Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-pjq2-4h9c-99m5 | The WPCOM Member plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, … | 2025-11-01T03:30:23Z | 2025-11-01T03:30:23Z |
| ghsa-hvvw-vfw3-rmrq | The Inactive Logout plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'ina_… | 2025-11-01T03:30:23Z | 2025-11-01T03:30:23Z |
| ghsa-cq4p-v24g-p55q | The Document Library Lite plugin for WordPress is vulnerable to Improper Authorization in all versi… | 2025-11-01T03:30:23Z | 2025-11-01T03:30:23Z |
| ghsa-4jmj-6pw4-g738 | The Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages plugin… | 2025-11-01T03:30:23Z | 2025-11-01T03:30:23Z |
| ghsa-6533-fhr2-f38h | Liferay Portal and DXP use an incorrect cache-control header | 2025-11-01T00:30:27Z | 2025-11-03T20:26:10Z |
| ghsa-59fq-gggw-pqjr | A stack-based buffer overflow was found in the QEMU e1000 network device. The code for padding shor… | 2025-11-01T00:30:26Z | 2025-11-01T00:30:26Z |
| ghsa-v97f-7x7p-g6cq | When SmartStart Inclusion fails during the onboarding of a Z-Wave PIR sensor, the sensor will join … | 2025-10-31T21:31:03Z | 2025-10-31T21:31:03Z |
| ghsa-v5f8-739h-c48v | Tenda AX-3 v16.03.12.10_CN was discovered to contain a stack overflow via the deviceId parameter in… | 2025-10-31T21:31:03Z | 2025-11-03T15:30:28Z |
| ghsa-mm48-wj9h-vg49 | Protection mechanism failure in Microsoft Edge (Chromium-based) allows an unauthorized attacker to … | 2025-10-31T21:31:03Z | 2025-10-31T21:31:03Z |
| ghsa-mjjp-hj57-wv6f | Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 does not properly invalidate… | 2025-10-31T21:31:03Z | 2025-11-03T21:34:41Z |
| ghsa-jvj5-h296-c727 | ELOG allows an authenticated user to modify another user's profile. An attacker can edit a target u… | 2025-10-31T21:31:03Z | 2025-10-31T21:31:03Z |
| ghsa-h44w-7xj6-f9qp | Summer Pearl Group Vacation Rental Management Platform prior to 1.0.2 is susceptible to a Slowloris… | 2025-10-31T21:31:03Z | 2025-10-31T21:31:03Z |
| ghsa-65x3-jm69-w8w4 | Summer Pearl Group Vacation Rental Management Platform prior to v1.0.2 suffers from insufficient se… | 2025-10-31T21:31:03Z | 2025-10-31T21:31:03Z |
| ghsa-5858-fx7f-5pv5 | Tenda AX-1803 v1.0.0.1 was discovered to contain a stack overflow via the timeZone parameter in the… | 2025-10-31T21:31:03Z | 2025-11-03T15:30:28Z |
| ghsa-3p95-q82m-f2fv | ELOG allows an authenticated user to modify or overwrite the configuration file, resulting in denia… | 2025-10-31T21:31:03Z | 2025-10-31T21:31:03Z |
| ghsa-q285-wfpg-93hr | Liferay Portal and DXP affected by multiple cross-site scripting (XSS) vulnerabilities in web conte… | 2025-10-31T21:31:02Z | 2025-11-03T20:16:18Z |
| ghsa-9wg9-fwv6-cgcr | ELOG allows an authenticated user to upload arbitrary HTML files. The HTML content is executed in t… | 2025-10-31T21:31:02Z | 2025-10-31T21:31:02Z |
| ghsa-4vfm-59fx-r7h5 | A vulnerability was identified in LogicalDOC Community Edition up to 9.2.1. This vulnerability affe… | 2025-10-31T21:31:02Z | 2025-10-31T21:31:02Z |
| ghsa-34j9-6jj5-p9gw | A vulnerability was determined in LogicalDOC Community Edition up to 9.2.1. This affects an unknown… | 2025-10-31T21:31:02Z | 2025-10-31T21:31:02Z |
| ghsa-vw84-hprm-cxmm | Agno session state overwrites between different sessions/users | 2025-10-31T21:24:53Z | 2025-10-31T21:24:53Z |
| ghsa-vc2m-m665-8xm2 | If the value passed to os.path.expandvars() is user-controlled a performance degradation is possib… | 2025-10-31T18:31:15Z | 2025-10-31T18:31:15Z |
| ghsa-v656-w32r-m2jg | Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the wifiOff pa… | 2025-10-31T18:31:15Z | 2025-11-03T15:30:28Z |
| ghsa-rw7q-hr3r-j4gq | Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the wifiOff p… | 2025-10-31T18:31:15Z | 2025-11-03T15:30:28Z |
| ghsa-q3f3-7cv5-44xh | Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g pa… | 2025-10-31T18:31:15Z | 2025-11-03T15:30:28Z |
| ghsa-pxjv-7jrp-fcxj | Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g pa… | 2025-10-31T18:31:15Z | 2025-11-03T15:30:28Z |
| ghsa-pqmg-g7j2-2x57 | Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid param… | 2025-10-31T18:31:15Z | 2025-10-31T21:31:01Z |
| ghsa-h69g-qfwq-m8hr | Totolink A7000R v9.1.0u.6115_B20201022 was discovered to contain a stack overflow via the ssid5g pa… | 2025-10-31T18:31:15Z | 2025-11-03T15:30:28Z |
| ghsa-c3qq-7mg6-6r2x | Totolink LR350 v9.3.5u.6369_B20220309 was discovered to contain a stack overflow via the ssid param… | 2025-10-31T18:31:15Z | 2025-10-31T21:31:01Z |
| ghsa-2j97-4jmq-c4xf | Liferay Portal Vulnerable to Reflected XSS via the selectedLanguageId Parameter | 2025-10-31T18:31:15Z | 2025-10-31T21:25:36Z |
| ghsa-rrq3-qv5p-cxvg | Missing Security Headers.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | 2025-10-31T18:31:14Z | 2025-11-10T15:31:04Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-63448 | N/A | Water Management System v1.0 is vulnerable to Cro… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:36:31.559Z |
| cve-2025-63447 | N/A | Water Management System v1.0 is vulnerable to Cro… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:40:14.731Z |
| cve-2025-63446 | N/A | Water Management System v1.0 is vulnerable to Cro… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:41:54.899Z |
| cve-2025-63443 | N/A | School Management System PHP v1.0 is vulnerable t… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:27:54.185Z |
| cve-2025-63442 | N/A | Simple User Management System with PHP-MySQL v1.0… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:34:39.978Z |
| cve-2025-63441 | N/A | Open Source Social Network (OSSN) 8.6 is vulnerab… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T18:14:49.817Z |
| cve-2025-63293 | N/A | FairSketch Rise Ultimate Project Manager & CRM 3.… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T20:48:19.963Z |
| cve-2025-60892 | N/A | An issue in Raspberry Pi Imager version 1.9.6 for… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T21:00:06.573Z |
| cve-2025-60785 | N/A | A remote code execution (RCE) vulnerability in th… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-04T15:14:25.905Z |
| cve-2025-60503 | N/A | A cross-site scripting (XSS) vulnerability exists… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T16:35:11.605Z |
| cve-2025-50735 | N/A | Directory traversal vulnerability in NextChat thr… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T20:11:16.719Z |
| cve-2025-50363 | N/A | Phpgurukul Maid Hiring Management System 1.0 is v… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T18:33:15.550Z |
| cve-2025-45663 | N/A | An issue in NetSurf v3.11 causes the application … |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-04T16:51:18.960Z |
| cve-2025-29699 | N/A | NetSurf 3.11 is vulnerable to Use After Free in d… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-04T16:48:42.854Z |
| cve-2024-51317 | N/A | An issue in NetSurf v.3.11 allows a remote attack… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-04T16:46:04.739Z |
| cve-2025-12606 | itsourcecode Online Loan Management System manage_borr… |
itsourcecode |
Online Loan Management System |
2025-11-02T23:32:06.631Z | 2025-11-03T14:42:31.694Z | |
| cve-2025-12605 | itsourcecode Online Loan Management System manage_loan… |
itsourcecode |
Online Loan Management System |
2025-11-02T23:02:07.442Z | 2025-11-03T14:43:19.764Z | |
| cve-2025-12604 | itsourcecode Online Loan Management System load_fields… |
itsourcecode |
Online Loan Management System |
2025-11-02T21:32:06.054Z | 2025-11-03T14:44:06.472Z | |
| cve-2025-12598 | SourceCodester Best House Rental Management System adm… |
SourceCodester |
Best House Rental Management System |
2025-11-02T12:02:07.575Z | 2025-11-03T14:44:57.474Z | |
| cve-2025-12597 | SourceCodester Best House Rental Management System adm… |
SourceCodester |
Best House Rental Management System |
2025-11-02T11:32:06.558Z | 2025-11-03T14:45:32.495Z | |
| cve-2025-12596 | Tenda AC23 saveParentControlInfo buffer overflow |
Tenda |
AC23 |
2025-11-02T10:32:06.299Z | 2025-11-03T14:54:39.493Z | |
| cve-2025-12595 | Tenda AC23 SetVirtualServerCfg formSetVirtualSer buffe… |
Tenda |
AC23 |
2025-11-02T10:02:07.134Z | 2025-11-03T14:55:49.338Z | |
| cve-2025-12594 | code-projects Simple Online Hotel Reservation System a… |
code-projects |
Simple Online Hotel Reservation System |
2025-11-02T08:32:06.189Z | 2025-11-03T15:43:44.392Z | |
| cve-2025-12593 | code-projects Simple Online Hotel Reservation System P… |
code-projects |
Simple Online Hotel Reservation System |
2025-11-02T06:02:05.981Z | 2025-11-03T15:43:16.030Z | |
| cve-2025-12603 | 2.3 (v4.0) | /etc/timezone can be Arbitrarily Written |
Azure Access Technology |
BLU-IC2 |
2025-11-01T18:56:52.453Z | 2025-11-03T13:29:31.660Z |
| cve-2025-12602 | 2.3 (v4.0) | /etc/avahi/services/z9.service can be Arbitrarily Written |
Azure Access Technology |
BLU-IC2 |
2025-11-01T18:54:46.956Z | 2025-11-03T13:29:38.120Z |
| cve-2025-12601 | 10 (v4.0) | Denial of Service Due to SlowLoris |
Azure Access Technology |
BLU-IC2 |
2025-11-01T18:49:12.782Z | 2025-11-03T13:29:43.969Z |
| cve-2025-12600 | 10 (v4.0) | Web UI Malfunction |
Azure Access Technology |
BLU-IC2 |
2025-11-01T18:48:49.084Z | 2025-11-03T13:29:50.055Z |
| cve-2025-12599 | 10 (v4.0) | Multiple Devices are Sharing the Same Secrets for SDKS… |
Azure Access Technology |
BLU-IC2 |
2025-11-01T18:39:53.127Z | 2025-11-03T13:29:56.000Z |
| cve-2025-36367 | 8.8 (v3.1) | IBM i is affected by a privilege escalation in IBM i S… |
IBM |
i |
2025-11-01T12:01:31.137Z | 2025-11-04T04:55:13.395Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-63446 | N/A | Water Management System v1.0 is vulnerable to Cro… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:41:54.899Z |
| cve-2025-60785 | N/A | A remote code execution (RCE) vulnerability in th… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-04T15:14:25.905Z |
| cve-2025-60503 | N/A | A cross-site scripting (XSS) vulnerability exists… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T16:35:11.605Z |
| cve-2025-36093 | 4.8 (v3.1) | security vulnerabilities are addressed with IBM Busine… |
IBM |
Cloud Pak For Business Automation |
2025-11-03T15:54:30.869Z | 2025-11-03T16:25:26.455Z |
| cve-2025-36092 | 6.5 (v3.1) | IBM Business Automation Insights improper input validation |
IBM |
Cloud Pak For Business Automation |
2025-11-03T15:15:43.546Z | 2025-11-03T15:35:59.011Z |
| cve-2025-36091 | 4.3 (v3.1) | IBM Business Automation Insights unverified ownership |
IBM |
Cloud Pak For Business Automation |
2025-11-03T15:14:02.557Z | 2025-11-03T15:37:32.628Z |
| cve-2025-11761 | 8.5 (v4.0) | HP Client Management Script Library – Security Update |
HP Inc |
HP Client Management Script Library |
2025-11-03T15:13:39.263Z | 2025-11-04T04:55:15.307Z |
| cve-2025-8900 | Doccure Core < 1.5.4 - Unauthenticated Privilege Escalation |
dreamstechnologies |
Doccure Core |
2025-11-03T14:26:38.140Z | 2025-11-03T14:42:18.817Z | |
| cve-2025-63443 | N/A | School Management System PHP v1.0 is vulnerable t… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:27:54.185Z |
| cve-2025-63442 | N/A | Simple User Management System with PHP-MySQL v1.0… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T15:34:39.978Z |
| cve-2025-60892 | N/A | An issue in Raspberry Pi Imager version 1.9.6 for… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-03T21:00:06.573Z |
| cve-2025-45663 | N/A | An issue in NetSurf v3.11 causes the application … |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-04T16:51:18.960Z |
| cve-2025-29699 | N/A | NetSurf 3.11 is vulnerable to Use After Free in d… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-04T16:48:42.854Z |
| cve-2024-51317 | N/A | An issue in NetSurf v.3.11 allows a remote attack… |
n/a |
n/a |
2025-11-03T00:00:00.000Z | 2025-11-04T16:46:04.739Z |
| cve-2025-64294 | 5.3 (v3.1) | WordPress WP Snow Effect plugin <= 1.1.15 - Broken Acc… |
d3wp |
WP Snow Effect |
2025-11-03T13:09:39.398Z | 2025-11-13T10:33:49.360Z |
| cve-2025-40107 | N/A | can: hi311x: fix null pointer dereference when resumin… |
Linux |
Linux |
2025-11-03T12:15:12.587Z | 2025-11-03T12:15:12.587Z |
| cve-2025-12626 | jeecgboot jeewx-boot WxActGoldeneggsPrizesController.j… |
jeecgboot |
jeewx-boot |
2025-11-03T13:02:06.078Z | 2025-11-03T14:08:09.907Z | |
| cve-2025-0987 | 9.9 (v3.1) | IDOR in CB Project's CVLand |
CB Project Ltd. Co. |
CVLand |
2025-11-03T11:51:14.209Z | 2025-11-03T13:29:13.791Z |
| cve-2025-48397 | 7.1 (v3.1) | The privileged user could log in without sufficie… |
Eaton |
Eaton Brightlayer Software Suite (BLSS) |
2025-11-03T08:28:53.084Z | 2025-11-03T15:48:09.729Z |
| cve-2025-48396 | 8.3 (v3.1) | Arbitrary code execution is possible due to impro… |
Eaton |
Eaton Brightlayer Software Suite (BLSS) |
2025-11-03T07:57:22.765Z | 2025-11-04T10:44:25.658Z |
| cve-2025-12623 | fushengqian fuint Authentication Token ClientSignContr… |
fushengqian |
fuint |
2025-11-03T08:02:05.877Z | 2025-11-03T13:07:17.008Z | |
| cve-2025-12622 | Tenda AC10 SysRunCmd formSysRunCmd buffer overflow |
Tenda |
AC10 |
2025-11-03T07:32:13.624Z | 2025-11-03T16:06:54.102Z | |
| cve-2025-12619 | Tenda A15 openNetworkGateway fromSetWirelessRepeat buf… |
Tenda |
A15 |
2025-11-03T07:02:11.692Z | 2025-11-03T16:06:25.502Z | |
| cve-2025-12618 | Tenda AC8 DatabaseIniSet buffer overflow |
Tenda |
AC8 |
2025-11-03T06:32:13.198Z | 2025-11-03T06:32:13.198Z | |
| cve-2025-12503 | 7.1 (v4.0) 6.5 (v3.1) | Digiwin|EasyFlow .NET and EasyFlow AiNet |
Digiwin |
EasyFlow .NET |
2025-11-03T06:51:55.994Z | 2025-11-03T13:48:19.281Z |
| cve-2025-12617 | itsourcecode Billing System login_crud.php sql injection |
itsourcecode |
Billing System |
2025-11-03T04:32:08.832Z | 2025-11-03T16:08:24.049Z | |
| cve-2025-12616 | PHPGurukul News Portal settings.py insertion of sensit… |
PHPGurukul |
News Portal |
2025-11-03T04:02:06.308Z | 2025-11-03T20:34:35.281Z | |
| cve-2025-12615 | PHPGurukul News Portal settings.py hard-coded key |
PHPGurukul |
News Portal |
2025-11-03T03:32:06.859Z | 2025-11-03T20:35:20.857Z | |
| cve-2025-12614 | SourceCodester Best House Rental Management System adm… |
SourceCodester |
Best House Rental Management System |
2025-11-03T03:02:06.312Z | 2025-11-03T14:04:22.875Z | |
| cve-2025-12612 | Campcodes School Fees Payment Management System ajax.p… |
Campcodes |
School Fees Payment Management System |
2025-11-03T02:32:06.745Z | 2025-11-12T12:37:26.335Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-188905 | Malicious code in proxima-aether-quasar-xml (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188904 | Malicious code in protractor-xenos-aurora-holography (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188903 | Malicious code in protractor-wezen-repository-quantum (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188902 | Malicious code in protractor-stream-frontend-dynamo (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188901 | Malicious code in protractor-nightwatch-schema-bootstrap (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188900 | Malicious code in protractor-neptunology-less-grunt (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188899 | Malicious code in protractor-hercules-xenos-webdriverio (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188898 | Malicious code in protractor-farout-dorado-ariel (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188897 | Malicious code in protractor-eclipse-ini-subscription (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188896 | Malicious code in protractor-biotechnology-hercules-relay (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188895 | Malicious code in protoplanetarydisk-zenith-mysql-palynology (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188894 | Malicious code in protoplanetarydisk-thermochronology-zenobia-multiverse (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188893 | Malicious code in protoplanetarydisk-prettier-stylelint-jabbah-sagitta (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188892 | Malicious code in proteomics-zenobia-cosmology-quark (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188891 | Malicious code in proteomics-terraforming-exosphere-supernova (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188890 | Malicious code in proteomics-supernova-subduction-nightwatch (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188889 | Malicious code in proteomics-electron-triton-child-process (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188888 | Malicious code in protected-thread-cron-integer-alpha (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188887 | Malicious code in protected-table-sanitize-secure-void (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188886 | Malicious code in protected-reject-decrypt-bad-big (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188885 | Malicious code in protected-permission-table-warn-dog (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188884 | Malicious code in protected-old-compile-java-enum (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188883 | Malicious code in protected-link-fire-epsilon-await (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188882 | Malicious code in protected-cat-mu-file-async (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188881 | Malicious code in prosthetics-outercore-javascript-taphonomy (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188880 | Malicious code in prosthetics-local-canopus-uranology (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188879 | Malicious code in prosthetics-leda-mantle-deimos (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188878 | Malicious code in prosthetics-janus-cosmicray-spectron (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188877 | Malicious code in prosthetics-commitlint-astrobiology-io (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188876 | Malicious code in prompts-xanthus-blitz-eslint (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:9114 | Red Hat Security Advisory: apache-commons-beanutils security update | 2025-06-16T14:55:14+00:00 | 2025-11-11T16:22:14+00:00 |
| rhsa-2025:9106 | Red Hat Security Advisory: git-lfs security update | 2025-06-16T14:44:50+00:00 | 2025-11-13T16:51:38+00:00 |
| rhsa-2025:9102 | Red Hat Security Advisory: RHOAI 2.21.0 - Red Hat OpenShift AI | 2025-06-16T11:02:42+00:00 | 2025-11-13T16:51:38+00:00 |
| rhsa-2025:9080 | Red Hat Security Advisory: kernel security update | 2025-06-16T09:01:31+00:00 | 2025-11-11T09:14:51+00:00 |
| rhsa-2025:9079 | Red Hat Security Advisory: kernel security update | 2025-06-16T07:51:48+00:00 | 2025-11-11T08:38:23+00:00 |
| rhsa-2025:9078 | Red Hat Security Advisory: git-lfs security update | 2025-06-16T06:21:13+00:00 | 2025-11-13T16:51:37+00:00 |
| rhsa-2025:9072 | Red Hat Security Advisory: firefox security update | 2025-06-16T05:35:03+00:00 | 2025-11-06T23:43:01+00:00 |
| rhsa-2025:9071 | Red Hat Security Advisory: firefox security update | 2025-06-16T05:32:12+00:00 | 2025-11-06T23:43:01+00:00 |
| rhsa-2025:9077 | Red Hat Security Advisory: firefox security update | 2025-06-16T05:31:18+00:00 | 2025-11-06T23:43:03+00:00 |
| rhsa-2025:9074 | Red Hat Security Advisory: firefox security update | 2025-06-16T05:30:43+00:00 | 2025-11-06T23:43:02+00:00 |
| rhsa-2025:9073 | Red Hat Security Advisory: firefox security update | 2025-06-16T05:30:40+00:00 | 2025-11-06T23:43:04+00:00 |
| rhsa-2025:9076 | Red Hat Security Advisory: firefox security update | 2025-06-16T05:28:52+00:00 | 2025-11-06T23:43:05+00:00 |
| rhsa-2025:9075 | Red Hat Security Advisory: firefox security update | 2025-06-16T05:24:57+00:00 | 2025-11-06T23:43:02+00:00 |
| rhsa-2025:9070 | Red Hat Security Advisory: grafana security update | 2025-06-16T05:18:22+00:00 | 2025-11-13T16:51:36+00:00 |
| rhsa-2025:9068 | Red Hat Security Advisory: kpatch-patch-5_14_0-570_17_1 security update | 2025-06-16T01:52:52+00:00 | 2025-11-11T08:38:21+00:00 |
| rhsa-2025:9069 | Red Hat Security Advisory: go-toolset:rhel8 security update | 2025-06-16T01:51:52+00:00 | 2025-11-13T16:51:36+00:00 |
| rhsa-2025:9066 | Red Hat Security Advisory: .NET 8.0 security update | 2025-06-16T01:51:42+00:00 | 2025-11-11T10:13:33+00:00 |
| rhsa-2025:9060 | Red Hat Security Advisory: git-lfs security update | 2025-06-16T01:50:17+00:00 | 2025-11-13T16:51:33+00:00 |
| rhsa-2025:9065 | Red Hat Security Advisory: skopeo security update | 2025-06-16T01:50:12+00:00 | 2025-11-13T16:51:35+00:00 |
| rhsa-2025:9064 | Red Hat Security Advisory: podman security update | 2025-06-16T01:50:12+00:00 | 2025-11-13T16:51:36+00:00 |
| rhsa-2025:9067 | Red Hat Security Advisory: grafana-pcp security update | 2025-06-16T01:41:32+00:00 | 2025-11-13T16:51:36+00:00 |
| rhsa-2025:9062 | Red Hat Security Advisory: buildah security update | 2025-06-16T01:41:32+00:00 | 2025-11-13T16:51:34+00:00 |
| rhsa-2025:9061 | Red Hat Security Advisory: containernetworking-plugins security update | 2025-06-16T01:40:18+00:00 | 2025-11-13T16:51:33+00:00 |
| rhsa-2025:9063 | Red Hat Security Advisory: git-lfs security update | 2025-06-16T01:34:37+00:00 | 2025-11-13T16:51:34+00:00 |
| rhsa-2025:9059 | Red Hat Security Advisory: grafana security update | 2025-06-16T01:29:22+00:00 | 2025-11-13T16:51:32+00:00 |
| rhsa-2025:9056 | Red Hat Security Advisory: gstreamer1-plugins-bad-free security update | 2025-06-13T05:27:20+00:00 | 2025-11-11T10:13:30+00:00 |
| rhsa-2025:8556 | Red Hat Security Advisory: OpenShift Container Platform 4.16.42 bug fix and security update | 2025-06-13T05:16:43+00:00 | 2025-11-13T17:42:33+00:00 |
| rhsa-2025:9043 | Red Hat Security Advisory: golang security update | 2025-06-12T19:28:04+00:00 | 2025-11-13T16:51:31+00:00 |
| rhsa-2025:9025 | Red Hat Security Advisory: container-tools:rhel8 security update | 2025-06-12T15:35:13+00:00 | 2025-11-13T16:51:34+00:00 |
| rhsa-2025:9028 | Red Hat Security Advisory: A Subscription Management tool for finding and reporting Red Hat product usage | 2025-06-12T15:31:37+00:00 | 2025-11-06T23:43:01+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2025-27516 | Jinja sandbox breakout through attr filter selecting format method | 2025-03-02T00:00:00.000Z | 2025-04-24T00:00:00.000Z |
| msrc_cve-2025-27423 | Improper Input Validation in Vim | 2025-03-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2025-27363 | An out of bounds write exists in FreeType versions 2.13.0 and below (newer versions of FreeType are not vulnerable) when attempting to parse font subglyph structures related to TrueType GX and variable font files. The vulnerable code assigns a signed short value to an unsigned long and then adds a static value causing it to wrap around and allocate too small of a heap buffer. The code then writes up to 6 signed long integers out of bounds relative to this buffer. This may result in arbitrary code execution. This vulnerability may have been exploited in the wild. | 2025-03-02T00:00:00.000Z | 2025-03-15T00:00:00.000Z |
| msrc_cve-2025-27221 | In the URI gem before 1.0.3 for Ruby, the URI handling methods (URI.join, URI#merge, URI#+) have an inadvertent leakage of authentication credentials because userinfo is retained even after changing the host. | 2025-03-02T00:00:00.000Z | 2025-04-19T00:00:00.000Z |
| msrc_cve-2025-27220 | In the CGI gem before 0.4.2 for Ruby, a Regular Expression Denial of Service (ReDoS) vulnerability exists in the Util#escapeElement method. | 2025-03-02T00:00:00.000Z | 2025-04-19T00:00:00.000Z |
| msrc_cve-2025-27219 | In the CGI gem before 0.4.2 for Ruby, the CGI::Cookie.parse method in the CGI library contains a potential Denial of Service (DoS) vulnerability. The method does not impose any limit on the length of the raw cookie value it processes. This oversight can lead to excessive resource consumption when parsing extremely large cookies. | 2025-03-02T00:00:00.000Z | 2025-04-19T00:00:00.000Z |
| msrc_cve-2025-27152 | Possible SSRF and Credential Leakage via Absolute URL in axios Requests | 2025-03-02T00:00:00.000Z | 2025-09-03T21:44:02.000Z |
| msrc_cve-2025-2588 | Hercules Augeas fa.c re_case_expand null pointer dereference | 2025-03-02T00:00:00.000Z | 2025-04-16T00:00:00.000Z |
| msrc_cve-2025-25724 | list_item_verbose in tar/util.c in libarchive through 3.7.7 does not check an strftime return value, which can lead to a denial of service or unspecified other impact via a crafted TAR archive that is read with a verbose value of 2. For example, the 100-byte buffer may not be sufficient for a custom locale. | 2025-03-02T00:00:00.000Z | 2025-07-17T00:00:00.000Z |
| msrc_cve-2025-24855 | numbers.c in libxslt before 1.1.43 has a use-after-free because, in nested XPath evaluations, an XPath context node can be modified but never restored. This is related to xsltNumberFormatGetValue, xsltEvalXPathPredicate, xsltEvalXPathStringNs, and xsltComputeSortResultInternal. | 2025-03-02T00:00:00.000Z | 2025-04-01T00:00:00.000Z |
| msrc_cve-2025-2312 | cifs.upcall makes an upcall to the wrong namespace in containerized environments | 2025-03-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-2310 | HDF5 Metadata Attribute Decoder H5MM_strndup heap-based overflow | 2025-03-02T00:00:00.000Z | 2025-09-04T01:09:05.000Z |
| msrc_cve-2025-2309 | HDF5 Type Conversion Logic H5T__bit_copy heap-based overflow | 2025-03-02T00:00:00.000Z | 2025-09-04T01:19:47.000Z |
| msrc_cve-2025-2308 | HDF5 Scale-Offset Filter H5Z__scaleoffset_decompress_one_byte heap-based overflow | 2025-03-02T00:00:00.000Z | 2025-09-04T01:14:31.000Z |
| msrc_cve-2025-2295 | Potential iSCSI R2T PDU Vulnerability | 2025-03-02T00:00:00.000Z | 2025-09-04T01:04:20.000Z |
| msrc_cve-2025-22870 | HTTP Proxy bypass using IPv6 Zone IDs in golang.org/x/net | 2025-03-02T00:00:00.000Z | 2025-07-11T00:00:00.000Z |
| msrc_cve-2025-21892 | RDMA/mlx5: Fix the recovery flow of the UMR QP | 2025-03-02T00:00:00.000Z | 2025-09-04T00:24:07.000Z |
| msrc_cve-2025-21891 | ipvlan: ensure network headers are in skb linear part | 2025-03-02T00:00:00.000Z | 2025-09-03T23:46:34.000Z |
| msrc_cve-2025-21888 | RDMA/mlx5: Fix a WARN during dereg_mr for DM type | 2025-03-02T00:00:00.000Z | 2025-09-03T22:06:02.000Z |
| msrc_cve-2025-21887 | ovl: fix UAF in ovl_dentry_update_reval by moving dput() in ovl_link_up | 2025-03-02T00:00:00.000Z | 2025-05-05T00:00:00.000Z |
| msrc_cve-2025-21885 | RDMA/bnxt_re: Fix the page details for the srq created by kernel consumers | 2025-03-02T00:00:00.000Z | 2025-09-04T00:32:12.000Z |
| msrc_cve-2025-21884 | net: better track kernel sockets lifetime | 2025-03-02T00:00:00.000Z | 2025-09-03T21:56:18.000Z |
| msrc_cve-2025-21870 | ASoC: SOF: ipc4-topology: Harden loops for looking up ALH copiers | 2025-03-02T00:00:00.000Z | 2025-09-03T22:08:37.000Z |
| msrc_cve-2025-21868 | net: allow small head cache usage with large MAX_SKB_FRAGS values | 2025-03-02T00:00:00.000Z | 2025-09-03T23:40:57.000Z |
| msrc_cve-2025-21867 | bpf, test_run: Fix use-after-free issue in eth_skb_pkt_type() | 2025-03-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21866 | powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC | 2025-03-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21865 | gtp: Suppress list corruption splat in gtp_net_exit_batch_rtnl(). | 2025-03-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21864 | tcp: drop secpath at the same time as we currently drop dst | 2025-03-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21863 | io_uring: prevent opcode speculation | 2025-03-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21862 | drop_monitor: fix incorrect initialization order | 2025-03-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2016-000177 | baserCMS vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000176 | baserCMS plugin Blog vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000175 | baserCMS plugin Blog vulnerable to cross-site scripting | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000174 | baserCMS plugin Mail vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000173 | baserCMS plugin Mail vulnerable to cross-site scripting | 2016-09-29T16:04+09:00 | 2017-11-27T16:37+09:00 |
| jvndb-2016-000172 | baserCMS vulnerable to cross-site request forgery | 2016-09-29T16:04+09:00 | 2017-11-27T16:36+09:00 |
| jvndb-2016-000171 | ManageEngine ServiceDesk Plus uses an insecure method for cookie generation | 2016-09-29T14:39+09:00 | 2017-05-23T14:28+09:00 |
| jvndb-2016-000170 | ManageEngine ServiceDesk Plus fails to restrict access permissions | 2016-09-29T14:39+09:00 | 2017-05-23T14:28+09:00 |
| jvndb-2016-000169 | ManageEngine ServiceDesk Plus vulnerable to cross-site scripting | 2016-09-29T14:39+09:00 | 2017-05-23T14:28+09:00 |
| jvndb-2016-000167 | Multiple plugins for Geeklog IVYWE edition vulnerable to cross-site scripting | 2016-09-23T14:15+09:00 | 2017-05-23T14:28+09:00 |
| jvndb-2016-000161 | Money Forward Apps for Android vulnerability that allows unintended operations | 2016-09-20T15:19+09:00 | 2017-11-27T18:01+09:00 |
| jvndb-2016-000160 | Money Forward Apps for Android vulnerable in the WebView class | 2016-09-20T15:19+09:00 | 2017-11-27T18:01+09:00 |
| jvndb-2016-000166 | Trend Micro Internet Security vulnerability where files may be excluded as scan targets | 2016-09-16T14:31+09:00 | 2016-09-16T14:31+09:00 |
| jvndb-2016-000165 | Splunk Enterprise and Splunk Light vulnerable to cross-site scripting | 2016-09-16T14:17+09:00 | 2018-01-24T11:53+09:00 |
| jvndb-2016-000164 | Splunk Enterprise and Splunk Light vulnerable to open redirect | 2016-09-16T14:16+09:00 | 2017-11-27T16:55+09:00 |
| jvndb-2016-000163 | Splunk Enterprise and Splunk Light vulnerable to open redirect | 2016-09-16T14:08+09:00 | 2017-11-27T16:55+09:00 |
| jvndb-2016-000162 | Splunk Enterprise and Splunk Lite vulnerable to cross-site scripting | 2016-09-16T13:56+09:00 | 2017-11-27T16:55+09:00 |
| jvndb-2016-000159 | H2O use of externally-controlled format string | 2016-09-15T14:26+09:00 | 2017-11-27T17:23+09:00 |
| jvndb-2016-000158 | Zend Framework vulnerable to SQL injection | 2016-09-15T14:11+09:00 | 2017-03-16T14:15+09:00 |
| jvndb-2016-000157 | CS-Cart add-on "Twigmo" vulnerable to PHP object injection | 2016-09-14T15:00+09:00 | 2017-05-23T14:28+09:00 |
| jvndb-2016-000156 | ADOdb vulnerable to cross-site scripting | 2016-09-06T13:45+09:00 | 2017-11-27T16:43+09:00 |
| jvndb-2016-004496 | Information Disclosure Vulnerability in Hitachi Automation Director and JP1/Automatic Operation | 2016-09-02T16:09+09:00 | 2016-09-30T09:47+09:00 |
| jvndb-2016-000154 | Multiple AKABEi SOFT2 LTD. games vulnerable to OS command injection | 2016-08-31T15:33+09:00 | 2016-09-05T17:56+09:00 |
| jvndb-2016-000153 | LINE for Windows fails to properly verify downloaded files | 2016-08-25T14:26+09:00 | 2017-05-23T14:28+09:00 |
| jvndb-2016-000151 | YoruFukurou (NightOwl) vulnerable to denial-of-service (DoS) | 2016-08-24T14:14+09:00 | 2016-10-27T09:43+09:00 |
| jvndb-2016-000152 | simple chat vulnerable to cross-site scripting | 2016-08-23T13:37+09:00 | 2016-09-05T17:45+09:00 |
| jvndb-2016-000149 | Cybozu Garoon fails to restrict access permissions | 2016-08-22T15:16+09:00 | 2017-05-23T12:01+09:00 |
| jvndb-2016-000148 | Cybozu Garoon vulnerable to authentication bypass | 2016-08-22T15:16+09:00 | 2017-05-23T12:01+09:00 |
| jvndb-2016-000147 | Cybozu Garoon vulnerable to SQL injection | 2016-08-22T15:16+09:00 | 2017-05-23T12:01+09:00 |
| jvndb-2016-000146 | "Check available times" function in Cybozu Garoon vulnerable to cross-site scripting | 2016-08-22T15:16+09:00 | 2017-05-23T12:01+09:00 |
| ID | Description | Updated |
|---|