23:23:39.074Z | 2025-11-07T23:23:39.074Z |
| cve-2025-12909 | N/A | Insufficient policy enforcement in Devtools in Go… |
Google |
Chrome |
2025-11-07T23:23:38.684Z | 2025-11-07T23:23:38.684Z |
| cve-2025-12908 | N/A | Insufficient validation of untrusted input in Dow… |
Google |
Chrome |
2025-11-07T23:23:38.329Z | 2025-11-07T23:23:38.329Z |
| cve-2025-12907 | N/A | Insufficient validation of untrusted input in Dev… |
Google |
Chrome |
2025-11-07T23:23:37.805Z | 2025-11-07T23:23:37.805Z |
| cve-2025-12906 | N/A | Inappropriate implementation in Permissions in Go… |
Google |
Chrome |
2025-11-07T23:23:37.150Z | 2025-11-07T23:23:37.150Z |
| cve-2025-12905 | N/A | Inappropriate implementation in Downloads in Goog… |
Google |
Chrome |
2025-11-07T23:23:36.585Z | 2025-11-07T23:23:36.585Z |
| cve-2025-64485 | CVAT: Mounted share file overwrite via crafted request |
cvat-ai |
cvat |
2025-11-07T23:21:06.984Z | 2025-11-07T23:21:06.984Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-12161 | Smart Auto Upload Images <= 1.2.0 - Authenticated (Con… |
burhandodhy |
Smart Auto Upload Images – Import External Images |
2025-11-08T03:27:48.931Z | 2025-11-08T03:27:48.931Z | |
| cve-2025-12125 | HTML Forms <= 1.5.5 - Authenticated (Admin+) Stored Cr… |
linksoftware |
HTML Forms – Simple WordPress Forms Plugin |
2025-11-08T03:27:50.508Z | 2025-11-08T03:27:50.508Z | |
| cve-2025-12112 | Insert Headers and Footers Code – HT Script <= 1.1.6 -… |
htplugins |
Insert Headers and Footers Code – HT Script |
2025-11-08T03:27:50.117Z | 2025-11-08T03:27:50.117Z | |
| cve-2025-12064 | WP2Social Auto Publish <= 2.4.7 - Reflected Cross-Site… |
f1logic |
WP2Social Auto Publish |
2025-11-08T03:27:46.417Z | 2025-11-08T03:27:46.417Z | |
| cve-2025-12042 | Course Booking System <= 6.1.5 - Missing Authorization… |
werbeagenturcommotion |
Course Booking System |
2025-11-08T03:27:46.819Z | 2025-11-08T03:27:46.819Z | |
| cve-2025-12000 | WPFunnels <= 3.6.2 - Authenticated (Administrator+) Ar… |
getwpfunnels |
Easy WordPress Funnel Builder To Collect Leads And Increase Sales – WPFunnels |
2025-11-08T03:27:49.707Z | 2025-11-08T03:27:49.707Z | |
| cve-2025-11972 | Tag, Category, and Taxonomy Manager – AI Autotagger wi… |
stevejburge |
Tag, Category, and Taxonomy Manager – AI Autotagger with OpenAI |
2025-11-08T03:27:48.135Z | 2025-11-08T03:27:48.135Z | |
| cve-2025-11748 | Groups <= 6.7.0 - Authenticated (Subscriber+) Insecure… |
itthinx |
Groups |
2025-11-08T03:27:49.308Z | 2025-11-08T03:27:49.308Z | |
| cve-2025-12583 | Simple Downloads List <= 1.4.3 - Missing Authorization… |
neofix |
Simple Downloads List |
2025-11-08T02:28:03.760Z | 2025-11-08T02:28:03.760Z | |
| cve-2025-11452 | Asgaros Forum <= 3.1.0 - Unauthenticated SQL Injection |
asgaros |
Asgaros Forum |
2025-11-08T02:28:01.507Z | 2025-11-08T02:28:01.507Z | |
| cve-2025-64496 | Open WebUI Affected by an External Model Server (Direc… |
open-webui |
open-webui |
2025-11-08T01:29:02.654Z | 2025-11-08T01:29:02.654Z | |
| cve-2025-64495 | Open WebUI vulnerable to Stored DOM XSS via prompts wh… |
open-webui |
open-webui |
2025-11-08T01:25:48.995Z | 2025-11-08T01:25:48.995Z | |
| cve-2025-64494 | Soft Serve does not sanitize ANSI escape sequences in … |
charmbracelet |
soft-serve |
2025-11-08T01:19:01.203Z | 2025-11-08T01:19:01.203Z | |
| cve-2025-64493 | SuiteCRM is Vulnerable to Authenticated Blind SQL Inje… |
SuiteCRM |
SuiteCRM-Core |
2025-11-08T01:16:22.833Z | 2025-11-08T01:16:22.833Z | |
| cve-2025-64492 | SuiteCRM is Vulnerable to Authenticated Time Based Bli… |
SuiteCRM |
SuiteCRM-Core |
2025-11-08T01:07:23.393Z | 2025-11-08T01:07:23.393Z | |
| cve-2025-64491 | SuiteCRM is vulnerable to unauthenticated reflected XS… |
SuiteCRM |
SuiteCRM |
2025-11-08T00:45:07.617Z | 2025-11-08T00:45:07.617Z | |
| cve-2025-64490 | SuiteCRM's Inconsistent RBAC Enforcement Enables Acces… |
SuiteCRM |
SuiteCRM |
2025-11-08T00:22:38.183Z | 2025-11-08T00:22:38.183Z | |
| cve-2025-64489 | SuiteCRM: Privilege Escalation via Improper Session In… |
SuiteCRM |
SuiteCRM |
2025-11-08T00:15:44.728Z | 2025-11-08T00:15:44.728Z | |
| cve-2025-64488 | SuiteCRM: Authenticated SQL Injection Possible in Resc… |
SuiteCRM |
SuiteCRM |
2025-11-07T23:59:46.011Z | 2025-11-07T23:59:46.011Z | |
| cve-2025-64486 | calibre is vulnerable to arbitrary code execution when… |
kovidgoyal |
calibre |
2025-11-07T23:25:55.996Z | 2025-11-07T23:25:55.996Z | |
| cve-2025-64485 | CVAT: Mounted share file overwrite via crafted request |
cvat-ai |
cvat |
2025-11-07T23:21:06.984Z | 2025-11-07T23:21:06.984Z | |
| cve-2025-12911 | N/A | Inappropriate implementation in Permissions in Go… |
Google |
Chrome |
2025-11-07T23:23:39.451Z | 2025-11-07T23:23:39.451Z |
| cve-2025-12910 | N/A | Inappropriate implementation in Passkeys in Googl… |
Google |
Chrome |
2025-11-07T23:23:39.074Z | 2025-11-07T23:23:39.074Z |
| cve-2025-12909 | N/A | Insufficient policy enforcement in Devtools in Go… |
Google |
Chrome |
2025-11-07T23:23:38.684Z | 2025-11-07T23:23:38.684Z |
| cve-2025-12908 | N/A | Insufficient validation of untrusted input in Dow… |
Google |
Chrome |
2025-11-07T23:23:38.329Z | 2025-11-07T23:23:38.329Z |
| cve-2025-12907 | N/A | Insufficient validation of untrusted input in Dev… |
Google |
Chrome |
2025-11-07T23:23:37.805Z | 2025-11-07T23:23:37.805Z |
| cve-2025-12906 | N/A | Inappropriate implementation in Permissions in Go… |
Google |
Chrome |
2025-11-07T23:23:37.150Z | 2025-11-07T23:23:37.150Z |
| cve-2025-12905 | N/A | Inappropriate implementation in Downloads in Goog… |
Google |
Chrome |
2025-11-07T23:23:36.585Z | 2025-11-07T23:23:36.585Z |
| cve-2025-64437 | KubeVirt Isolation Detection Flaw Allows Arbitrary Fil… |
kubevirt |
kubevirt |
2025-11-07T23:04:10.913Z | 2025-11-07T23:04:10.913Z | |
| cve-2025-64436 | KubeVirt Excessive Role Permissions Could Enable Unaut… |
kubevirt |
kubevirt |
2025-11-07T22:59:47.228Z | 2025-11-07T22:59:47.228Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-49698 | Malicious code in yuni-ketan65-devapp (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49697 | Malicious code in yuni-kacang89-sukiwir (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49696 | Malicious code in yuni-jengkol41-breki (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49695 | Malicious code in yuni-gulai75-ruro (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49694 | Malicious code in yuni-gembus33-sluey (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49693 | Malicious code in yuni-enting7-miaww (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49692 | Malicious code in yuni-empal67-sukiwir (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49691 | Malicious code in yuni-dradag68-sluey (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49690 | Malicious code in yuni-brongkos6-sluey (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49689 | Malicious code in yuni-botok35-sukiwir (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49688 | Malicious code in yuni-bakwan55-sluey (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49687 | Malicious code in yuni-bakwan46-ruro (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49686 | Malicious code in yanti-ubi33-ruro (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49685 | Malicious code in yanti-tomat18-sukiwir (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49684 | Malicious code in yanti-takokak94-breki (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49683 | Malicious code in yanti-tahutek18-miaww (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49682 | Malicious code in yanti-tahu68-sukiwir (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49681 | Malicious code in yanti-tahu51-sukiwir (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49680 | Malicious code in yanti-tahu41-sukiwir (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49679 | Malicious code in yanti-tahu32-breki (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49678 | Malicious code in yanti-soto97-ruro (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49677 | Malicious code in yanti-semur43-ruro (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49676 | Malicious code in yanti-sate13-breki (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49675 | Malicious code in yanti-sasag6-sukiwir (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49674 | Malicious code in yanti-sasag23-riris (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49673 | Malicious code in yanti-sambel17-riris (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49672 | Malicious code in yanti-saguer17-ruro (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49671 | Malicious code in yanti-rujaksoto27-sluey (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49670 | Malicious code in yanti-ronde61-breki (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| mal-2025-49669 | Malicious code in yanti-rangi86-sluey (npm) | 2025-11-09T18:30:25Z | 2025-11-09T18:30:25Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| wid-sec-w-2025-2317 | Ubiquiti UniFi: Schwachstelle ermöglicht Ausführung von Debug-Funktionen | 2025-10-15T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2311 | Red Hat Enterprise Linux (libsoup3): Schwachstelle ermöglicht Offenlegung von Informationen | 2025-10-15T22:00:00.000+00:00 | 2025-10-23T22:00:00.000+00:00 |
| wid-sec-w-2025-2307 | Microsoft Windows: Mehrere Schwachstellen | 2025-10-14T22:00:00.000+00:00 | 2025-11-05T23:00:00.000+00:00 |
| wid-sec-w-2025-2301 | Red Hat Enterprise Linux: Mehrere Schwachstellen | 2025-10-14T22:00:00.000+00:00 | 2025-10-23T22:00:00.000+00:00 |
| wid-sec-w-2025-2275 | Mozilla Firefox: Mehrere Schwachstellen | 2025-10-14T22:00:00.000+00:00 | 2025-10-29T23:00:00.000+00:00 |
| wid-sec-w-2025-2274 | Veeam Backup & Replication: Mehrere Schwachstellen | 2025-10-13T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2272 | Moodle: Mehrere Schwachstellen | 2025-10-13T22:00:00.000+00:00 | 2025-10-23T22:00:00.000+00:00 |
| wid-sec-w-2025-2247 | Nvidia GPU Display Treiber: Mehrere Schwachstellen | 2025-10-08T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2228 | ESRI ArcGIS: Schwachstelle ermöglicht SQL injection | 2025-10-07T22:00:00.000+00:00 | 2025-10-22T22:00:00.000+00:00 |
| wid-sec-w-2025-2227 | Golang Go: Mehrere Schwachstellen | 2025-10-07T22:00:00.000+00:00 | 2025-10-29T23:00:00.000+00:00 |
| wid-sec-w-2025-2224 | Keycloak: Mehrere Schwachstellen | 2025-10-07T22:00:00.000+00:00 | 2025-10-23T22:00:00.000+00:00 |
| wid-sec-w-2025-2209 | HAProxy und HAProxy ALOHA: Schwachstelle ermöglicht Denial of Service | 2025-10-05T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2202 | fetchmail: Schwachstelle ermöglicht Denial of Service | 2025-10-05T22:00:00.000+00:00 | 2025-10-23T22:00:00.000+00:00 |
| wid-sec-w-2025-2198 | MediaWiki: Mehrere Schwachstellen | 2025-10-05T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2196 | Redis: Mehrere Schwachstellen | 2025-10-05T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2195 | Oracle E-Business Suite: Schwachstelle ermöglicht Codeausführung | 2025-10-05T22:00:00.000+00:00 | 2025-10-21T22:00:00.000+00:00 |
| wid-sec-w-2025-2187 | Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service | 2025-10-01T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2170 | Linux Kernel: Mehrere Schwachstellen | 2025-09-30T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2166 | OpenSSL und LibreSSL: Mehrere Schwachstellen | 2025-09-30T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2150 | Red Hat Enterprise Linux: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen | 2025-09-29T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2134 | Red Hat Enterprise Linux (Developer Hub): Schwachstelle ermöglicht Denial of Service | 2025-09-25T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2132 | Linux Kernel: Mehrere Schwachstellen | 2025-09-24T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2129 | GIMP: Mehrere Schwachstellen ermöglichen Codeausführung | 2025-09-24T22:00:00.000+00:00 | 2025-10-29T23:00:00.000+00:00 |
| wid-sec-w-2025-2126 | Drupal Module: Mehrere Schwachstellen | 2025-09-24T22:00:00.000+00:00 | 2025-10-29T23:00:00.000+00:00 |
| wid-sec-w-2025-2114 | Dell PowerEdge BIOS und iDRAC9: Schwachstelle ermöglicht Offenlegung von Informationen | 2025-09-23T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2110 | LibTiff: Schwachstelle ermöglicht Codeausführung | 2025-09-22T22:00:00.000+00:00 | 2025-10-29T23:00:00.000+00:00 |
| wid-sec-w-2025-2107 | Linux Kernel: Mehrere Schwachstellen | 2025-09-22T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2104 | WebKitGTK: Mehrere Schwachstellen | 2025-09-22T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2099 | Linux Kernel: Mehrere Schwachstellen | 2025-09-21T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| wid-sec-w-2025-2092 | Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service | 2025-09-18T22:00:00.000+00:00 | 2025-10-30T23:00:00.000+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:19835 | Red Hat Security Advisory: bind security update | 2025-11-06T01:58:21+00:00 | 2025-11-07T15:56:02+00:00 |
| rhsa-2025:19832 | Red Hat Security Advisory: Satellite 6.17.6 Async Update | 2025-11-05T23:49:21+00:00 | 2025-11-06T23:24:08+00:00 |
| rhsa-2025:19300 | Red Hat Security Advisory: OpenShift Container Platform 4.19.18 bug fix and security update | 2025-11-05T18:15:06+00:00 | 2025-11-06T23:42:43+00:00 |
| rhsa-2025:19807 | Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.7.1 release | 2025-11-05T14:26:13+00:00 | 2025-11-07T00:16:19+00:00 |
| rhsa-2025:19804 | Red Hat Security Advisory: RHACS 4.7.8 security and bug fix update | 2025-11-05T13:15:10+00:00 | 2025-11-07T16:34:44+00:00 |
| rhsa-2025:19800 | Red Hat Security Advisory: pcs security update | 2025-11-05T13:11:24+00:00 | 2025-11-06T23:42:50+00:00 |
| rhsa-2025:19313 | Red Hat Security Advisory: OpenShift Container Platform 4.17.43 bug fix and security update | 2025-11-05T12:26:14+00:00 | 2025-11-06T23:42:47+00:00 |
| rhsa-2025:19793 | Red Hat Security Advisory: bind9.16 security update | 2025-11-05T12:01:59+00:00 | 2025-11-07T15:56:03+00:00 |
| rhsa-2025:19314 | Red Hat Security Advisory: OpenShift Container Platform 4.17.43 bug fix and security update | 2025-11-05T11:57:29+00:00 | 2025-11-07T00:15:33+00:00 |
| rhsa-2025:19772 | Red Hat Security Advisory: qt6-qtsvg security update | 2025-11-05T07:46:09+00:00 | 2025-11-06T23:24:06+00:00 |
| rhsa-2025:19295 | Red Hat Security Advisory: OpenShift Container Platform 4.20.2 bug fix and security update | 2025-11-05T04:44:49+00:00 | 2025-11-06T23:42:43+00:00 |
| rhsa-2025:19736 | Red Hat Security Advisory: pcs security update | 2025-11-04T23:37:53+00:00 | 2025-11-06T23:42:50+00:00 |
| rhsa-2025:19734 | Red Hat Security Advisory: pcs security update | 2025-11-04T20:02:07+00:00 | 2025-11-06T23:42:49+00:00 |
| rhsa-2025:19731 | Red Hat Security Advisory: podman security update | 2025-11-04T19:52:32+00:00 | 2025-11-06T23:42:49+00:00 |
| rhsa-2025:19733 | Red Hat Security Advisory: pcs security update | 2025-11-04T19:51:12+00:00 | 2025-11-06T23:42:49+00:00 |
| rhsa-2025:19720 | Red Hat Security Advisory: libsoup3 security update | 2025-11-04T18:03:12+00:00 | 2025-11-06T23:42:49+00:00 |
| rhsa-2025:19721 | Red Hat Security Advisory: Satellite 6.18.0 new version release | 2025-11-04T17:34:02+00:00 | 2025-11-06T23:24:05+00:00 |
| rhsa-2025:19719 | Red Hat Security Advisory: pcs security update | 2025-11-04T17:06:17+00:00 | 2025-11-06T23:42:48+00:00 |
| rhsa-2025:19713 | Red Hat Security Advisory: libsoup security update | 2025-11-04T17:00:12+00:00 | 2025-11-07T18:35:59+00:00 |
| rhsa-2025:19714 | Red Hat Security Advisory: libsoup security update | 2025-11-04T15:37:57+00:00 | 2025-11-07T18:35:59+00:00 |
| rhsa-2025:19675 | Red Hat Security Advisory: valkey security update | 2025-11-04T14:45:57+00:00 | 2025-11-06T23:42:48+00:00 |
| rhsa-2025:19572 | Red Hat Security Advisory: mariadb:10.5 security update | 2025-11-04T12:42:56+00:00 | 2025-11-06T23:05:44+00:00 |
| rhsa-2025:19584 | Red Hat Security Advisory: galera and mariadb security update | 2025-11-04T11:50:06+00:00 | 2025-11-06T23:05:44+00:00 |
| rhsa-2025:19647 | Red Hat Security Advisory: pcs security update | 2025-11-04T11:19:06+00:00 | 2025-11-06T23:42:48+00:00 |
| rhsa-2025:19296 | Red Hat Security Advisory: OpenShift Container Platform 4.20.2 bug fix and security update | 2025-11-04T10:56:24+00:00 | 2025-11-06T23:42:43+00:00 |
| rhsa-2025:19610 | Red Hat Security Advisory: sssd security update | 2025-11-04T10:48:21+00:00 | 2025-11-07T19:42:27+00:00 |
| rhsa-2025:19623 | Red Hat Security Advisory: xorg-x11-server-Xwayland update | 2025-11-04T10:35:41+00:00 | 2025-11-06T23:42:48+00:00 |
| rhsa-2025:19594 | Red Hat Security Advisory: osbuild-composer security update | 2025-11-04T08:51:51+00:00 | 2025-11-07T16:34:48+00:00 |
| rhsa-2025:19601 | Red Hat Security Advisory: git security update | 2025-11-04T08:15:41+00:00 | 2025-11-06T22:35:30+00:00 |
| rhsa-2025:19566 | Red Hat Security Advisory: osbuild-composer security update | 2025-11-04T04:48:55+00:00 | 2025-11-07T16:34:43+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2025-61102 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_adj_sid function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. | 2025-10-02T00:00:00.000Z | 2025-10-31T01:11:15.000Z |
| msrc_cve-2025-61101 | FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the show_vty_ext_link_rmt_itf_addr function at ospf_ext.c. This vulnerability allows attackers to cause a Denial of Service (DoS) via a crafted OSPF packet. | 2025-10-02T00:00:00.000Z | 2025-11-02T01:02:28.000Z |
| msrc_cve-2025-61100 | FRRouting/frr from v2.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the ospf_opaque_lsa_dump function at ospf_opaque.c. This vulnerability allows attackers to cause a Denial of Service (DoS) under specific malformed LSA conditions. | 2025-10-02T00:00:00.000Z | 2025-11-02T01:02:36.000Z |
| msrc_cve-2025-59530 | quic-go has Client Crash Due to Premature HANDSHAKE_DONE Frame | 2025-10-02T00:00:00.000Z | 2025-10-25T14:01:47.000Z |
| msrc_cve-2025-58189 | ALPN negotiation error contains attacker controlled information in crypto/tls | 2025-10-02T00:00:00.000Z | 2025-10-31T01:09:20.000Z |
| msrc_cve-2025-58188 | Panic when validating certificates with DSA public keys in crypto/x509 | 2025-10-02T00:00:00.000Z | 2025-10-31T01:08:48.000Z |
| msrc_cve-2025-58187 | Quadratic complexity when checking name constraints in crypto/x509 | 2025-10-02T00:00:00.000Z | 2025-10-31T01:08:15.000Z |
| msrc_cve-2025-58186 | Lack of limit when parsing cookies can cause memory exhaustion in net/http | 2025-10-02T00:00:00.000Z | 2025-10-31T01:06:39.000Z |
| msrc_cve-2025-58185 | Parsing DER payload can cause memory exhaustion in encoding/asn1 | 2025-10-02T00:00:00.000Z | 2025-10-31T01:06:07.000Z |
| msrc_cve-2025-58183 | Unbounded allocation when parsing GNU sparse map in archive/tar | 2025-10-02T00:00:00.000Z | 2025-10-31T01:04:32.000Z |
| msrc_cve-2025-53069 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Components Services). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-10-02T00:00:00.000Z | 2025-10-23T01:06:30.000Z |
| msrc_cve-2025-53062 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-10-02T00:00:00.000Z | 2025-10-23T01:06:15.000Z |
| msrc_cve-2025-53054 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | 2025-10-02T00:00:00.000Z | 2025-10-23T01:06:45.000Z |
| msrc_cve-2025-53053 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: DML). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server as well as unauthorized update, insert or delete access to some of MySQL Server accessible data. CVSS 3.1 Base Score 5.5 (Integrity and Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:L/A:H). | 2025-10-02T00:00:00.000Z | 2025-10-23T01:06:22.000Z |
| msrc_cve-2025-53045 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-10-02T00:00:00.000Z | 2025-10-23T01:06:38.000Z |
| msrc_cve-2025-53044 | Vulnerability in the MySQL Server product of Oracle MySQL (component: InnoDB). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-10-02T00:00:00.000Z | 2025-10-23T01:06:00.000Z |
| msrc_cve-2025-53042 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-10-02T00:00:00.000Z | 2025-10-23T01:05:53.000Z |
| msrc_cve-2025-53040 | Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 8.0.0-8.0.43, 8.4.0-8.4.6 and 9.0.0-9.4.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H). | 2025-10-02T00:00:00.000Z | 2025-10-23T01:06:07.000Z |
| msrc_cve-2025-49844 | Redis Lua Use-After-Free may lead to remote code execution | 2025-10-02T00:00:00.000Z | 2025-10-08T01:01:53.000Z |
| msrc_cve-2025-47912 | Insufficient validation of bracketed IPv6 hostnames in net/url | 2025-10-02T00:00:00.000Z | 2025-10-31T01:05:35.000Z |
| msrc_cve-2025-46819 | Redis is vulnerable to DoS via specially crafted LUA scripts | 2025-10-02T00:00:00.000Z | 2025-10-10T01:37:12.000Z |
| msrc_cve-2025-46818 | Redis: Authenticated users can execute LUA scripts as a different user | 2025-10-02T00:00:00.000Z | 2025-10-10T01:37:03.000Z |
| msrc_cve-2025-46817 | Lua library commands may lead to integer overflow and potential RCE | 2025-10-02T00:00:00.000Z | 2025-10-10T01:36:56.000Z |
| msrc_cve-2025-40780 | Cache poisoning due to weak PRNG | 2025-10-02T00:00:00.000Z | 2025-10-25T01:01:29.000Z |
| msrc_cve-2025-40778 | Cache poisoning attacks with unsolicited RRs | 2025-10-02T00:00:00.000Z | 2025-10-25T01:01:20.000Z |
| msrc_cve-2025-40106 | comedi: fix divide-by-zero in comedi_buf_munge() | 2025-10-02T00:00:00.000Z | 2025-11-01T01:02:23.000Z |
| msrc_cve-2025-40105 | vfs: Don't leak disconnected dentries on umount | 2025-10-02T00:00:00.000Z | 2025-10-31T01:10:15.000Z |
| msrc_cve-2025-40104 | ixgbevf: fix mailbox API compatibility by negotiating supported features | 2025-10-02T00:00:00.000Z | 2025-10-31T01:09:36.000Z |
| msrc_cve-2025-40103 | smb: client: Fix refcount leak for cifs_sb_tlink | 2025-10-02T00:00:00.000Z | 2025-10-31T01:09:42.000Z |
| msrc_cve-2025-40102 | KVM: arm64: Prevent access to vCPU events before init | 2025-10-02T00:00:00.000Z | 2025-10-31T01:09:59.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| icsa-25-289-07 | Siemens SIMATIC ET 200SP Communication Processors | 2025-10-14T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-25-289-06 | Siemens SiPass | 2025-10-14T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-25-289-05 | Siemens Solid Edge | 2025-10-14T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-25-280-01 | Delta Electronics DIAScreen | 2025-10-07T06:00:00.000000Z | 2025-10-23T06:00:00.000000Z |
| icsa-25-289-11 | Hitachi Energy MACH GWS | 2025-09-30T12:50:29.000000Z | 2025-09-30T12:50:29.000000Z |
| icsa-25-259-01 | Schneider Electric Altivar products ATVdPAC module ILC992 InterLink Converter (Update A) | 2025-09-09T04:00:00.000000Z | 2025-10-14T07:00:00.000000Z |
| icsa-25-254-07 | Siemens User Management Component (UMC) | 2025-09-09T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-25-224-03 | Schneider Electric EcoStruxure Power Monitoring Expert | 2025-08-12T04:00:00.000000Z | 2025-10-14T07:00:00.000000Z |
| icsa-25-226-22 | Siemens Web Installer | 2025-08-12T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-25-226-18 | Siemens SIMOTION SCOUT, SIMOTION SCOUT TIA, and SINAMICS STARTER | 2025-08-12T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-25-226-11 | Siemens SIMATIC S7-PLCSIM | 2025-08-12T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-25-226-09 | Siemens RUGGEDCOM APE1808 | 2025-08-12T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-25-226-03 | Siemens Engineering Platforms | 2025-08-12T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-25-294-04 | Siemens RUGGEDCOM ROS Devices | 2025-07-08T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-25-162-02 | Siemens RUGGEDCOM APE1808 | 2025-06-10T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-25-148-01 | Siemens SiPass | 2025-05-23T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-25-140-08 | Schneider Electric Modicon Controllers (Update B) | 2025-05-13T04:00:00.000000Z | 2025-10-14T07:00:00.000000Z |
| icsa-25-135-09 | Siemens User Management Component (UMC) | 2025-05-13T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-25-037-02 | Schneider Electric EcoStruxure (Update C) | 2025-02-06T07:00:00.000000Z | 2025-10-23T06:00:00.000000Z |
| icsa-25-035-07 | Schneider Electric Pro-face GP-Pro EX and Remote HMI (Update A) | 2025-01-14T00:00:00.000000Z | 2025-09-09T04:00:00.000000Z |
| icsa-24-354-07 | Schneider Electric Modicon Controllers (Update A) | 2024-12-19T07:00:00.000000Z | 2025-10-21T06:00:00.000000Z |
| icsa-24-352-04 | Schneider Electric Modicon | 2024-12-10T05:00:00.000000Z | 2025-10-14T07:00:00.000000Z |
| icsa-24-284-10 | Siemens SIMATIC S7-1500 CPUs | 2024-10-08T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-24-284-01 | Siemens SIMATIC S7-1500 and S7-1200 CPUs | 2024-10-08T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-24-256-03 | Siemens User Management Component (UMC) | 2024-09-10T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-24-121-01 | Delta Electronics CNCSoft-G2 DOPSoft (Update A) | 2024-04-30T06:00:00.000000Z | 2025-10-16T06:00:00.000000Z |
| icsa-24-102-01 | Siemens SIMATIC S7-1500 | 2024-04-09T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-24-116-02 | Hitachi Energy MACH SCM (Update A) | 2024-03-26T11:32:43.000000Z | 2025-09-30T11:32:43.000000Z |
| icsa-24-102-08 | Siemens OPC Foundation Local Discovery Server Affecting Siemens Products | 2023-04-11T00:00:00.000000Z | 2025-09-09T00:00:00.000000Z |
| icsa-22-132-05 | Siemens Industrial PCs and CNC devices | 2022-05-12T00:00:00.000000Z | 2022-05-12T00:00:00.000000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2025-014105 | OMRON SOCIAL SOLUTIONS Uninterruptible Power Supply (UPS) management application registers a Windows service with an unquoted file path | 2025-09-19T16:21+09:00 | 2025-09-19T16:21+09:00 |
| jvndb-2025-014104 | Multiple vulnerabilities in I-O DATA wireless LAN routers | 2025-09-19T14:58+09:00 | 2025-09-19T14:58+09:00 |
| jvndb-2025-014081 | Multiple Brother and its OEM products with weak initial administrator passwords | 2025-09-19T10:52+09:00 | 2025-09-19T10:52+09:00 |
| jvndb-2025-000079 | UNIVERGE IX/IX-R/IX-V series routers provided by NEC Corporation vulnerable to cross-site scripting | 2025-09-18T17:43+09:00 | 2025-09-18T17:43+09:00 |
| jvndb-2025-000078 | Century HW RAID Manager registers a Windows service with an unquoted file path | 2025-09-17T13:45+09:00 | 2025-09-17T13:45+09:00 |
| jvndb-2025-000048 | WTW-EAGLE App vulnerable to improper server certificate validation | 2025-09-12T13:57+09:00 | 2025-09-12T13:57+09:00 |
| jvndb-2025-000077 | RICOH Streamline NX vulnerable to tampering with operation history | 2025-09-08T13:42+09:00 | 2025-09-24T16:53+09:00 |
| jvndb-2025-000072 | Obsidian GitHub Copilot Plugin stores sensitive information in cleartext | 2025-09-05T16:52+09:00 | 2025-09-05T16:52+09:00 |
| jvndb-2025-000073 | RATOC RAID Monitoring Manager for Windows registers a Windows service with an unquoted file path | 2025-09-05T16:20+09:00 | 2025-09-05T16:20+09:00 |
| jvndb-2025-000071 | "Yahoo! Shopping" App for Android fails to restrict custom URL schemes properly | 2025-09-05T15:12+09:00 | 2025-09-05T15:12+09:00 |
| jvndb-2025-000075 | Multiple vulnerabilities in TkEasyGUI | 2025-09-05T14:53+09:00 | 2025-09-05T14:53+09:00 |
| jvndb-2025-000069 | Web Caster V130 vulnerable to cross-site request forgery | 2025-09-03T14:23+09:00 | 2025-09-03T14:23+09:00 |
| jvndb-2025-000070 | "Gunosy" App vulnerable to insertion of sensitive information into sent data | 2025-09-02T14:20+09:00 | 2025-09-09T09:51+09:00 |
| jvndb-2025-000068 | Seiko Solutions SkyBridge BASIC MB-A130 vulnerable to OS command injection | 2025-09-01T16:21+09:00 | 2025-09-01T16:21+09:00 |
| jvndb-2025-012659 | Denial-of-service (DoS) vulnerability in Konica Minolta bizhub series | 2025-09-01T15:22+09:00 | 2025-09-01T15:22+09:00 |
| jvndb-2025-000067 | Multiple vulnerabilities in multiple iND products | 2025-08-29T14:47+09:00 | 2025-08-29T14:47+09:00 |
| jvndb-2025-000066 | Improper file access permission settings in multiple i-FILTER products | 2025-08-27T19:50+09:00 | 2025-09-29T13:45+09:00 |
| jvndb-2025-000064 | Multiple vulnerabilities in SS1 | 2025-08-27T15:13+09:00 | 2025-08-27T15:13+09:00 |
| jvndb-2025-000065 | ScanSnap Manager installers vulnerable to privilege escalation | 2025-08-27T14:22+09:00 | 2025-08-27T14:22+09:00 |
| jvndb-2025-000063 | Western Digital Kitfox registers a Windows service with an unquoted file path | 2025-08-22T13:37+09:00 | 2025-08-22T13:37+09:00 |
| jvndb-2025-000062 | Multiple vulnerabilities in Group-Office | 2025-08-21T14:03+09:00 | 2025-08-21T14:03+09:00 |
| jvndb-2025-011884 | FUJIFILM Healthcare Americas Synapse Mobility vulnerable to Privilege Escalation | 2025-08-21T11:49+09:00 | 2025-08-25T10:38+09:00 |
| jvndb-2025-000061 | Multiple vulnerabilities in Movable Type | 2025-08-20T15:30+09:00 | 2025-08-20T15:30+09:00 |
| jvndb-2025-000060 | PgManage vulnerable to injection | 2025-08-18T13:40+09:00 | 2025-08-18T13:40+09:00 |
| jvndb-2025-000059 | Seagate Toolkit registers a Windows service with an unquoted file path | 2025-08-14T12:32+09:00 | 2025-08-19T14:40+09:00 |
| jvndb-2025-000058 | WordPress plugin "Advanced Custom Fields" vulnerable to HTML injection | 2025-08-08T15:29+09:00 | 2025-08-08T15:29+09:00 |
| jvndb-2025-010972 | Multiple SEIKO EPSON products use weak initial passwords | 2025-08-08T14:50+09:00 | 2025-08-08T14:50+09:00 |
| jvndb-2025-000057 | Multiple vulnerabilities in Mubit Powered BLUE 870 | 2025-08-08T14:47+09:00 | 2025-08-08T14:47+09:00 |
| jvndb-2025-010854 | Trend Micro Endpoint security products for enterprises vulnerable to multiple OS command injection | 2025-08-07T12:25+09:00 | 2025-08-19T11:36+09:00 |
| jvndb-2025-000056 | Multiple vulnerabilities in Sato label printers CL4/6NX Plus and CL4/6NX-J Plus series | 2025-08-06T16:38+09:00 | 2025-08-06T16:38+09:00 |
| ID | Description | Updated |
|---|