Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-6hj2-fxwr-rvj5 | Kitware VTK (Visualization Toolkit) through 9.5.0 contains a heap buffer overflow vulnerability in … | 2025-10-31T15:30:31Z | 2025-10-31T21:31:01Z |
| ghsa-5pfc-43r5-qrmg | Kitware VTK (Visualization Toolkit) up to 9.5.0 is vulnerable to Buffer Overflow in vtkGLTFDocument… | 2025-10-31T15:30:31Z | 2025-10-31T21:31:01Z |
| ghsa-5fcf-3m52-f3q5 | IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on autho… | 2025-10-31T15:30:31Z | 2025-10-31T15:30:31Z |
| ghsa-4m38-cfr7-jx25 | The equipment grants a JWT token for each connection in the timeline, but during an active valid se… | 2025-10-31T15:30:31Z | 2025-11-03T18:31:51Z |
| ghsa-4fg8-97vg-f94j | Nagios XI versions prior to < 2024R1.1 is vulnerable to a cross-site scripting (XSS) when a user vi… | 2025-10-31T15:30:31Z | 2025-11-06T18:32:49Z |
| ghsa-2cfx-ppj7-2856 | Denial of service of the web server through specific requests to this protocol | 2025-10-31T15:30:31Z | 2025-11-03T18:31:51Z |
| ghsa-xfhv-2m8j-xxfc | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability … | 2025-10-31T12:30:23Z | 2025-11-13T12:31:34Z |
| ghsa-r2w4-795m-g75f | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2025-10-31T12:30:23Z | 2025-11-13T12:31:34Z |
| ghsa-qw73-cw24-3jmw | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2025-10-31T12:30:23Z | 2025-11-13T12:31:34Z |
| ghsa-7547-xpx7-423p | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusi… | 2025-10-31T12:30:23Z | 2025-11-13T12:31:34Z |
| ghsa-6v33-cm54-m66r | Cross-Site Request Forgery (CSRF) vulnerability in Mikado-Themes Bard bardwp allows Cross Site Requ… | 2025-10-31T12:30:23Z | 2025-11-13T12:31:34Z |
| ghsa-63x7-86mp-j45m | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusi… | 2025-10-31T12:30:23Z | 2025-11-13T12:31:34Z |
| ghsa-5869-fm6w-9qxm | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2025-10-31T12:30:23Z | 2025-11-13T12:31:34Z |
| ghsa-pcvf-2wc2-h4q6 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2025-10-31T12:30:22Z | 2025-11-13T12:31:34Z |
| ghsa-mrg9-x4ww-jcqj | Missing Authorization vulnerability in WPDeveloper Essential Addons for Elementor essential-addons-… | 2025-10-31T12:30:22Z | 2025-11-13T12:31:33Z |
| ghsa-jvpv-fpvh-5mfh | Missing Authorization vulnerability in f1logic Insert PHP Code Snippet insert-php-code-snippet allo… | 2025-10-31T12:30:22Z | 2025-11-13T12:31:34Z |
| ghsa-j8fg-qmmq-47j9 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2025-10-31T12:30:22Z | 2025-11-13T12:31:34Z |
| ghsa-hp28-jqch-qhrc | Deserialization of Untrusted Data vulnerability in Chouby Polylang polylang allows Object Injection… | 2025-10-31T12:30:22Z | 2025-11-13T12:31:34Z |
| ghsa-h3cx-p8jg-9mrc | Cross-Site Request Forgery (CSRF) vulnerability in Younes JFR. Advanced Database Cleaner advanced-d… | 2025-10-31T12:30:22Z | 2025-11-13T12:31:34Z |
| ghsa-g534-gxr9-5j65 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusi… | 2025-10-31T12:30:22Z | 2025-11-13T12:31:34Z |
| ghsa-fr77-chw5-pvc2 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusi… | 2025-10-31T12:30:22Z | 2025-11-13T12:31:34Z |
| ghsa-cx8p-42rg-pwx4 | Missing Authorization vulnerability in WebToffee Smart Coupons for WooCommerce wt-smart-coupons-for… | 2025-10-31T12:30:22Z | 2025-11-13T12:31:34Z |
| ghsa-p42f-m78x-844r | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilit… | 2025-10-31T12:30:21Z | 2025-11-05T00:31:32Z |
| ghsa-jwg7-fm78-3f3q | Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions al… | 2025-10-31T12:30:21Z | 2025-10-31T12:30:21Z |
| ghsa-8x72-pg98-vrf2 | A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances ma… | 2025-10-31T12:30:21Z | 2025-10-31T21:31:00Z |
| ghsa-6hvg-fq9h-5pm6 | In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in … | 2025-10-31T12:30:21Z | 2025-10-31T12:30:21Z |
| ghsa-6h7h-qg92-xfgr | Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiti… | 2025-10-31T12:30:21Z | 2025-11-13T12:31:33Z |
| ghsa-64c5-3xxf-ccjp | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilit… | 2025-10-31T12:30:21Z | 2025-11-05T00:31:32Z |
| ghsa-5mv8-q8gm-mq6x | Insertion of Sensitive Information Into Sent Data vulnerability in Rank Math SEO Rank Math SEO seo-… | 2025-10-31T12:30:21Z | 2025-11-13T12:31:33Z |
| ghsa-38qg-7h9q-7h29 | When passing through PCI devices, the detach logic in libxl won't remove access permissions to any … | 2025-10-31T12:30:21Z | 2025-11-05T00:31:32Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-11922 | Inactive Logout <= 3.5.5 - Authenticated (Subscriber+)… |
j_3rk |
Inactive Logout |
2025-11-01T01:47:41.819Z | 2025-11-03T15:48:16.331Z | |
| cve-2025-11920 | WPCOM Member <= 1.7.14 - Authenticated (Contributor+) … |
whyun |
WPCOM Member |
2025-11-01T01:47:41.378Z | 2025-11-03T18:53:31.185Z | |
| cve-2025-11174 | Document Library Lite <= 1.1.6 - Missing Authorization… |
barn2media |
Document Library Lite |
2025-11-01T01:47:40.902Z | 2025-11-03T18:57:14.666Z | |
| cve-2025-11816 | Privacy Policy Generator, Terms & Conditions Generator… |
wplegalpages |
Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages |
2025-11-01T01:47:40.230Z | 2025-11-03T18:57:46.543Z | |
| cve-2025-62276 | 4.6 (v4.0) | The Document Library and the Adaptive Media modul… |
Liferay |
Portal |
2025-10-31T23:34:20.166Z | 2025-11-03T13:31:38.847Z |
| cve-2025-12464 | 6.2 (v3.1) | Qemu-kvm: stack buffer overflow in e1000 device via sh… |
|
|
2025-10-31T21:15:48.885Z | 2025-11-12T10:12:25.796Z |
| cve-2025-60711 | 6.3 (v3.1) | Microsoft Edge (Chromium-based) Remote Code Execution … |
Microsoft |
Microsoft Edge (Chromium-based) |
2025-10-31T19:29:01.444Z | 2025-11-04T20:04:01.282Z |
| cve-2025-10693 | 7.6 (v4.0) | Silicon Labs Z-Wave PIR Sensor Joins Network as Non-Secure |
silabs.com |
Silicon Labs Z-Wave SDK |
2025-10-31T19:20:16.031Z | 2025-10-31T19:54:55.313Z |
| cve-2025-12547 | LogicalDOC Community Edition Admin Login login.jsp exc… |
LogicalDOC |
Community Edition |
2025-10-31T18:32:08.209Z | 2025-10-31T18:55:56.744Z | |
| cve-2025-12546 | LogicalDOC Community Edition API Key creation UI cross… |
LogicalDOC |
Community Edition |
2025-10-31T18:32:05.885Z | 2025-10-31T18:59:31.730Z | |
| cve-2025-64349 | ELOG user profile missing authorization |
ELOG |
ELOG |
2025-10-31T18:31:42.904Z | 2025-10-31T18:31:42.904Z | |
| cve-2025-64348 | ELOG configuration file authorization bypass |
ELOG |
ELOG |
2025-10-31T18:31:21.412Z | 2025-11-04T15:58:49.177Z | |
| cve-2025-62618 | ELOG file upload stored XSS |
ELOG |
ELOG |
2025-10-31T18:31:06.652Z | 2025-11-04T15:58:06.636Z | |
| cve-2025-62267 | 4.6 (v4.0) | Multiple cross-site scripting (XSS) vulnerabiliti… |
Liferay |
Portal |
2025-10-31T18:12:50.703Z | 2025-11-03T15:48:52.733Z |
| cve-2025-62264 | 5.1 (v4.0) | Reflected cross-site scripting (XSS) vulnerabilit… |
Liferay |
Portal |
2025-10-31T17:32:01.861Z | 2025-10-31T17:52:36.076Z |
| cve-2025-59501 | 4.8 (v3.1) | Microsoft Configuration Manager Spoofing Vulnerability |
Microsoft |
Microsoft Configuration Manager |
2025-10-31T16:45:40.699Z | 2025-11-04T20:04:00.739Z |
| cve-2025-6075 | 1.8 (v4.0) | Quadratic complexity in os.path.expandvars() with user… |
Python Software Foundation |
CPython |
2025-10-31T16:41:34.983Z | 2025-10-31T17:55:40.240Z |
| cve-2025-12554 | 6.9 (v4.0) | Missing Security Headers |
Azure Access Technology |
BLU-IC2 |
2025-10-31T15:52:29.049Z | 2025-10-31T17:43:18.158Z |
| cve-2025-12509 | 8.4 (v3.1) | Scripts for the module Global_Shipping executable on B… |
Bizerba |
BRAIN2 |
2025-10-31T15:51:25.120Z | 2025-10-31T17:43:51.160Z |
| cve-2025-12508 | 8.4 (v3.1) | Unencrypted communication to Active Directory services |
Bizerba |
BRAIN2 |
2025-10-31T15:49:54.429Z | 2025-10-31T17:44:27.867Z |
| cve-2025-12507 | 8.8 (v3.1) | Insecure service configuration – unquoted path |
Bizerba |
_connect.BRAIN |
2025-10-31T15:48:36.371Z | 2025-10-31T18:17:20.171Z |
| cve-2025-12553 | 10 (v4.0) | Server Certificate Verification Disabled |
Azure Access Technology |
BLU-IC2 |
2025-10-31T15:48:29.402Z | 2025-10-31T18:36:54.940Z |
| cve-2025-12552 | 6.9 (v4.0) | Insufficient Password Policy |
Azure Access Technology |
BLU-IC2 |
2025-10-31T15:43:44.961Z | 2025-10-31T18:24:19.770Z |
| cve-2025-12357 | 8.3 (v3.1) 7.2 (v4.0) | International Standards Organization ISO 15118-2 Impro… |
ISO 15118-2 Network and Application Protocol Requirements |
EV Car Chargers |
2025-10-31T15:33:48.343Z | 2025-11-03T19:01:59.520Z |
| cve-2025-64168 | Agno session state overwrites between different sessio… |
agno-agi |
agno |
2025-10-31T14:58:54.447Z | 2025-10-31T15:39:39.368Z | |
| cve-2025-64385 | 9.2 (v4.0) | INCORRECT SECURITY VALIDATION IN SENDING UDP FRAMES |
Circutor |
TCPRS1plus |
2025-10-31T14:23:06.442Z | 2025-11-03T19:06:16.313Z |
| cve-2025-64389 | 8.3 (v4.0) | EXCHANGE OF SENSITIVE INFORMATION IN CLEAR TEXT |
Circutor |
TCPRS1plus |
2025-10-31T14:19:48.833Z | 2025-11-03T19:11:41.770Z |
| cve-2025-64388 | 9.2 (v4.0) | Denial of service through specific packets |
Circutor |
TCPRS1plus |
2025-10-31T14:17:00.827Z | 2025-11-03T15:47:20.502Z |
| cve-2025-64387 | 5.1 (v4.0) | CLICKJACKING |
Circutor |
TCPRS1plus |
2025-10-31T14:12:55.199Z | 2025-11-03T15:48:02.400Z |
| cve-2025-12501 | N/A | Integer overflow in GameMaker IDE below 2024.14.0… |
Opera Norway AS |
GameMaker IDE |
2025-10-31T14:10:19.919Z | 2025-10-31T14:53:19.356Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-12599 | 10 (v4.0) | Multiple Devices are Sharing the Same Secrets for SDKS… |
Azure Access Technology |
BLU-IC2 |
2025-11-01T18:39:53.127Z | 2025-11-03T13:29:56.000Z |
| cve-2025-36367 | 8.8 (v3.1) | IBM i is affected by a privilege escalation in IBM i S… |
IBM |
i |
2025-11-01T12:01:31.137Z | 2025-11-04T04:55:13.395Z |
| cve-2025-6990 | Kallyas <= 4.24.0 - Authenticated (Contributor+) Remot… |
hogash |
KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme |
2025-11-01T07:30:03.218Z | 2025-11-03T13:30:17.631Z | |
| cve-2025-6988 | Kallyas <= 4.23.0 - Authenticated (Contributor+) Store… |
hogash |
KALLYAS - Creative eCommerce Multi-Purpose WordPress Theme |
2025-11-01T07:30:04.897Z | 2025-11-03T13:30:11.443Z | |
| cve-2025-6574 | Service Finder Bookings < 6.1 - Authenticated (Subscri… |
aonetheme |
Service Finder Bookings |
2025-11-01T06:40:36.491Z | 2025-11-03T13:30:52.307Z | |
| cve-2025-12171 | RESTful Content Syndication 1.1.0 - 1.5.0 - Authentica… |
anthonyeden |
RESTful Content Syndication |
2025-11-01T06:40:39.565Z | 2025-11-03T13:30:29.197Z | |
| cve-2025-12137 | Import WP – Export and Import CSV and XML files to Wor… |
jcollings |
Import WP – Export and Import CSV and XML files to WordPress |
2025-11-01T06:40:40.047Z | 2025-11-03T13:30:23.253Z | |
| cve-2025-11755 | Delicious Recipes <= 1.9.0 - Authenticated (Contributo… |
wpdelicious |
WP Delicious – Recipe Plugin for Food Bloggers (formerly Delicious Recipes) |
2025-11-01T06:40:39.047Z | 2025-11-03T13:30:34.941Z | |
| cve-2025-11499 | Tablesome Table – Contact Form DB – WPForms, CF7, Grav… |
essekia |
Tablesome Table – Contact Form DB – WPForms, CF7, Gravity, Forminator, Fluent |
2025-11-01T06:40:37.314Z | 2025-11-03T13:30:46.874Z | |
| cve-2025-10487 | Advanced Ads <= 2.0.12 - Unauthenticated Limited Code … |
monetizemore |
Advanced Ads – Ad Manager & AdSense |
2025-11-01T06:40:37.833Z | 2025-11-03T13:30:40.805Z | |
| cve-2025-12180 | Qi Blocks <= 1.4.3 - Missing Authorization to Authenti… |
qodeinteractive |
Qi Blocks |
2025-11-01T05:40:21.834Z | 2025-11-03T13:31:27.357Z | |
| cve-2025-12090 | Employee Spotlight – Team Member Showcase & Meet the T… |
emarket-design |
Employee Spotlight – Team Member Showcase & Meet the Team Plugin |
2025-11-01T05:40:22.553Z | 2025-11-03T13:31:21.726Z | |
| cve-2025-12038 | Folderly <= 0.3 - Incorrect Authorization to Authentic… |
wpfolderly |
Folderly |
2025-11-01T05:40:23.582Z | 2025-11-03T13:31:10.279Z | |
| cve-2025-11983 | WP Discourse <= 2.5.9 - Authenticated (Author+) Inform… |
scossar |
WP Discourse |
2025-11-01T05:40:23.063Z | 2025-11-03T13:31:15.868Z | |
| cve-2025-11740 | wpForo Forum <= 2.4.9 - Authenticated (Susbscriber+) S… |
tomdever |
wpForo Forum |
2025-11-01T05:40:24.041Z | 2025-11-03T13:31:04.431Z | |
| cve-2025-11502 | Schema & Structured Data for WP & AMP <= 1.51 - Authen… |
magazine3 |
Schema & Structured Data for WP & AMP |
2025-11-01T05:40:24.552Z | 2025-11-03T13:30:58.163Z | |
| cve-2025-5949 | Service Finder Bookings <= 6.0 - Authenticated (Subscr… |
aonetheme |
Service Finder Bookings |
2025-11-01T04:27:42.063Z | 2025-11-03T20:48:46.815Z | |
| cve-2025-12118 | Schema Scalpel <= 1.6.1 - Authenticated (Contributor+)… |
kevingillispie |
Schema Scalpel |
2025-11-01T04:27:41.429Z | 2025-11-03T20:47:42.541Z | |
| cve-2025-11995 | Community Events <= 1.5.2 - Unauthenticated Stored Cro… |
jackdewey |
Community Events |
2025-11-01T04:27:40.961Z | 2025-11-03T20:46:33.926Z | |
| cve-2025-11927 | Flying Images: Optimize and Lazy Load Images for Faste… |
gijo |
Flying Images: Optimize and Lazy Load Images for Faster Page Speed |
2025-11-01T04:27:42.551Z | 2025-11-03T13:31:33.027Z | |
| cve-2025-11377 | List category posts <= 0.92.0 - Authenticated (Contrib… |
fernandobt |
List category posts |
2025-11-01T04:27:40.333Z | 2025-11-03T20:45:31.296Z | |
| cve-2025-12367 | SiteSEO – SEO Simplified <= 1.3.1 - Missing Authorizat… |
softaculous |
SiteSEO – SEO Simplified |
2025-11-01T03:34:36.429Z | 2025-11-03T15:46:46.785Z | |
| cve-2025-11928 | CSS & JavaScript Toolbox <= 12.0.5 - Authenticated (Ad… |
wipeoutmedia |
CSS & JavaScript Toolbox |
2025-11-01T03:34:36.948Z | 2025-11-03T14:59:13.017Z | |
| cve-2025-11833 | Post SMTP – Complete SMTP Solution with Logs, Alerts, … |
saadiqbal |
Post SMTP – Complete SMTP Solution with Logs, Alerts, Backup SMTP & Mobile App |
2025-11-01T03:34:35.794Z | 2025-11-03T15:47:23.380Z | |
| cve-2025-62275 | 6.9 (v4.0) | Blogs in Liferay Portal 7.4.0 through 7.4.3.111, … |
Liferay |
Portal |
2025-11-01T02:42:50.698Z | 2025-11-03T15:47:50.284Z |
| cve-2025-11922 | Inactive Logout <= 3.5.5 - Authenticated (Subscriber+)… |
j_3rk |
Inactive Logout |
2025-11-01T01:47:41.819Z | 2025-11-03T15:48:16.331Z | |
| cve-2025-11920 | WPCOM Member <= 1.7.14 - Authenticated (Contributor+) … |
whyun |
WPCOM Member |
2025-11-01T01:47:41.378Z | 2025-11-03T18:53:31.185Z | |
| cve-2025-11816 | Privacy Policy Generator, Terms & Conditions Generator… |
wplegalpages |
Privacy Policy Generator, Terms & Conditions Generator WordPress Plugin : WP Legal Pages |
2025-11-01T01:47:40.230Z | 2025-11-03T18:57:46.543Z | |
| cve-2025-11174 | Document Library Lite <= 1.1.6 - Missing Authorization… |
barn2media |
Document Library Lite |
2025-11-01T01:47:40.902Z | 2025-11-03T18:57:14.666Z | |
| cve-2025-62276 | 4.6 (v4.0) | The Document Library and the Adaptive Media modul… |
Liferay |
Portal |
2025-10-31T23:34:20.166Z | 2025-11-03T13:31:38.847Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-188816 | Malicious code in primatology-chromedriver-vortex-nebula (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188815 | Malicious code in primatology-callback-dactyl-telesto (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188814 | Malicious code in primatology-algol-postgres-unuk (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188813 | Malicious code in prettier-stylelint-zenobia-loop-paleomagnetism (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188812 | Malicious code in prettier-stylelint-soap-acamar-build (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188811 | Malicious code in prettier-stylelint-got-cosmos-ariel (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188810 | Malicious code in prettier-stylelint-astrobiology-loopback-sirius (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188809 | Malicious code in prettier-registry-forever-prettier-plugin-markdown (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188808 | Malicious code in prettier-plugin-markdown-tool-sociobiology-css-minimizer-webpack-plugin (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188807 | Malicious code in prettier-plugin-markdown-toml-reveal-md-event (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188806 | Malicious code in prettier-plugin-markdown-mantle-hermes-geodynamo (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188805 | Malicious code in prettier-plugin-markdown-lint-jest-scripts (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188804 | Malicious code in prettier-plugin-markdown-json-joviology-filament (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188803 | Malicious code in prettier-plugin-markdown-joviology-style-loader-zooarchaeology (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188802 | Malicious code in prettier-plugin-markdown-exoplanet-saturnology-frontend (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188801 | Malicious code in prettier-plugin-markdown-aquarius-colors-antares (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188800 | Malicious code in prettier-pegasus-version-sirius (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188799 | Malicious code in prettier-oberon-unuk-semantic-ui (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188798 | Malicious code in prettier-meteor-mineralogy-vuepress (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188797 | Malicious code in prettier-luna-mysql-stratosphere (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188796 | Malicious code in prettier-json-publish-quito (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188795 | Malicious code in prettier-despina-gacrux-shelljs (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188794 | Malicious code in prettier-cordelia-npm-toml (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188793 | Malicious code in postgres-soap-apex-vortex (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188792 | Malicious code in postgres-proteomics-markdown-abiogenesis (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188791 | Malicious code in postgres-promise-transform-farout (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188790 | Malicious code in postgres-procyon-nextjs-nuxtjs (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188789 | Malicious code in postgres-on-sqlite-archaeogenetics (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188788 | Malicious code in postgres-buffer-prettier-stylelint-lithosphere (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188787 | Malicious code in postgres-asteroid-readable-dione (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:8679 | Red Hat Security Advisory: grafana security update | 2025-06-09T14:03:19+00:00 | 2025-11-11T09:58:29+00:00 |
| rhsa-2025:8677 | Red Hat Security Advisory: perl-FCGI security update | 2025-06-09T14:03:04+00:00 | 2025-11-11T11:27:32+00:00 |
| rhsa-2025:8678 | Red Hat Security Advisory: perl-FCGI security update | 2025-06-09T14:02:14+00:00 | 2025-11-11T11:27:32+00:00 |
| rhsa-2025:8681 | Red Hat Security Advisory: grafana security update | 2025-06-09T13:59:24+00:00 | 2025-11-11T09:58:30+00:00 |
| rhsa-2025:8683 | Red Hat Security Advisory: grafana security update | 2025-06-09T13:59:19+00:00 | 2025-11-11T09:58:30+00:00 |
| rhsa-2025:8690 | Red Hat Security Advisory: Red Hat build of Keycloak 26.2.5 Security Update | 2025-06-09T13:57:15+00:00 | 2025-11-06T22:56:51+00:00 |
| rhsa-2025:8674 | Red Hat Security Advisory: mod_security security update | 2025-06-09T13:54:14+00:00 | 2025-11-11T12:35:09+00:00 |
| rhsa-2025:8685 | Red Hat Security Advisory: grafana security update | 2025-06-09T13:44:39+00:00 | 2025-11-13T16:49:09+00:00 |
| rhsa-2025:8684 | Red Hat Security Advisory: grafana security update | 2025-06-09T13:29:24+00:00 | 2025-11-11T09:58:30+00:00 |
| rhsa-2025:8669 | Red Hat Security Advisory: kernel security update | 2025-06-09T13:02:14+00:00 | 2025-11-11T08:38:20+00:00 |
| rhsa-2025:8672 | Red Hat Security Advisory: Red Hat build of Keycloak 26.2.5 Images Security Update | 2025-06-09T12:40:44+00:00 | 2025-11-06T22:56:50+00:00 |
| rhsa-2025:8667 | Red Hat Security Advisory: grafana security update | 2025-06-09T12:34:44+00:00 | 2025-11-13T16:49:08+00:00 |
| rhsa-2025:8666 | Red Hat Security Advisory: grafana security update | 2025-06-09T10:19:34+00:00 | 2025-11-13T16:49:08+00:00 |
| rhsa-2025:8665 | Red Hat Security Advisory: grafana security update | 2025-06-09T10:18:20+00:00 | 2025-11-13T16:49:07+00:00 |
| rhsa-2025:8664 | Red Hat Security Advisory: python-tornado security update | 2025-06-09T10:16:49+00:00 | 2025-11-08T07:17:35+00:00 |
| rhsa-2025:8670 | Red Hat Security Advisory: Release of OpenShift Serverless Logic 1.36.0 security update & enhancements | 2025-06-09T10:12:51+00:00 | 2025-11-13T16:49:08+00:00 |
| rhsa-2025:8663 | Red Hat Security Advisory: libsoup security update | 2025-06-09T09:56:05+00:00 | 2025-11-06T23:15:41+00:00 |
| rhsa-2025:8655 | Red Hat Security Advisory: glibc security update | 2025-06-09T09:11:34+00:00 | 2025-11-06T23:43:00+00:00 |
| rhsa-2025:8643 | Red Hat Security Advisory: kernel security update | 2025-06-09T07:43:44+00:00 | 2025-11-11T08:38:18+00:00 |
| rhsa-2025:8645 | Red Hat Security Advisory: firefox security update | 2025-06-09T07:24:34+00:00 | 2025-11-06T23:43:00+00:00 |
| rhsa-2025:8642 | Red Hat Security Advisory: thunderbird security update | 2025-06-09T04:54:38+00:00 | 2025-11-06T23:43:00+00:00 |
| rhsa-2025:8634 | Red Hat Security Advisory: podman security update | 2025-06-09T03:29:53+00:00 | 2025-11-13T16:49:07+00:00 |
| rhsa-2025:8636 | Red Hat Security Advisory: perl-FCGI security update | 2025-06-09T03:25:08+00:00 | 2025-11-11T11:27:32+00:00 |
| rhsa-2025:8635 | Red Hat Security Advisory: perl-FCGI security update | 2025-06-09T03:22:44+00:00 | 2025-11-11T11:27:30+00:00 |
| rhsa-2025:8631 | Red Hat Security Advisory: thunderbird security update | 2025-06-09T03:20:53+00:00 | 2025-11-06T23:42:59+00:00 |
| rhsa-2025:8639 | Red Hat Security Advisory: firefox security update | 2025-06-09T03:20:13+00:00 | 2025-11-06T23:43:00+00:00 |
| rhsa-2025:8630 | Red Hat Security Advisory: thunderbird security update | 2025-06-09T03:01:08+00:00 | 2025-11-06T23:42:59+00:00 |
| rhsa-2025:8640 | Red Hat Security Advisory: firefox security update | 2025-06-09T03:00:53+00:00 | 2025-11-06T23:43:00+00:00 |
| rhsa-2025:8632 | Red Hat Security Advisory: buildah security update | 2025-06-09T02:29:48+00:00 | 2025-11-13T16:49:06+00:00 |
| rhsa-2025:8625 | Red Hat Security Advisory: perl-FCGI security update | 2025-06-09T02:21:18+00:00 | 2025-11-11T11:27:30+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2022-49742 | f2fs: initialize locks earlier in f2fs_fill_super() | 2025-03-02T00:00:00.000Z | 2025-09-03T23:31:05.000Z |
| msrc_cve-2025-27144 | Go JOSE's Parsing Vulnerable to Denial of Service | 2025-02-02T00:00:00.000Z | 2025-05-27T00:00:00.000Z |
| msrc_cve-2025-27113 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a NULL pointer dereference in xmlPatMatch in pattern.c. | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2025-26618 | SSH SFTP packet size not verified properly in Erlang OTP | 2025-02-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2025-26603 | heap-use-after-free in function str_to_reg in vim/vim | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2025-26601 | Xorg: xwayland: use-after-free in syncinittrigger() | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2025-26600 | Xorg: xwayland: use-after-free in playreleasedevents() | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2025-26599 | Xorg: xwayland: use of uninitialized pointer in compredirectwindow() | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2025-26598 | Xorg: xwayland: out-of-bounds write in createpointerbarrierclient() | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2025-26597 | Xorg: xwayland: buffer overflow in xkbchangetypesofkey() | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2025-26596 | Xorg: xwayland: heap overflow in xkbwritekeysyms() | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2025-26595 | Xorg: xwayland: buffer overflow in xkbvmodmasktext() | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2025-26594 | X.org: xwayland: use-after-free of the root cursor | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2025-26466 | Openssh: denial-of-service in openssh | 2025-02-02T00:00:00.000Z | 2025-03-02T00:00:00.000Z |
| msrc_cve-2025-26465 | Openssh: machine-in-the-middle attack if verifyhostkeydns is enabled | 2025-02-02T00:00:00.000Z | 2025-02-27T00:00:00.000Z |
| msrc_cve-2025-25204 | `gh attestation verify` returns incorrect exit code during verification if no attestations are present | 2025-02-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2025-25199 | BCryptGenerateSymmetricKey memory leak | 2025-02-02T00:00:00.000Z | 2025-07-11T00:00:00.000Z |
| msrc_cve-2025-25188 | DNSSEC validation may accept broken authentication chains | 2025-02-02T00:00:00.000Z | 2025-09-03T23:56:45.000Z |
| msrc_cve-2025-25186 | Net::IMAP vulnerable to possible DoS by memory exhaustion | 2025-02-02T00:00:00.000Z | 2025-04-16T00:00:00.000Z |
| msrc_cve-2025-25183 | vLLM using built-in hash() from Python 3.12 leads to predictable hash collisions in vLLM prefix cache | 2025-02-02T00:00:00.000Z | 2025-09-03T22:24:23.000Z |
| msrc_cve-2025-24928 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a stack-based buffer overflow in xmlSnprintfElements in valid.c. To exploit this, DTD validation must occur for an untrusted document or untrusted DTD. NOTE: this is similar to CVE-2017-9047. | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2025-24898 | rust openssl ssl::select_next_proto use after free | 2025-02-02T00:00:00.000Z | 2025-09-03T21:40:02.000Z |
| msrc_cve-2025-23419 | TLS Session Resumption Vulnerability | 2025-02-02T00:00:00.000Z | 2025-02-20T00:00:00.000Z |
| msrc_cve-2025-23359 | NVIDIA Container Toolkit for Linux contains a Time-of-Check Time-of-Use (TOCTOU) vulnerability when used with default configuration, where a crafted container image could gain access to the host file system. A successful exploit of this vulnerability might lead to code execution, denial of service, escalation of privileges, information disclosure, and data tampering. | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2025-22869 | Potential denial of service in golang.org/x/crypto | 2025-02-02T00:00:00.000Z | 2025-03-27T00:00:00.000Z |
| msrc_cve-2025-22868 | Unexpected memory consumption during token parsing in golang.org/x/oauth2 | 2025-02-02T00:00:00.000Z | 2025-03-27T00:00:00.000Z |
| msrc_cve-2025-22866 | Timing sidechannel for P-256 on ppc64le in crypto/internal/nistec | 2025-02-02T00:00:00.000Z | 2025-09-03T22:30:35.000Z |
| msrc_cve-2025-21820 | tty: xilinx_uartps: split sysrq handling | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2025-21817 | block: mark GFP_NOIO around sysfs ->store() | 2025-02-02T00:00:00.000Z | 2025-09-04T02:10:59.000Z |
| msrc_cve-2025-21814 | ptp: Ensure info->enable callback is always set | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2016-000079 | Cybozu Garoon vulnerable to information disclosure | 2016-05-30T16:18+09:00 | 2016-06-28T17:01+09:00 |
| jvndb-2016-000078 | Cybozu Garoon function "Files" vulnerable to directory traversal | 2016-05-30T16:18+09:00 | 2016-06-23T17:40+09:00 |
| jvndb-2016-000077 | Cybozu Garoon mail function vulnerable to access restriction bypass | 2016-05-30T16:18+09:00 | 2016-06-28T17:01+09:00 |
| jvndb-2016-000092 | DMM.com Securities FX Apps for Android fail to verify SSL server certificates | 2016-05-30T14:21+09:00 | 2017-05-23T14:28+09:00 |
| jvndb-2016-000090 | Source code of Old_GSI_Maps prior to January, 2015 vulnerable to directory traversal | 2016-05-30T14:07+09:00 | 2016-06-23T15:13+09:00 |
| jvndb-2016-000072 | WebARENA formmail vulnerable to cross-site scripting | 2016-05-27T13:54+09:00 | 2016-06-08T17:47+09:00 |
| jvndb-2016-000087 | Multiple Buffalo wireless LAN routers vulnerable to information disclosure | 2016-05-27T13:53+09:00 | 2016-06-27T14:59+09:00 |
| jvndb-2016-000086 | Multiple Buffalo wireless LAN routers vulnerable to directory traversal | 2016-05-27T13:53+09:00 | 2016-06-27T14:58+09:00 |
| jvndb-2016-000076 | Japan Connected-free Wi-Fi vulnerable to API execution | 2016-05-27T13:51+09:00 | 2016-06-23T17:38+09:00 |
| jvndb-2016-000091 | H2O use-after-free vulnerability | 2016-05-27T13:46+09:00 | 2016-06-23T17:23+09:00 |
| jvndb-2016-000075 | NetCommons vulnerable to privilege escalation | 2016-05-26T14:30+09:00 | 2016-06-23T15:13+09:00 |
| jvndb-2016-000071 | WordPress plugin "Markdown on Save Improved" vulnerable to cross-site scripting | 2016-05-25T14:37+09:00 | 2016-06-08T17:23+09:00 |
| jvndb-2016-002716 | Cross-site Scripting Vulnerability in Hitachi Tuning Manager | 2016-05-24T16:43+09:00 | 2016-08-03T16:09+09:00 |
| jvndb-2016-002715 | Information Disclosure Vulnerability in Hitachi Command Suite | 2016-05-24T16:43+09:00 | 2016-08-03T16:09+09:00 |
| jvndb-2016-000067 | Jetstar App for iOS fails to verify SSL server certificates | 2016-05-24T13:36+09:00 | 2017-05-29T11:45+09:00 |
| jvndb-2016-000070 | php-contact-form vulnerable to cross-site scripting | 2016-05-24T12:27+09:00 | 2016-06-08T17:23+09:00 |
| jvndb-2016-000068 | HumHub vulnerable to cross-site scripting | 2016-05-24T12:24+09:00 | 2016-06-08T17:23+09:00 |
| jvndb-2016-000069 | MP Form Mail CGI Professional Edition vulnerable to directory traversal | 2016-05-20T14:22+09:00 | 2016-06-08T17:23+09:00 |
| jvndb-2016-000066 | Web Mailing List vulnerable to cross-site scripting | 2016-05-19T13:37+09:00 | 2016-06-08T17:23+09:00 |
| jvndb-2016-000065 | 105 BANK App fails to verify SSL server certificates | 2016-05-18T15:26+09:00 | 2017-05-29T11:45+09:00 |
| jvndb-2016-000060 | Cybozu KUNAI App fails to verify SSL server certificates | 2016-05-16T16:14+09:00 | 2017-05-23T16:23+09:00 |
| jvndb-2016-000047 | a-blog cms vulnerable to session management | 2016-05-16T14:48+09:00 | 2017-05-23T13:44+09:00 |
| jvndb-2016-000046 | a-blog cms vulnerable to cross-site scripting | 2016-05-16T14:48+09:00 | 2017-05-23T13:44+09:00 |
| jvndb-2016-000064 | WordPress plugin "Ninja Forms" vulnerable to PHP object injection | 2016-05-13T14:27+09:00 | 2016-06-01T17:00+09:00 |
| jvndb-2016-000063 | FileMaker server issue where PHP source code may be viewable | 2016-05-13T14:27+09:00 | 2016-06-02T09:43+09:00 |
| jvndb-2016-000062 | WN-G300R Series vulnerable to cross-site scripting | 2016-05-12T14:34+09:00 | 2016-06-01T16:48+09:00 |
| jvndb-2016-000061 | WN-GDN/R3 Series does not limit authentication attempts | 2016-05-12T14:34+09:00 | 2016-06-01T16:52+09:00 |
| jvndb-2016-000059 | Apache Cordova vulnerable to arbitrary plugin execution | 2016-05-11T14:16+09:00 | 2016-06-01T16:30+09:00 |
| jvndb-2016-000058 | Apache Cordova fails to restrict access permissions | 2016-05-11T14:16+09:00 | 2016-06-02T17:49+09:00 |
| jvndb-2016-000053 | EC-CUBE vulnerable to cross-site request forgery | 2016-04-26T14:24+09:00 | 2016-05-31T17:40+09:00 |
| ID | Description | Updated |
|---|