Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-v97f-7x7p-g6cq | When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join … | 2025-10-31T21:31:03Z | 2025-10-31T21:31:03Z |
| ghsa-v5f8-739h-c48v | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in… | 2025-10-31T21:31:03Z | 2025-11-03T15:30:28Z |
| ghsa-mm48-wj9h-vg49 | Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to … | 2025-10-31T21:31:03Z | 2025-10-31T21:31:03Z |
| ghsa-mjjp-hj57-wv6f | Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate… | 2025-10-31T21:31:03Z | 2025-11-03T21:34:41Z |
| ghsa-jvj5-h296-c727 | ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target u… | 2025-10-31T21:31:03Z | 2025-10-31T21:31:03Z |
| ghsa-h44w-7xj6-f9qp | Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a Slowloris… | 2025-10-31T21:31:03Z | 2025-10-31T21:31:03Z |
| ghsa-65x3-jm69-w8w4 | Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient se… | 2025-10-31T21:31:03Z | 2025-10-31T21:31:03Z |
| ghsa-5858-fx7f-5pv5 | Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the… | 2025-10-31T21:31:03Z | 2025-11-03T15:30:28Z |
| ghsa-3p95-q82m-f2fv | ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denia… | 2025-10-31T21:31:03Z | 2025-10-31T21:31:03Z |
| ghsa-q285-wfpg-93hr | Liferay Portal and DXP affected by multiple cross-site scripting (XSS) vulnerabilities in web conte… | 2025-10-31T21:31:02Z | 2025-11-03T20:16:18Z |
| ghsa-9wg9-fwv6-cgcr | ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in t… | 2025-10-31T21:31:02Z | 2025-10-31T21:31:02Z |
| ghsa-4vfm-59fx-r7h5 | A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affe… | 2025-10-31T21:31:02Z | 2025-10-31T21:31:02Z |
| ghsa-34j9-6jj5-p9gw | A vulnerability was determined in LogicalDOC Community Edition up to 9.2.1. This affects an unknown… | 2025-10-31T21:31:02Z | 2025-10-31T21:31:02Z |
| ghsa-vw84-hprm-cxmm | Agno session state overwrites between different sessions/users | 2025-10-31T21:24:53Z | 2025-10-31T21:24:53Z |
| ghsa-vc2m-m665-8xm2 | If the value passed to os.path.expandvars() is user-controlled a performance degradation is possib… | 2025-10-31T18:31:15Z | 2025-10-31T18:31:15Z |
| ghsa-v656-w32r-m2jg | Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff pa… | 2025-10-31T18:31:15Z | 2025-11-03T15:30:28Z |
| ghsa-rw7q-hr3r-j4gq | Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff p… | 2025-10-31T18:31:15Z | 2025-11-03T15:30:28Z |
| ghsa-q3f3-7cv5-44xh | Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g pa… | 2025-10-31T18:31:15Z | 2025-11-03T15:30:28Z |
| ghsa-pxjv-7jrp-fcxj | Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g pa… | 2025-10-31T18:31:15Z | 2025-11-03T15:30:28Z |
| ghsa-pqmg-g7j2-2x57 | Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid param… | 2025-10-31T18:31:15Z | 2025-10-31T21:31:01Z |
| ghsa-h69g-qfwq-m8hr | Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g pa… | 2025-10-31T18:31:15Z | 2025-11-03T15:30:28Z |
| ghsa-c3qq-7mg6-6r2x | Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid param… | 2025-10-31T18:31:15Z | 2025-10-31T21:31:01Z |
| ghsa-2j97-4jmq-c4xf | Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter | 2025-10-31T18:31:15Z | 2025-10-31T21:25:36Z |
| ghsa-rrq3-qv5p-cxvg | Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | 2025-10-31T18:31:14Z | 2025-11-10T15:31:04Z |
| ghsa-r4f3-5wj3-vm92 | On a client with an admin user, a Global_Shipping script can be implemented. The script could later… | 2025-10-31T18:31:14Z | 2025-10-31T18:31:14Z |
| ghsa-pw8q-qg9v-4xmc | Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the http_host … | 2025-10-31T18:31:14Z | 2025-10-31T21:31:01Z |
| ghsa-jmh2-7qxm-5hfc | Incorrect access control in the realtime.cgi endpoint of Deep Sea Electronics devices DSE855 v1.1.0… | 2025-10-31T18:31:14Z | 2025-10-31T21:31:01Z |
| ghsa-g78v-rm2r-hxw5 | Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the password p… | 2025-10-31T18:31:14Z | 2025-11-03T15:30:28Z |
| ghsa-cfx8-xj8g-9hv3 | By manipulating the Signal Level Attenuation Characterization (SLAC) protocol with spoofed measure… | 2025-10-31T18:31:14Z | 2025-10-31T18:31:14Z |
| ghsa-9wxc-6566-9fgm | Authentication bypass by spoofing in Microsoft Configuration Manager allows an authorized attacker … | 2025-10-31T18:31:14Z | 2025-10-31T18:31:14Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-12619 | Tenda A15 openNetworkGateway fromSetWirelessRepeat buf… |
Tenda |
A15 |
2025-11-03T07:02:11.692Z | 2025-11-03T16:06:25.502Z | |
| cve-2025-12503 | 7.1 (v4.0) 6.5 (v3.1) | Digiwin|EasyFlow .NET and EasyFlow AiNet |
Digiwin |
EasyFlow .NET |
2025-11-03T06:51:55.994Z | 2025-11-03T13:48:19.281Z |
| cve-2025-12618 | Tenda AC8 DatabaseIniSet buffer overflow |
Tenda |
AC8 |
2025-11-03T06:32:13.198Z | 2025-11-03T06:32:13.198Z | |
| cve-2025-12617 | itsourcecode Billing System login_crud.php sql injection |
itsourcecode |
Billing System |
2025-11-03T04:32:08.832Z | 2025-11-03T16:08:24.049Z | |
| cve-2025-12616 | PHPGurukul News Portal settings.py insertion of sensit… |
PHPGurukul |
News Portal |
2025-11-03T04:02:06.308Z | 2025-11-03T20:34:35.281Z | |
| cve-2025-12615 | PHPGurukul News Portal settings.py hard-coded key |
PHPGurukul |
News Portal |
2025-11-03T03:32:06.859Z | 2025-11-03T20:35:20.857Z | |
| cve-2025-12614 | SourceCodester Best House Rental Management System adm… |
SourceCodester |
Best House Rental Management System |
2025-11-03T03:02:06.312Z | 2025-11-03T14:04:22.875Z | |
| cve-2025-12612 | Campcodes School Fees Payment Management System ajax.p… |
Campcodes |
School Fees Payment Management System |
2025-11-03T02:32:06.745Z | 2025-11-12T12:37:26.335Z | |
| cve-2025-12611 | Tenda AC21 SetPptpServerCfg formSetPPTPServer buffer o… |
Tenda |
AC21 |
2025-11-03T02:02:09.734Z | 2025-11-03T14:26:36.736Z | |
| cve-2025-12610 | CodeAstro Gym Management System view-progress-report.p… |
CodeAstro |
Gym Management System |
2025-11-03T01:32:06.052Z | 2025-11-03T14:40:24.631Z | |
| cve-2025-12609 | CodeAstro Gym Management System update-progress.php sq… |
CodeAstro |
Gym Management System |
2025-11-03T01:02:06.847Z | 2025-11-03T14:57:00.643Z | |
| cve-2025-12608 | itsourcecode Online Loan Management System manage_user… |
itsourcecode |
Online Loan Management System |
2025-11-03T00:32:06.062Z | 2025-11-03T15:00:44.154Z | |
| cve-2025-12607 | itsourcecode Online Loan Management System manage_paym… |
itsourcecode |
Online Loan Management System |
2025-11-03T00:02:07.039Z | 2025-11-03T14:14:23.841Z | |
| cve-2025-63593 | N/A | Grav CMS1.7.49.5 is vulnerable to Cross Site Scri… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-06T21:23:51.993Z |
| cve-2025-63453 | N/A | Car-Booking-System-PHP v.1.0 is vulnerable to SQL… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-04T15:17:10.366Z |
| cve-2025-63452 | N/A | Car-Booking-System-PHP v.1.0 is vulnerable to SQL… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T18:22:36.129Z |
| cve-2025-63451 | N/A | Car-Booking-System-PHP v.1.0 is vulnerable to SQL… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T16:21:56.583Z |
| cve-2025-63450 | N/A | Car-Booking-System-PHP v.1.0 is vulnerable to Cro… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:59:08.257Z |
| cve-2025-63449 | N/A | Water Management System v1.0 is vulnerable to Cro… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:46:02.916Z |
| cve-2025-63448 | N/A | Water Management System v1.0 is vulnerable to Cro… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:36:31.559Z |
| cve-2025-63447 | N/A | Water Management System v1.0 is vulnerable to Cro… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:40:14.731Z |
| cve-2025-63446 | N/A | Water Management System v1.0 is vulnerable to Cro… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:41:54.899Z |
| cve-2025-63443 | N/A | School Management System PHP v1.0 is vulnerable t… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:27:54.185Z |
| cve-2025-63442 | N/A | Simple User Management System with PHP-MySQL v1.0… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:34:39.978Z |
| cve-2025-63441 | N/A | Open Source Social Network (OSSN) 8.6 is vulnerab… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T18:14:49.817Z |
| cve-2025-63293 | N/A | FairSketch Rise Ultimate Project Manager & CRM 3.… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T20:48:19.963Z |
| cve-2025-60892 | N/A | An issue in Raspberry Pi Imager version 1.9.6 for… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T21:00:06.573Z |
| cve-2025-60785 | N/A | A remote code execution (RCE) vulnerability in th… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-04T15:14:25.905Z |
| cve-2025-60503 | N/A | A cross-site scripting (XSS) vulnerability exists… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T16:35:11.605Z |
| cve-2025-50735 | N/A | Directory traversal vulnerability in NextChat thr… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T20:11:16.719Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-63593 | N/A | Grav CMS1.7.49.5 is vulnerable to Cross Site Scri… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-06T21:23:51.993Z |
| cve-2025-50735 | N/A | Directory traversal vulnerability in NextChat thr… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T20:11:16.719Z |
| cve-2025-12642 | 6.9 (v4.0) | HTTP Header Smuggling via Trailer Merge |
lighttpd |
lighttpd |
2025-11-03T19:36:17.011Z | 2025-11-03T19:44:09.174Z |
| cve-2025-12531 | 7.1 (v3.1) | IBM InfoSphere Information Server is affected by an XM… |
IBM |
InfoSphere Information Server |
2025-11-03T19:47:40.992Z | 2025-11-03T20:15:28.986Z |
| cve-2025-8558 | 2.3 (v4.0) | Insider Threat Management (ITM) Server versions p… |
Proofpoint |
Insider Threat Management (ITM) Server |
2025-11-03T18:40:03.946Z | 2025-11-03T19:03:11.645Z |
| cve-2025-45959 | N/A | {'providerMetadata': {'orgId': '8254265b-2729-46b6-b9e3-3dfca2d5bfca', 'shortName': 'mitre', 'dateUpdated': '2025-11-03T17:14:46.533Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'DO NOT USE THIS CVE RECORD. ConsultIDs: none. Reason: This record was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none.'}]} | N/A | N/A | 2025-11-03T17:14:46.533Z | |
| cve-2025-63441 | N/A | Open Source Social Network (OSSN) 8.6 is vulnerab… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T18:14:49.817Z |
| cve-2025-50363 | N/A | Phpgurukul Maid Hiring Management System 1.0 is v… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T18:33:15.550Z |
| cve-2025-12463 | 9.8 (v3.1) | Unauthenticated SQL Injection in Guetebruck G-Cam Seri… |
Guetebruck |
G-Cam |
2025-11-03T16:45:39.423Z | 2025-11-03T20:51:37.271Z |
| cve-2025-11953 | 9.8 (v3.1) | Command injection in React Native Community CLI allows… |
|
|
2025-11-03T16:35:07.168Z | 2025-11-11T17:06:16.919Z |
| cve-2025-10280 | 7.1 (v3.1) | Incorrect Content Type Cross-Site Scripting Vulnerability |
SailPoint Technologies |
IdentityIQ |
2025-11-03T16:35:56.241Z | 2025-11-06T20:45:31.741Z |
| cve-2025-63453 | N/A | Car-Booking-System-PHP v.1.0 is vulnerable to SQL… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-04T15:17:10.366Z |
| cve-2025-63452 | N/A | Car-Booking-System-PHP v.1.0 is vulnerable to SQL… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T18:22:36.129Z |
| cve-2025-63451 | N/A | Car-Booking-System-PHP v.1.0 is vulnerable to SQL… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T16:21:56.583Z |
| cve-2025-63450 | N/A | Car-Booking-System-PHP v.1.0 is vulnerable to Cro… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:59:08.257Z |
| cve-2025-63449 | N/A | Water Management System v1.0 is vulnerable to Cro… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:46:02.916Z |
| cve-2025-63448 | N/A | Water Management System v1.0 is vulnerable to Cro… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:36:31.559Z |
| cve-2025-63447 | N/A | Water Management System v1.0 is vulnerable to Cro… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:40:14.731Z |
| cve-2025-63446 | N/A | Water Management System v1.0 is vulnerable to Cro… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:41:54.899Z |
| cve-2025-60785 | N/A | A remote code execution (RCE) vulnerability in th… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-04T15:14:25.905Z |
| cve-2025-60503 | N/A | A cross-site scripting (XSS) vulnerability exists… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T16:35:11.605Z |
| cve-2025-36093 | 4.8 (v3.1) | security vulnerabilities are addressed with IBM Busine… |
IBM |
Cloud Pak For Business Automation |
2025-11-03T15:54:30.869Z | 2025-11-03T16:25:26.455Z |
| cve-2025-36092 | 6.5 (v3.1) | IBM Business Automation Insights improper input validation |
IBM |
Cloud Pak For Business Automation |
2025-11-03T15:15:43.546Z | 2025-11-03T15:35:59.011Z |
| cve-2025-36091 | 4.3 (v3.1) | IBM Business Automation Insights unverified ownership |
IBM |
Cloud Pak For Business Automation |
2025-11-03T15:14:02.557Z | 2025-11-03T15:37:32.628Z |
| cve-2025-11761 | 8.5 (v4.0) | HP Client Management Script Library – Security Update |
HP Inc |
HP Client Management Script Library |
2025-11-03T15:13:39.263Z | 2025-11-04T04:55:15.307Z |
| cve-2025-8900 | Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation |
dreamstechnologies |
Doccure Core |
2025-11-03T14:26:38.140Z | 2025-11-03T14:42:18.817Z | |
| cve-2025-63443 | N/A | School Management System PHP v1.0 is vulnerable t… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:27:54.185Z |
| cve-2025-63442 | N/A | Simple User Management System with PHP-MySQL v1.0… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:34:39.978Z |
| cve-2025-60892 | N/A | An issue in Raspberry Pi Imager version 1.9.6 for… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T21:00:06.573Z |
| cve-2025-45663 | N/A | An issue in NetSurf v3.11 causes the application … |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-04T16:51:18.960Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-188932 | Malicious code in public-atlas-europa-umbra (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188931 | Malicious code in psi-sudo-key-simulate-double (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188930 | Malicious code in psi-monitor-old-hot-dog (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188929 | Malicious code in proxy-rain-decode-xi-error (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188928 | Malicious code in proxy-process-rho-chi-web (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188927 | Malicious code in proxy-meta-pi-theta-bad (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188926 | Malicious code in proxy-interface-visualize-thread-psi (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188925 | Malicious code in proxy-encode-cache-easy-delta (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188924 | Malicious code in proxy-decrypt-bad-byte-cat (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188923 | Malicious code in proxy-cache-beta-iota-water (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188922 | Malicious code in proxima-uglify-js-biomimicry-quasar (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188921 | Malicious code in proxima-thermosphere-weywot-websockets (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188920 | Malicious code in proxima-spawn-mongoose-brane (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188919 | Malicious code in proxima-shelljs-spinner-brane (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188918 | Malicious code in proxima-sequelize-miranda-chalk (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188917 | Malicious code in proxima-ophiuchus-geckodriver-html-webpack-plugin (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188916 | Malicious code in proxima-nightmare-postgres-seismology (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188915 | Malicious code in proxima-neptune-altair-neptune (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188914 | Malicious code in proxima-kronos-charon-membrane (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188913 | Malicious code in proxima-hugo-pm2-phoebe (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188912 | Malicious code in proxima-farout-react-bootstrap-puppeteer (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188911 | Malicious code in proxima-dotenv-safe-carpo-release-it (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188910 | Malicious code in proxima-dagda-tethys-vuepress (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188909 | Malicious code in proxima-cli-galaxy-eslint (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188908 | Malicious code in proxima-bootes-library-halley (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188907 | Malicious code in proxima-auth0-eventhoriz-miranda (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188906 | Malicious code in proxima-antimatter-express-redis (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188905 | Malicious code in proxima-aether-quasar-xml (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188904 | Malicious code in protractor-xenos-aurora-holography (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188903 | Malicious code in protractor-wezen-repository-quantum (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:9166 | Red Hat Security Advisory: apache-commons-beanutils security update | 2025-06-17T09:07:56+00:00 | 2025-11-11T16:22:13+00:00 |
| rhsa-2025:9162 | Red Hat Security Advisory: gimp security update | 2025-06-17T09:03:12+00:00 | 2025-11-06T23:43:07+00:00 |
| rhsa-2025:9156 | Red Hat Security Advisory: golang-github-openprinting-ipp-usb security update | 2025-06-17T07:33:41+00:00 | 2025-11-13T16:51:42+00:00 |
| rhsa-2025:9155 | Red Hat Security Advisory: firefox security update | 2025-06-17T07:14:41+00:00 | 2025-11-06T23:43:07+00:00 |
| rhsa-2025:9142 | Red Hat Security Advisory: container-tools:rhel8 security update | 2025-06-17T01:44:45+00:00 | 2025-11-13T16:51:41+00:00 |
| rhsa-2025:9144 | Red Hat Security Advisory: podman security update | 2025-06-17T01:43:10+00:00 | 2025-11-13T16:51:38+00:00 |
| rhsa-2025:9147 | Red Hat Security Advisory: buildah security update | 2025-06-17T01:42:15+00:00 | 2025-11-13T16:51:40+00:00 |
| rhsa-2025:9150 | Red Hat Security Advisory: gvisor-tap-vsock security update | 2025-06-17T01:42:05+00:00 | 2025-11-13T16:51:42+00:00 |
| rhsa-2025:9145 | Red Hat Security Advisory: skopeo security update | 2025-06-17T01:32:16+00:00 | 2025-11-13T16:51:40+00:00 |
| rhsa-2025:9151 | Red Hat Security Advisory: gvisor-tap-vsock security update | 2025-06-17T01:15:55+00:00 | 2025-11-13T16:51:42+00:00 |
| rhsa-2025:9143 | Red Hat Security Advisory: containernetworking-plugins security update | 2025-06-17T00:51:00+00:00 | 2025-11-13T16:51:38+00:00 |
| rhsa-2025:9149 | Red Hat Security Advisory: skopeo security update | 2025-06-17T00:49:35+00:00 | 2025-11-13T16:51:41+00:00 |
| rhsa-2025:9146 | Red Hat Security Advisory: podman security update | 2025-06-17T00:49:05+00:00 | 2025-11-13T16:51:40+00:00 |
| rhsa-2025:9148 | Red Hat Security Advisory: buildah security update | 2025-06-17T00:46:15+00:00 | 2025-11-13T16:51:41+00:00 |
| rhsa-2025:9136 | Red Hat Security Advisory: Red Hat OpenShift for Windows Containers 10.16.2 product release | 2025-06-16T18:32:02+00:00 | 2025-11-13T16:47:03+00:00 |
| rhsa-2025:9122 | Red Hat Security Advisory: libvpx security update | 2025-06-16T16:50:44+00:00 | 2025-11-06T23:43:05+00:00 |
| rhsa-2025:9126 | Red Hat Security Advisory: libvpx security update | 2025-06-16T16:48:24+00:00 | 2025-11-06T23:43:06+00:00 |
| rhsa-2025:9124 | Red Hat Security Advisory: libvpx security update | 2025-06-16T16:46:59+00:00 | 2025-11-06T23:43:05+00:00 |
| rhsa-2025:9125 | Red Hat Security Advisory: libvpx security update | 2025-06-16T16:43:50+00:00 | 2025-11-06T23:43:05+00:00 |
| rhsa-2025:9123 | Red Hat Security Advisory: libvpx security update | 2025-06-16T16:39:24+00:00 | 2025-11-06T23:43:07+00:00 |
| rhsa-2025:9127 | Red Hat Security Advisory: libvpx security update | 2025-06-16T16:28:19+00:00 | 2025-11-06T23:43:06+00:00 |
| rhsa-2025:9128 | Red Hat Security Advisory: libvpx security update | 2025-06-16T16:26:23+00:00 | 2025-11-06T23:43:07+00:00 |
| rhsa-2025:9119 | Red Hat Security Advisory: libvpx security update | 2025-06-16T16:25:35+00:00 | 2025-11-06T23:43:04+00:00 |
| rhsa-2025:9120 | Red Hat Security Advisory: libvpx security update | 2025-06-16T16:04:24+00:00 | 2025-11-06T23:43:06+00:00 |
| rhsa-2025:9118 | Red Hat Security Advisory: libvpx security update | 2025-06-16T15:46:24+00:00 | 2025-11-06T23:43:04+00:00 |
| rhsa-2025:9117 | Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.22 security update | 2025-06-16T15:03:56+00:00 | 2025-11-11T06:43:53+00:00 |
| rhsa-2025:9115 | Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.4.22 security update | 2025-06-16T15:03:42+00:00 | 2025-11-11T16:22:06+00:00 |
| rhsa-2025:9114 | Red Hat Security Advisory: apache-commons-beanutils security update | 2025-06-16T14:55:14+00:00 | 2025-11-11T16:22:14+00:00 |
| rhsa-2025:9106 | Red Hat Security Advisory: git-lfs security update | 2025-06-16T14:44:50+00:00 | 2025-11-13T16:51:38+00:00 |
| rhsa-2025:9102 | Red Hat Security Advisory: RHOAI 2.21.0 - Red Hat OpenShift AI | 2025-06-16T11:02:42+00:00 | 2025-11-13T16:51:38+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2024-58095 | jfs: add check read-only before txBeginAnon() call | 2025-04-02T00:00:00.000Z | 2025-09-03T22:00:27.000Z |
| msrc_cve-2024-58093 | PCI/ASPM: Fix link state exit during switch upstream function removal | 2025-04-02T00:00:00.000Z | 2025-09-04T01:16:43.000Z |
| msrc_cve-2024-56406 | Perl is vulnerable to a heap buffer overflow when transliterating non-ASCII bytes | 2025-04-02T00:00:00.000Z | 2025-04-19T00:00:00.000Z |
| msrc_cve-2024-52981 | An issue was discovered in Elasticsearch, where a large recursion using the Well-KnownText formatted string with nested GeometryCollection objects could cause a stackoverflow. | 2025-04-02T00:00:00.000Z | 2025-09-03T22:38:10.000Z |
| msrc_cve-2024-52980 | Elasticsearch Uncontrolled Resource Consumption vulnerability | 2025-04-02T00:00:00.000Z | 2025-09-03T22:42:44.000Z |
| msrc_cve-2024-11235 | Reference counting in php_request_shutdown causes Use-After-Free | 2025-04-02T00:00:00.000Z | 2025-09-03T22:31:40.000Z |
| msrc_cve-2023-25588 | Field `the_bfd` of `asymbol` is uninitialized in function `bfd_mach_o_get_synthetic_symtab` | 2025-04-02T00:00:00.000Z | 2025-04-26T00:00:00.000Z |
| msrc_cve-2023-25585 | Field `file_table` of `struct module *module` is uninitialized | 2025-04-02T00:00:00.000Z | 2025-04-26T00:00:00.000Z |
| msrc_cve-2023-25584 | Out of bounds read in parse_module function in bfd/vms-alpha.c | 2025-04-02T00:00:00.000Z | 2025-04-26T00:00:00.000Z |
| msrc_cve-2022-48716 | ASoC: codecs: wcd938x: fix incorrect used of portid | 2025-04-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-30348 | encodeText in QDom in Qt before 6.8.0 has a complex algorithm involving XML string copy and inline replacement of parts of a string (with relocation of later data). | 2025-03-02T00:00:00.000Z | 2025-07-11T00:00:00.000Z |
| msrc_cve-2025-30258 | In GnuPG before 2.5.5, if a user chooses to import a certificate with certain crafted subkey data that lacks a valid backsig or that has incorrect usage flags, the user loses the ability to verify signatures made from certain other signing keys, aka a "verification DoS." | 2025-03-02T00:00:00.000Z | 2025-09-04T03:09:31.000Z |
| msrc_cve-2025-30219 | RabbitMQ has XSS Vulnerability in an Error Message in Management UI | 2025-03-02T00:00:00.000Z | 2025-04-16T00:00:00.000Z |
| msrc_cve-2025-30211 | KEX init error results with excessive memory usage | 2025-03-02T00:00:00.000Z | 2025-04-11T00:00:00.000Z |
| msrc_cve-2025-30204 | jwt-go allows excessive memory allocation during header parsing | 2025-03-02T00:00:00.000Z | 2025-04-26T00:00:00.000Z |
| msrc_cve-2025-3010 | Khronos Group glslang Intermediate.cpp isConversionAllowed null pointer dereference | 2025-03-02T00:00:00.000Z | 2025-09-03T22:23:00.000Z |
| msrc_cve-2025-29923 | go-redis allows potential out of order responses when `CLIENT SETINFO` times out during connection establishment | 2025-03-02T00:00:00.000Z | 2025-04-01T00:00:00.000Z |
| msrc_cve-2025-29786 | Memory Exhaustion in Expr Parser with Unrestricted Input | 2025-03-02T00:00:00.000Z | 2025-04-08T00:00:00.000Z |
| msrc_cve-2025-29768 | Vim vulnerable to potential data loss with zip.vim and special crafted zip files | 2025-03-02T00:00:00.000Z | 2025-03-28T00:00:00.000Z |
| msrc_cve-2025-2953 | PyTorch torch.mkldnn_max_pool2d denial of service | 2025-03-02T00:00:00.000Z | 2025-07-11T00:00:00.000Z |
| msrc_cve-2025-2926 | HDF5 H5Ocache.c H5O__cache_chk_serialize null pointer dereference | 2025-03-02T00:00:00.000Z | 2025-09-03T21:23:41.000Z |
| msrc_cve-2025-2925 | HDF5 H5MM.c H5MM_realloc double free | 2025-03-02T00:00:00.000Z | 2025-09-03T21:20:49.000Z |
| msrc_cve-2025-2924 | HDF5 H5HLcache.c H5HL__fl_deserialize heap-based overflow | 2025-03-02T00:00:00.000Z | 2025-09-03T21:32:45.000Z |
| msrc_cve-2025-2923 | HDF5 H5Fint.c H5F_addr_encode_len heap-based overflow | 2025-03-02T00:00:00.000Z | 2025-09-03T21:29:24.000Z |
| msrc_cve-2025-2915 | HDF5 H5Faccum.c H5F__accum_free heap-based overflow | 2025-03-02T00:00:00.000Z | 2025-09-03T21:43:22.000Z |
| msrc_cve-2025-2914 | HDF5 H5FScache.c H5FS__sinfo_Srialize_Sct_cb heap-based overflow | 2025-03-02T00:00:00.000Z | 2025-09-03T21:36:46.000Z |
| msrc_cve-2025-2913 | HDF5 H5FL.c H5FL__blk_gc_list use after free | 2025-03-02T00:00:00.000Z | 2025-09-03T21:17:42.000Z |
| msrc_cve-2025-2912 | HDF5 H5Omessage.c H5O_msg_flush heap-based overflow | 2025-03-02T00:00:00.000Z | 2025-09-03T21:40:19.000Z |
| msrc_cve-2025-27810 | Mbed TLS before 2.28.10 and 3.x before 3.6.3, in some cases of failed memory allocation or hardware errors, uses uninitialized stack memory to compose the TLS Finished message, potentially leading to authentication bypasses such as replays. | 2025-03-02T00:00:00.000Z | 2025-09-03T22:17:37.000Z |
| msrc_cve-2025-27809 | Mbed TLS before 2.28.10 and 3.x before 3.6.3, on the client side, accepts servers that have trusted certificates for arbitrary hostnames unless the TLS client application calls mbedtls_ssl_set_hostname. | 2025-03-02T00:00:00.000Z | 2025-09-04T04:49:10.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2016-000209 | Cross-site request forgery vulnerability in WordPress plugin WP-OliveCart | 2016-10-20T14:22+09:00 | 2018-01-17T12:10+09:00 |
| jvndb-2016-000208 | Cross-site scripting vulnerability in WordPress plugin WP-OliveCart | 2016-10-20T14:22+09:00 | 2018-01-17T12:10+09:00 |
| jvndb-2016-000206 | Installer of Evernote for Windows may insecurely load Dynamic Link Libraries | 2016-10-19T15:32+09:00 | 2017-11-27T18:12+09:00 |
| jvndb-2016-000207 | The installer of e-Tax Software may insecurely load Dynamic Link Libraries | 2016-10-19T12:29+09:00 | 2018-01-17T11:48+09:00 |
| jvndb-2016-000168 | Toshiba FlashAir does not require authentication in "Internet pass-thru Mode" | 2016-10-12T10:03+09:00 | 2017-11-27T17:04+09:00 |
| jvndb-2016-000201 | SetucoCMS vulnerable to session management | 2016-10-07T15:04+09:00 | 2017-05-17T14:44+09:00 |
| jvndb-2016-000200 | SetucoCMS vulnerable to code injection | 2016-10-07T15:04+09:00 | 2017-05-17T14:44+09:00 |
| jvndb-2016-000199 | SetucoCMS vulnerable to denial-of-service (DoS) | 2016-10-07T15:04+09:00 | 2017-05-17T14:44+09:00 |
| jvndb-2016-000198 | SetucoCMS vulnerable to SQL injection | 2016-10-07T15:04+09:00 | 2017-05-17T14:44+09:00 |
| jvndb-2016-000197 | SetucoCMS vulnerable to cross-site scripting | 2016-10-07T15:04+09:00 | 2017-05-17T14:44+09:00 |
| jvndb-2016-000196 | SetucoCMS vulnerable to cross-site request forgery | 2016-10-07T15:04+09:00 | 2017-05-17T14:44+09:00 |
| jvndb-2016-000195 | Cryptography API: Next Generation (CNG) vulnerable to denial-of-service (DoS) | 2016-10-07T14:11+09:00 | 2016-10-07T14:11+09:00 |
| jvndb-2016-000202 | Usermin cross-site scripting vulnerabilties | 2016-10-07T13:50+09:00 | 2017-05-16T17:52+09:00 |
| jvndb-2016-000193 | Cybozu Office vulnerable to Reflected File Download (RFD) | 2016-10-03T15:47+09:00 | 2017-04-24T15:10+09:00 |
| jvndb-2016-000192 | Cybozu Office vulnerable to denial-of-service (DoS) | 2016-10-03T15:46+09:00 | 2017-04-24T15:10+09:00 |
| jvndb-2016-000191 | Cybozu Office vulnerable to information disclosure | 2016-10-03T15:43+09:00 | 2017-04-24T15:05+09:00 |
| jvndb-2016-000190 | Cybozu Office vulnerable to mail header injection | 2016-10-03T15:43+09:00 | 2017-04-24T15:05+09:00 |
| jvndb-2016-000189 | "Project" function in Cybozu Office vulnerable vulnerable to operation restriction bypass | 2016-10-03T15:43+09:00 | 2017-04-24T15:10+09:00 |
| jvndb-2016-000188 | Breadcrumb trail in Cybozu Office vulnerable vulnerable to browse restriction bypass | 2016-10-03T15:43+09:00 | 2017-04-24T15:10+09:00 |
| jvndb-2016-000187 | "Project" function in Cybozu Office vulnerable vulnerable to access restriction bypass | 2016-10-03T15:43+09:00 | 2017-04-24T15:05+09:00 |
| jvndb-2016-000186 | "Schedule" function in Cybozu Office vulnerable to cross-site scripting | 2016-10-03T15:43+09:00 | 2017-04-24T15:10+09:00 |
| jvndb-2016-000185 | "Project" function in Cybozu Office vulnerable to cross-site scripting | 2016-10-03T15:43+09:00 | 2017-04-24T15:05+09:00 |
| jvndb-2016-000184 | "Customapp" function in Cybozu Office vulnerable to cross-site scripting | 2016-10-03T15:43+09:00 | 2017-04-24T15:05+09:00 |
| jvndb-2016-000194 | Docomo L-04D mobile WiFi router vulnerable to cross-site request forgery | 2016-10-03T15:17+09:00 | 2018-01-17T11:53+09:00 |
| jvndb-2016-000183 | baserCMS plugin Uploader vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000182 | baserCMS plugin Mail vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000181 | baserCMS plugin Feed vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000180 | baserCMS plugin Blog vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000179 | baserCMS vulnerable to cross-site scripting | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000178 | baserCMS vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| ID | Description | Updated |
|---|