Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-jwg7-fm78-3f3q | Potential information leak in bolt protocol handshake in Neo4j Enterprise and Community editions al… | 2025-10-31T12:30:21Z | 2025-10-31T12:30:21Z |
| ghsa-8x72-pg98-vrf2 | A potential exposure of sensitive information in log files in SonicWall SMA100 Series appliances ma… | 2025-10-31T12:30:21Z | 2025-10-31T21:31:00Z |
| ghsa-6hvg-fq9h-5pm6 | In the Linux kernel, the following vulnerability has been resolved: comedi: fix divide-by-zero in … | 2025-10-31T12:30:21Z | 2025-10-31T12:30:21Z |
| ghsa-6h7h-qg92-xfgr | Missing Authorization vulnerability in Rank Math SEO Rank Math SEO seo-by-rank-math allows Exploiti… | 2025-10-31T12:30:21Z | 2025-11-13T12:31:33Z |
| ghsa-64c5-3xxf-ccjp | [This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilit… | 2025-10-31T12:30:21Z | 2025-11-05T00:31:32Z |
| ghsa-5mv8-q8gm-mq6x | Insertion of Sensitive Information Into Sent Data vulnerability in Rank Math SEO Rank Math SEO seo-… | 2025-10-31T12:30:21Z | 2025-11-13T12:31:33Z |
| ghsa-38qg-7h9q-7h29 | When passing through PCI devices, the detach logic in libxl won't remove access permissions to any … | 2025-10-31T12:30:21Z | 2025-11-05T00:31:32Z |
| ghsa-w5wj-26hw-f6p9 | The WPC Name Your Price for WooCommerce plugin for WordPress is vulnerable to unauthorized price al… | 2025-10-31T12:30:20Z | 2025-10-31T12:30:21Z |
| ghsa-vp68-5q7h-58f3 | The ERI File Library plugin for WordPress is vulnerable to unauthorized access of data due to a mis… | 2025-10-31T12:30:20Z | 2025-10-31T12:30:20Z |
| ghsa-j67p-5mwc-frf9 | Therefore Corporation GmbH has recently become aware that Therefore™ Online and Therefore™ On-Premi… | 2025-10-31T12:30:20Z | 2025-10-31T12:30:20Z |
| ghsa-xc8j-5rr8-8q9r | The Zombify plugin for WordPress is vulnerable to Path Traversal in all versions up to, and includi… | 2025-10-31T09:30:26Z | 2025-10-31T09:30:26Z |
| ghsa-rhr5-9wg9-p26f | Malicious or unintentional API requests can be used to add significant amount of data to caches. Ca… | 2025-10-31T09:30:26Z | 2025-10-31T09:30:26Z |
| ghsa-m8cc-f2ff-3f7p | The Depicter plugin for WordPress is vulnerable to Cross-Site Request Forgery in versions less than… | 2025-10-31T09:30:26Z | 2025-10-31T09:30:26Z |
| ghsa-fgmm-c43r-4vvc | The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing … | 2025-10-31T09:30:26Z | 2025-10-31T09:30:26Z |
| ghsa-8mr7-33q4-78g5 | Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability … | 2025-10-31T09:30:26Z | 2025-10-31T09:30:26Z |
| ghsa-7p8g-rr59-8pqg | Malicious content from E-Mail can be used to perform a redressing attack. Users can be tricked to p… | 2025-10-31T09:30:26Z | 2025-10-31T09:30:26Z |
| ghsa-4qw6-7g5m-4mvh | The OOPSpam Anti-Spam: Spam Protection for WordPress Forms & Comments (No CAPTCHA) plugin for WordP… | 2025-10-31T09:30:26Z | 2025-10-31T09:30:26Z |
| ghsa-3h2w-68px-r4v5 | Sensitive data exposure via logging in basic-auth leads to plaintext usernames and passwords writte… | 2025-10-31T09:30:26Z | 2025-10-31T15:30:31Z |
| ghsa-396v-898v-98hg | When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, … | 2025-10-31T09:30:26Z | 2025-11-05T00:31:32Z |
| ghsa-q9wg-xwhc-4j78 | The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugi… | 2025-10-31T09:30:25Z | 2025-10-31T09:30:25Z |
| ghsa-mw5m-g282-gj23 | The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versio… | 2025-10-31T09:30:25Z | 2025-10-31T09:30:25Z |
| ghsa-jf8h-fgvq-gw78 | The WordPress User Extra Fields plugin for WordPress is vulnerable to arbitrary file deletion due t… | 2025-10-31T09:30:25Z | 2025-10-31T09:30:25Z |
| ghsa-hpv5-jh7r-pxpv | The Noo JobMonster theme for WordPress is vulnerable to Authentication Bypass in all versions up to… | 2025-10-31T09:30:25Z | 2025-10-31T09:30:25Z |
| ghsa-97w9-v595-3h5q | cryptidy allows code execution via untrusted data due to pickle.loads | 2025-10-31T09:30:25Z | 2025-10-31T17:56:11Z |
| ghsa-mg9h-26fx-x4qq | FutureNet MA and IP-K series provided by Century Systems Co., Ltd. put the firmware version and the… | 2025-10-31T06:33:21Z | 2025-10-31T06:33:21Z |
| ghsa-7gxx-5pqg-v8f2 | The RealPress WordPress plugin before 1.1.0 registers the REST routes without proper permission ch… | 2025-10-31T06:33:21Z | 2025-10-31T15:30:31Z |
| ghsa-3j9x-gm2x-f8f7 | FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain an OS command Injection … | 2025-10-31T06:33:21Z | 2025-10-31T06:33:21Z |
| ghsa-xvmm-73h6-8xgf | The Qzzr Shortcode Plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'qzzr'… | 2025-10-31T03:30:23Z | 2025-10-31T03:30:23Z |
| ghsa-pj6p-fx56-wq5h | QLowEnergyController in Qt before 6.8.2 mishandles malformed Bluetooth ATT commands, leading to an … | 2025-10-31T03:30:23Z | 2025-10-31T03:30:23Z |
| ghsa-383x-8v44-m82q | The FuseWP – WordPress User Sync to Email List & Marketing Automation (Mailchimp, Constant Contact,… | 2025-10-31T03:30:23Z | 2025-10-31T03:30:23Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-12460 | 5.3 (v4.0) | Stored XSS vulnerability in Afterlogic Aurora webmail |
Afterlogic |
Aurora |
2025-10-31T13:53:58.574Z | 2025-10-31T14:09:59.967Z |
| cve-2025-12521 | Analytify Pro <= 7.0.3 - Unauthenticated Information E… |
Analytify |
Analytify Pro |
2025-10-31T13:48:35.882Z | 2025-11-03T14:22:19.957Z | |
| cve-2025-64386 | 7.7 (v4.0) | HIJACKING OF THE TOKEN AND GAINING ACCESS |
Circutor |
TCPRS1plus |
2025-10-31T13:42:32.743Z | 2025-11-03T15:51:03.421Z |
| cve-2025-36249 | 3.7 (v3.1) | IBM Jazz for Service Management is vulnerable to "filt… |
IBM |
Jazz for Service Management |
2025-10-31T13:05:32.799Z | 2025-10-31T13:43:40.821Z |
| cve-2025-33003 | 7.8 (v3.1) | IBM InfoSphere Information Server is vulnerable to pri… |
IBM |
InfoSphere Information Server |
2025-10-31T13:04:31.204Z | 2025-11-01T03:55:53.966Z |
| cve-2024-13992 | 5.1 (v4.0) | Nagios XI < 2024R1.1 XSS via Missing Page / 404 |
Nagios |
XI |
2025-10-31T12:35:56.137Z | 2025-10-31T14:12:56.713Z |
| cve-2025-4952 | 6.8 (v4.0) | Denial-of-service vulnerability in ESET security produ… |
ESET |
ESET NOD32 Antivirus |
2025-10-31T12:28:15.267Z | 2025-10-31T14:18:16.911Z |
| cve-2025-58149 | N/A | Incorrect removal of permissions on PCI device unplug |
Xen |
Xen |
2025-10-31T11:50:39.536Z | 2025-11-04T21:13:31.524Z |
| cve-2025-58148 | N/A | x86: Incorrect input sanitisation in Viridian hypercalls |
Xen |
Xen |
2025-10-31T11:50:28.407Z | 2025-11-04T21:13:30.190Z |
| cve-2025-58147 | N/A | x86: Incorrect input sanitisation in Viridian hypercalls |
Xen |
Xen |
2025-10-31T11:50:28.282Z | 2025-11-04T21:13:28.853Z |
| cve-2025-64368 | N/A | WordPress Bard theme <= 1.6 - Cross Site Request Forge… |
Mikado-Themes |
Bard |
2025-10-31T11:42:40.843Z | 2025-11-13T10:33:49.929Z |
| cve-2025-64367 | N/A | WordPress Groundhogg plugin <= 4.2.6 - Cross Site Scri… |
Adrian Tobey |
Groundhogg |
2025-10-31T11:42:40.076Z | 2025-11-13T10:33:49.935Z |
| cve-2025-64366 | N/A | WordPress MasterStudy LMS plugin <= 3.6.27 - SQL Injec… |
Stylemix |
MasterStudy LMS |
2025-10-31T11:42:39.301Z | 2025-11-13T10:33:49.936Z |
| cve-2025-64365 | N/A | WordPress Ohio Extra plugin <= 3.6.0 - Cross Site Scri… |
colabrio |
Ohio Extra |
2025-10-31T11:42:38.588Z | 2025-11-13T10:33:49.895Z |
| cve-2025-64364 | N/A | WordPress Masterstudy theme < 4.8.126 - Local File Inc… |
StylemixThemes |
Masterstudy |
2025-10-31T11:42:37.865Z | 2025-11-13T10:33:49.921Z |
| cve-2025-64363 | N/A | WordPress Kleo theme < 5.5.0 - Local File Inclusion vu… |
SeventhQueen |
Kleo |
2025-10-31T11:42:37.131Z | 2025-11-13T10:33:49.915Z |
| cve-2025-64362 | N/A | WordPress K Elements plugin < 5.5.0 - Cross Site Scrip… |
SeventhQueen |
K Elements |
2025-10-31T11:42:36.419Z | 2025-11-13T10:33:49.915Z |
| cve-2025-64361 | N/A | WordPress Consulting Elementor Widgets plugin <= 1.4.2… |
StylemixThemes |
Consulting Elementor Widgets |
2025-10-31T11:42:33.072Z | 2025-11-13T10:33:49.931Z |
| cve-2025-64360 | N/A | WordPress Consulting Elementor Widgets plugin <= 1.4.2… |
StylemixThemes |
Consulting Elementor Widgets |
2025-10-31T11:42:32.330Z | 2025-11-13T10:33:49.917Z |
| cve-2025-64359 | N/A | WordPress Consulting theme < 6.7.5 - Local File Inclus… |
StylemixThemes |
Consulting |
2025-10-31T11:42:31.602Z | 2025-11-13T10:33:49.693Z |
| cve-2025-64358 | N/A | WordPress Smart Coupons for WooCommerce plugin <= 2.2.… |
WebToffee |
Smart Coupons for WooCommerce |
2025-10-31T11:42:28.439Z | 2025-11-13T10:33:49.682Z |
| cve-2025-64357 | N/A | WordPress Advanced Database Cleaner plugin <= 3.1.6 - … |
Younes JFR. |
Advanced Database Cleaner |
2025-10-31T11:42:27.627Z | 2025-11-13T10:33:49.623Z |
| cve-2025-64356 | N/A | WordPress Insert PHP Code Snippet plugin <= 1.4.3 - Br… |
f1logic |
Insert PHP Code Snippet |
2025-10-31T11:42:26.908Z | 2025-11-13T10:33:49.626Z |
| cve-2025-64354 | N/A | WordPress Gutenberg plugin <= 21.8.2 - Cross Site Scri… |
Matias Ventura |
Gutenberg |
2025-10-31T11:42:26.178Z | 2025-11-13T10:33:49.515Z |
| cve-2025-64353 | N/A | WordPress Polylang plugin <= 3.7.3 - Deserialization o… |
Chouby |
Polylang |
2025-10-31T11:42:25.417Z | 2025-11-13T10:33:49.498Z |
| cve-2025-64352 | N/A | WordPress Essential Addons for Elementor plugin <= 6.2… |
WPDeveloper |
Essential Addons for Elementor |
2025-10-31T11:42:23.045Z | 2025-11-13T10:33:49.526Z |
| cve-2025-64351 | N/A | WordPress Rank Math SEO plugin <= 1.0.252.1 - Sensitiv… |
Rank Math SEO |
Rank Math SEO |
2025-10-31T11:42:22.226Z | 2025-11-13T10:33:49.501Z |
| cve-2025-64350 | N/A | WordPress Rank Math SEO plugin <= 1.0.252.1 - Broken A… |
Rank Math SEO |
Rank Math SEO |
2025-10-31T11:42:17.908Z | 2025-11-13T10:33:49.500Z |
| cve-2025-40603 | N/A | A potential exposure of sensitive information in … |
SonicWall |
SMA100 |
2025-10-31T11:01:35.618Z | 2025-10-31T18:53:53.156Z |
| cve-2025-11602 | 6.3 (v4.0) | Untargeted information leak in Bolt protocol handshake |
neo4j |
Enterprise Edition |
2025-10-31T10:20:17.254Z | 2025-10-31T11:37:44.777Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-12464 | 6.2 (v3.1) | Qemu-kvm: stack buffer overflow in e1000 device via sh… |
|
|
2025-10-31T21:15:48.885Z | 2025-11-12T10:12:25.796Z |
| cve-2025-63563 | N/A | Summer Pearl Group Vacation Rental Management Pla… |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-11-03T20:44:50.827Z |
| cve-2025-63562 | Summer Pearl Group Vacation Rental Management Pla… |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-10-31T19:59:16.652Z | |
| cve-2025-63561 | Summer Pearl Group Vacation Rental Management Pla… |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-10-31T20:08:45.140Z | |
| cve-2025-60711 | 6.3 (v3.1) | Microsoft Edge (Chromium-based) Remote Code Execution … |
Microsoft |
Microsoft Edge (Chromium-based) |
2025-10-31T19:29:01.444Z | 2025-11-04T20:04:01.282Z |
| cve-2025-10693 | 7.6 (v4.0) | Silicon Labs Z-Wave PIR Sensor Joins Network as Non-Secure |
silabs.com |
Silicon Labs Z-Wave SDK |
2025-10-31T19:20:16.031Z | 2025-10-31T19:54:55.313Z |
| cve-2025-64349 | ELOG user profile missing authorization |
ELOG |
ELOG |
2025-10-31T18:31:42.904Z | 2025-10-31T18:31:42.904Z | |
| cve-2025-64348 | ELOG configuration file authorization bypass |
ELOG |
ELOG |
2025-10-31T18:31:21.412Z | 2025-11-04T15:58:49.177Z | |
| cve-2025-63458 | N/A | Tenda AX-1803 v1.0.0.1 was discovered to contain … |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-11-03T14:53:13.747Z |
| cve-2025-63454 | N/A | Tenda AX-3 v16.03.12.10_CN was discovered to cont… |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-11-03T14:53:20.710Z |
| cve-2025-62618 | ELOG file upload stored XSS |
ELOG |
ELOG |
2025-10-31T18:31:06.652Z | 2025-11-04T15:58:06.636Z | |
| cve-2025-62267 | 4.6 (v4.0) | Multiple cross-site scripting (XSS) vulnerabiliti… |
Liferay |
Portal |
2025-10-31T18:12:50.703Z | 2025-11-03T15:48:52.733Z |
| cve-2025-12547 | LogicalDOC Community Edition Admin Login login.jsp exc… |
LogicalDOC |
Community Edition |
2025-10-31T18:32:08.209Z | 2025-10-31T18:55:56.744Z | |
| cve-2025-12546 | LogicalDOC Community Edition API Key creation UI cross… |
LogicalDOC |
Community Edition |
2025-10-31T18:32:05.885Z | 2025-10-31T18:59:31.730Z | |
| cve-2025-63459 | N/A | Totolink A7000R v9.1.0u.6115_B20201022 was discov… |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-11-03T14:53:27.364Z |
| cve-2025-62264 | 5.1 (v4.0) | Reflected cross-site scripting (XSS) vulnerabilit… |
Liferay |
Portal |
2025-10-31T17:32:01.861Z | 2025-10-31T17:52:36.076Z |
| cve-2025-6075 | 1.8 (v4.0) | Quadratic complexity in os.path.expandvars() with user… |
Python Software Foundation |
CPython |
2025-10-31T16:41:34.983Z | 2025-10-31T17:55:40.240Z |
| cve-2025-63465 | N/A | Totolink LR350 v9.3.5u.6369_B20220309 was discove… |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-10-31T19:28:37.649Z |
| cve-2025-63464 | N/A | Totolink LR350 v9.3.5u.6369_B20220309 was discove… |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-10-31T19:29:37.021Z |
| cve-2025-63463 | N/A | Totolink LR350 v9.3.5u.6369_B20220309 was discove… |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-11-03T14:53:38.644Z |
| cve-2025-63462 | N/A | Totolink A7000R v9.1.0u.6115_B20201022 was discov… |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-11-03T14:53:45.168Z |
| cve-2025-63461 | N/A | Totolink A7000R v9.1.0u.6115_B20201022 was discov… |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-11-03T14:53:50.951Z |
| cve-2025-63460 | N/A | Totolink A7000R v9.1.0u.6115_B20201022 was discov… |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-11-03T14:53:32.996Z |
| cve-2025-59501 | 4.8 (v3.1) | Microsoft Configuration Manager Spoofing Vulnerability |
Microsoft |
Microsoft Configuration Manager |
2025-10-31T16:45:40.699Z | 2025-11-04T20:04:00.739Z |
| cve-2025-63469 | N/A | Totolink LR350 v9.3.5u.6369_B20220309 was discove… |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-10-31T19:30:24.977Z |
| cve-2025-63468 | N/A | Totolink LR350 v9.3.5u.6369_B20220309 was discove… |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-10-31T19:31:45.312Z |
| cve-2025-63467 | N/A | Totolink LR350 v9.3.5u.6369_B20220309 was discove… |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-11-03T14:54:03.833Z |
| cve-2025-63466 | N/A | Totolink LR350 v9.3.5u.6369_B20220309 was discove… |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-11-03T14:53:56.358Z |
| cve-2025-29270 | N/A | Incorrect access control in the realtime.cgi endp… |
n/a |
n/a |
2025-10-31T00:00:00.000Z | 2025-10-31T19:20:26.805Z |
| cve-2025-12554 | 6.9 (v4.0) | Missing Security Headers |
Azure Access Technology |
BLU-IC2 |
2025-10-31T15:52:29.049Z | 2025-10-31T17:43:18.158Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-188786 | Malicious code in postcss-proxima-eris-restart (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188785 | Malicious code in postcss-mongodb-astrometry-eslint-config (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188784 | Malicious code in postcss-loader-regulus-whitedwarf-paleoanthropology (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188783 | Malicious code in postcss-loader-prosthetics-loopback-javascript (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188782 | Malicious code in postcss-loader-oscillation-supervisor-stratigraphy (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188781 | Malicious code in postcss-loader-install-thuban-pipe (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188780 | Malicious code in postcss-loader-hapi-publish-event (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188779 | Malicious code in postcss-loader-ganymede-metalsmith-farout (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188778 | Malicious code in postcss-loader-bootes-dotenv-parse-variables-csv (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188777 | Malicious code in postcss-html-webpack-plugin-enif-ultra (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188776 | Malicious code in postcss-gammarayburst-whitedwarf-archaeoastronomy (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188775 | Malicious code in postcss-development-cosmogenic-mongodb (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188774 | Malicious code in postcss-babel-centauri-orbit (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188773 | Malicious code in postcss-ablation-hercules-darkmatter (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188772 | Malicious code in polaris-winston-cryonics-palynology (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188771 | Malicious code in polaris-wasat-grunt-puppeteer (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188770 | Malicious code in polaris-typeorm-carina-solarnebula (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188769 | Malicious code in polaris-stop-sails-antares (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188768 | Malicious code in polaris-solarnebula-equinox-heka (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188767 | Malicious code in polaris-publish-vortex-jekyll (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188766 | Malicious code in polaris-playwright-optimize-css-assets-webpack-plugin-hexo (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188765 | Malicious code in polaris-parcel-ora-quasar (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188764 | Malicious code in polaris-octans-bootstrap-bootstrap (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188763 | Malicious code in polaris-juno-taphonomy-membrane (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188762 | Malicious code in polaris-interferometry-sails-convict (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188761 | Malicious code in polaris-build-event-dotenv-parse-variables (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188760 | Malicious code in polaris-backend-rollup-asthenosphere (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188759 | Malicious code in polaris-asteroid-oscillation-australis (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188758 | Malicious code in pm2-gridsome-playwright-init (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188757 | Malicious code in pm2-dorado-lithosphere-gravitationalwave (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:8632 | Red Hat Security Advisory: buildah security update | 2025-06-09T02:29:48+00:00 | 2025-11-14T00:56:22+00:00 |
| rhsa-2025:8625 | Red Hat Security Advisory: perl-FCGI security update | 2025-06-09T02:21:18+00:00 | 2025-11-11T11:27:30+00:00 |
| rhsa-2025:8633 | Red Hat Security Advisory: skopeo security update | 2025-06-09T02:20:33+00:00 | 2025-11-14T00:56:23+00:00 |
| rhsa-2025:8629 | Red Hat Security Advisory: thunderbird security update | 2025-06-09T02:20:28+00:00 | 2025-11-06T23:42:58+00:00 |
| rhsa-2025:8628 | Red Hat Security Advisory: thunderbird security update | 2025-06-09T01:57:28+00:00 | 2025-11-06T23:42:58+00:00 |
| rhsa-2025:8627 | Red Hat Security Advisory: mod_security security update | 2025-06-09T01:45:48+00:00 | 2025-11-11T12:35:14+00:00 |
| rhsa-2025:8626 | Red Hat Security Advisory: mod_security security update | 2025-06-09T01:43:03+00:00 | 2025-11-11T12:35:09+00:00 |
| rhsa-2025:8615 | Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Container Release Update | 2025-06-05T20:49:32+00:00 | 2025-11-14T00:56:22+00:00 |
| rhsa-2025:8607 | Red Hat Security Advisory: thunderbird security update | 2025-06-05T19:02:19+00:00 | 2025-11-06T23:42:58+00:00 |
| rhsa-2025:8601 | Red Hat Security Advisory: gvisor-tap-vsock security update | 2025-06-05T18:28:55+00:00 | 2025-11-14T00:56:22+00:00 |
| rhsa-2025:8609 | Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.4 Product Security and Bug Fix Update | 2025-06-05T17:42:24+00:00 | 2025-10-28T02:02:17+00:00 |
| rhsa-2025:8608 | Red Hat Security Advisory: thunderbird security update | 2025-06-05T17:16:29+00:00 | 2025-11-06T23:42:58+00:00 |
| rhsa-2025:8605 | Red Hat Security Advisory: mod_security security update | 2025-06-05T16:09:49+00:00 | 2025-11-11T12:35:09+00:00 |
| rhsa-2025:8600 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-06-05T12:49:14+00:00 | 2025-11-06T23:15:41+00:00 |
| rhsa-2025:8599 | Red Hat Security Advisory: thunderbird security update | 2025-06-05T12:34:03+00:00 | 2025-11-06T23:43:02+00:00 |
| rhsa-2025:8598 | Red Hat Security Advisory: thunderbird security update | 2025-06-05T12:26:23+00:00 | 2025-11-06T23:42:57+00:00 |
| rhsa-2025:8594 | Red Hat Security Advisory: thunderbird security update | 2025-06-05T10:59:03+00:00 | 2025-11-06T23:15:41+00:00 |
| rhsa-2025:8303 | Red Hat Security Advisory: OpenShift Container Platform 4.12.77 bug fix and security update | 2025-06-05T09:36:03+00:00 | 2025-11-06T22:36:02+00:00 |
| rhsa-2025:8265 | Red Hat Security Advisory: Red Hat build of Cryostat 4.0.1: new RHEL 9 container image security update | 2025-06-05T02:19:45+00:00 | 2025-11-11T16:22:04+00:00 |
| rhsa-2025:8551 | Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.14.18 Bug Fix Update | 2025-06-04T22:58:41+00:00 | 2025-11-13T17:27:01+00:00 |
| rhsa-2025:8550 | Red Hat Security Advisory: varnish security update | 2025-06-04T22:28:02+00:00 | 2025-11-06T23:42:57+00:00 |
| rhsa-2025:8542 | Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.13.3 fixes and container updates | 2025-06-04T21:17:49+00:00 | 2025-11-13T23:02:07+00:00 |
| rhsa-2025:8544 | Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.15.14 Bug Fix Update | 2025-06-04T20:11:19+00:00 | 2025-11-13T23:02:07+00:00 |
| rhsa-2025:8541 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-06-04T19:44:32+00:00 | 2025-11-06T23:15:40+00:00 |
| rhsa-2025:8540 | Red Hat Security Advisory: Red Hat Developer Hub 1.5.2 release. | 2025-06-04T18:39:35+00:00 | 2025-11-06T22:02:41+00:00 |
| rhsa-2025:8539 | Red Hat Security Advisory: containernetworking-plugins security update | 2025-06-04T18:10:26+00:00 | 2025-11-14T00:56:22+00:00 |
| rhsa-2025:8534 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-06-04T17:31:16+00:00 | 2025-11-06T23:15:40+00:00 |
| rhsa-2025:8532 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-06-04T17:29:26+00:00 | 2025-11-06T23:15:40+00:00 |
| rhsa-2025:8533 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-06-04T17:29:11+00:00 | 2025-11-06T23:15:40+00:00 |
| rhsa-2025:8530 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-06-04T16:56:31+00:00 | 2025-11-06T23:15:39+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2025-21812 | ax25: rcu protect dev->ax25_ptr | 2025-02-02T00:00:00.000Z | 2025-09-04T02:45:19.000Z |
| msrc_cve-2025-21811 | nilfs2: protect access to buffers with no active references | 2025-02-02T00:00:00.000Z | 2025-05-05T00:00:00.000Z |
| msrc_cve-2025-21801 | net: ravb: Fix missing rtnl lock in suspend/resume path | 2025-02-02T00:00:00.000Z | 2025-09-03T23:13:25.000Z |
| msrc_cve-2025-21796 | nfsd: clear acl_access/acl_default after releasing them | 2025-02-02T00:00:00.000Z | 2025-05-05T00:00:00.000Z |
| msrc_cve-2025-21794 | HID: hid-thrustmaster: fix stack-out-of-bounds read in usb_check_int_endpoints() | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21793 | spi: sn-f-ospi: Fix division by zero | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21792 | ax25: Fix refcount leak caused by setting SO_BINDTODEVICE sockopt | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21791 | vrf: use RCU protection in l3mdev_l3_out() | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21790 | vxlan: check vxlan_vnigroup_init() return value | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21789 | LoongArch: csum: Fix OoB access in IP checksum code for negative lengths | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21787 | team: better TEAM_OPTION_TYPE_STRING validation | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21786 | workqueue: Put the pwq after detaching the rescuer from the pool | 2025-02-02T00:00:00.000Z | 2025-09-04T02:25:22.000Z |
| msrc_cve-2025-21785 | arm64: cacheinfo: Avoid out-of-bounds write to cacheinfo array | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21783 | gpiolib: Fix crash on error in gpiochip_get_ngpios() | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21782 | orangefs: fix a oob in orangefs_debug_write | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21780 | drm/amdgpu: avoid buffer overflow attach in smu_sys_set_pp_table() | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21779 | KVM: x86: Reject Hyper-V's SEND_IPI hypercalls if local APIC isn't in-kernel | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21776 | USB: hub: Ignore non-compliant devices with too many configs or interfaces | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21775 | can: ctucanfd: handle skb allocation failure | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21773 | can: etas_es58x: fix potential NULL pointer dereference on udev->serial | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21768 | net: ipv6: fix dst ref loops in rpl, seg6 and ioam6 lwtunnels | 2025-02-02T00:00:00.000Z | 2025-09-03T22:19:50.000Z |
| msrc_cve-2025-21764 | ndisc: use RCU protection in ndisc_alloc_skb() | 2025-02-02T00:00:00.000Z | 2025-05-05T00:00:00.000Z |
| msrc_cve-2025-21763 | neighbour: use RCU protection in __neigh_notify() | 2025-02-02T00:00:00.000Z | 2025-05-05T00:00:00.000Z |
| msrc_cve-2025-21762 | arp: use RCU protection in arp_xmit() | 2025-02-02T00:00:00.000Z | 2025-05-05T00:00:00.000Z |
| msrc_cve-2025-21761 | openvswitch: use RCU protection in ovs_vport_cmd_fill_info() | 2025-02-02T00:00:00.000Z | 2025-05-05T00:00:00.000Z |
| msrc_cve-2025-21760 | ndisc: extend RCU protection in ndisc_send_skb() | 2025-02-02T00:00:00.000Z | 2025-05-05T00:00:00.000Z |
| msrc_cve-2025-21759 | ipv6: mcast: extend RCU protection in igmp6_send() | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2025-21756 | vsock: Keep the binding until socket destruction | 2025-02-02T00:00:00.000Z | 2025-05-05T00:00:00.000Z |
| msrc_cve-2025-21753 | btrfs: fix use-after-free when attempting to join an aborted transaction | 2025-02-02T00:00:00.000Z | 2025-05-05T00:00:00.000Z |
| msrc_cve-2025-21749 | net: rose: lock the socket in rose_bind() | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2016-000057 | Multiple shiro8 Co., Ltd. freearea_ addition_plugins for EC-CUBE vulnerable to cross-site scripting | 2016-04-26T14:18+09:00 | 2016-05-25T17:48+09:00 |
| jvndb-2016-000052 | EC-CUBE fails to restrict access permissions | 2016-04-26T13:56+09:00 | 2016-05-31T17:41+09:00 |
| jvndb-2016-000051 | EC-CUBE fails to restrict access permissions | 2016-04-26T13:56+09:00 | 2016-05-31T17:41+09:00 |
| jvndb-2016-000056 | kintone mobile for Android fails to verify SSL server certificates | 2016-04-25T15:36+09:00 | 2017-05-23T14:28+09:00 |
| jvndb-2016-000055 | kintone mobile for Android information management vulnerability | 2016-04-25T15:35+09:00 | 2016-06-01T16:21+09:00 |
| jvndb-2016-000054 | Electron may insecurely load Node modules | 2016-04-22T13:49+09:00 | 2016-06-01T15:56+09:00 |
| jvndb-2016-000050 | Photopt App fails to verify SSL server certificates | 2016-04-19T13:44+09:00 | 2017-05-23T14:28+09:00 |
| jvndb-2016-000049 | Tokyo Star bank App fails to verify SSL server certificates | 2016-04-13T14:30+09:00 | 2017-05-23T14:28+09:00 |
| jvndb-2016-000048 | EC-CUBE plugin "Social-button Plugin Premium" and "Social-button Plugin" vulnerable to cross-site scripting | 2016-04-08T12:31+09:00 | 2016-05-06T16:13+09:00 |
| jvndb-2016-000045 | baserCMS plugin "Casebook Plugin" vulnerable to cross-site request forgery | 2016-04-06T15:29+09:00 | 2016-04-08T16:51+09:00 |
| jvndb-2016-000044 | baserCMS plugin "Casebook Plugin" vulnerable to cross-site scripting | 2016-04-06T15:29+09:00 | 2016-04-08T16:51+09:00 |
| jvndb-2016-000043 | baserCMS plugin "Menubook Plugin" vulnerable to cross-site request forgery | 2016-04-06T15:29+09:00 | 2016-04-08T16:51+09:00 |
| jvndb-2016-000042 | baserCMS plugin "Menubook Plugin" vulnerable to cross-site scripting | 2016-04-06T15:29+09:00 | 2016-04-08T16:51+09:00 |
| jvndb-2016-000041 | baserCMS plugin "Recruit Plugin" vulnerable to cross-site request forgery | 2016-04-06T15:29+09:00 | 2016-04-08T16:51+09:00 |
| jvndb-2016-000040 | baserCMS plugin "Recruit Plugin" vulnerable to cross-site scripting | 2016-04-06T15:29+09:00 | 2016-04-08T16:51+09:00 |
| jvndb-2016-000039 | AQUOS Photo Player HN-PP150 vulnerable to cross-site request forgery | 2016-04-04T15:30+09:00 | 2016-04-07T12:05+09:00 |
| jvndb-2016-000038 | ActiveX control for EVA Animator vulnerable to buffer overflow | 2016-04-04T15:30+09:00 | 2016-04-20T09:38+09:00 |
| jvndb-2016-000037 | WisePoint contains issue in preventing clickjacking attacks | 2016-04-04T15:30+09:00 | 2016-04-07T12:05+09:00 |
| jvndb-2016-000036 | Aterm WG300HP vulnerable to cross-site request forgery | 2016-03-30T14:49+09:00 | 2016-04-18T15:41+09:00 |
| jvndb-2016-000035 | Aterm WF800HP vulnerable to cross-site request forgery | 2016-03-30T14:49+09:00 | 2016-04-18T15:42+09:00 |
| jvndb-2016-000034 | WordPress plugin "WP Favorite Posts" vulnerable to cross-site scripting | 2016-03-24T12:28+09:00 | 2016-03-29T15:40+09:00 |
| jvndb-2016-001559 | Information Disclosure Vulnerability in Hitachi Compute Systems Manager | 2016-03-07T17:00+09:00 | 2016-03-31T17:50+09:00 |
| jvndb-2016-000032 | Multiple Corega wireless LAN routers vulnerable to cross-site request forgery | 2016-03-02T14:52+09:00 | 2016-03-16T13:46+09:00 |
| jvndb-2016-001472 | Remote File Inclusion Vulnerability in Hitachi Command Suite | 2016-02-25T16:09+09:00 | 2016-09-14T18:18+09:00 |
| jvndb-2016-000031 | Log-Chat vulnerable to cross-site scripting | 2016-02-22T14:56+09:00 | 2016-02-25T15:10+09:00 |
| jvndb-2016-000029 | LINE for Windows and LINE for Mac OS vulnerable to denial-of-service (DoS) | 2016-02-19T14:43+09:00 | 2016-03-10T17:39+09:00 |
| jvndb-2016-000027 | EC-CUBE plugin "Help plug-in" vulnerable to SQL injection | 2016-02-19T14:42+09:00 | 2016-03-03T17:51+09:00 |
| jvndb-2016-000030 | baserCMS vulnerable to OS command injection | 2016-02-19T14:39+09:00 | 2016-03-07T15:51+09:00 |
| jvndb-2016-000028 | Internet Explorer cross-domain policy bypass | 2016-02-19T14:39+09:00 | 2016-02-23T11:23+09:00 |
| jvndb-2016-000026 | Cybozu Office vulnerable to cross-site scripting | 2016-02-15T16:21+09:00 | 2016-06-06T15:00+09:00 |
| ID | Description | Updated |
|---|