Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-3ph4-2g83-q4c3 | Nagios XI versions prior to 5.7.5 contain a SQL injection vulnerability in the SNMP Trap Interface … | 2025-10-31T00:30:32Z | 2025-11-05T18:31:30Z |
| ghsa-32f6-jrx4-x77h | Nagios XI versions prior to 5.8.7 used a temporary directory for Highcharts exports with overly per… | 2025-10-31T00:30:32Z | 2025-11-05T18:31:30Z |
| ghsa-2mjm-mg2q-7whf | The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.1.4 / Nagios XI 5.8.6 contains a… | 2025-10-31T00:30:32Z | 2025-11-06T18:32:46Z |
| ghsa-xjhg-wrcc-8945 | Nagios XI versions prior to 5.7.3 contain a privilege escalation vulnerability in the getprofile.sh… | 2025-10-31T00:30:31Z | 2025-11-05T18:31:30Z |
| ghsa-wr48-wpx9-wpm2 | Nagios Log Server versions prior to 2.1.6 contain cross-site scripting (XSS) vulnerabilities via th… | 2025-10-31T00:30:31Z | 2025-11-05T18:31:29Z |
| ghsa-vw36-82p7-rrqj | Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Reports inte… | 2025-10-31T00:30:31Z | 2025-11-05T18:31:29Z |
| ghsa-vf39-pr8x-483v | Nagios XI versions prior to 5.6.14 contain a post-authentication SQL injection vulnerability in the… | 2025-10-31T00:30:31Z | 2025-11-05T18:31:29Z |
| ghsa-vcfc-84hr-mgwm | Nagios Fusion versions prior to 4.0.1 are vulnerable to cross-site scripting (XSS) via the Users an… | 2025-10-31T00:30:31Z | 2025-11-06T18:32:45Z |
| ghsa-pxr6-fppq-v964 | Nagios XI versions prior to 5.2.4 contain a SQL injection vulnerability in the notification search … | 2025-10-31T00:30:31Z | 2025-11-05T18:31:29Z |
| ghsa-p5jq-6372-24j5 | The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.8 / Nagios XI 5.7.5 contains m… | 2025-10-31T00:30:31Z | 2025-11-06T18:32:46Z |
| ghsa-m82p-4hfp-2w2f | Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the Menu System … | 2025-10-31T00:30:31Z | 2025-11-05T18:31:29Z |
| ghsa-h6qp-2mv3-pxcp | Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting (XSS) via the BPI (Busines… | 2025-10-31T00:30:31Z | 2025-11-05T18:31:29Z |
| ghsa-h589-95j6-wh7x | Nagios XI versions prior to 5.6.11 contain unauthenticated vulnerabilities in the Highcharts local … | 2025-10-31T00:30:31Z | 2025-11-05T18:31:29Z |
| ghsa-gxg4-hv34-jxp7 | The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains m… | 2025-10-31T00:30:31Z | 2025-11-06T18:32:46Z |
| ghsa-gp22-rwrg-w6qp | Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting (XSS) via the background c… | 2025-10-31T00:30:31Z | 2025-11-05T18:31:29Z |
| ghsa-fjxm-h5hx-rv42 | Nagios Log Server versions prior to 1.4.2 are vulnerable to cross-site scripting (XSS) in the Dashb… | 2025-10-31T00:30:31Z | 2025-11-05T18:31:29Z |
| ghsa-fgw8-2xqf-m7qv | Nagios Fusion versions prior to 4.1.5 are vulnerable to cross-site scripting (XSS) via the "fusionw… | 2025-10-31T00:30:31Z | 2025-11-06T18:32:45Z |
| ghsa-fgmx-3f4x-8543 | Nagios XI versions prior to 2012R1.6 contain a shell command injection vulnerability in the Auto-Di… | 2025-10-31T00:30:31Z | 2025-11-06T18:32:45Z |
| ghsa-fg57-22r8-62fq | The Core Config Manager (CCM) in Nagios XI versions prior to CCM 3.0.7 / Nagios XI 5.7.4 contains m… | 2025-10-31T00:30:31Z | 2025-11-06T18:32:46Z |
| ghsa-cg42-mqc9-9fhp | Nagios XI versions prior to 5.5.7 contain a privilege escalation vulnerability in the MRTG graphing… | 2025-10-31T00:30:31Z | 2025-11-05T18:31:29Z |
| ghsa-c8w5-3w25-7r9c | Nagios XI versions prior to 5.7.2 are vulnerable to cross-site scripting (XSS) via the Manage Users… | 2025-10-31T00:30:31Z | 2025-11-06T21:31:19Z |
| ghsa-9f8q-34c7-3prr | Nagios XI versions prior to 5.6.14 contain an authenticated remote command execution vulnerability … | 2025-10-31T00:30:31Z | 2025-11-05T18:31:29Z |
| ghsa-89hr-pmwg-8fw2 | Nagios XI versions prior to 5.4.13 contain a remote code execution vulnerability in the Component D… | 2025-10-31T00:30:31Z | 2025-11-05T18:31:29Z |
| ghsa-6qrg-xqpq-vmx9 | Nagios XI versions prior to 5.7.2 allow PHP files to be uploaded to the Audio Import directory and … | 2025-10-31T00:30:31Z | 2025-11-05T18:31:29Z |
| ghsa-6pgf-38g2-8c2h | Nagios XI versions prior to 2012R2.6 are vulnerable to cross-site scripting (XSS) via the Tools Men… | 2025-10-31T00:30:31Z | 2025-11-06T18:32:45Z |
| ghsa-6p96-4pr7-737x | Nagios XI versions prior to 5.4.13 are vulnerable to cross-site scripting (XSS) via the Views page … | 2025-10-31T00:30:31Z | 2025-11-05T18:31:29Z |
| ghsa-2mqf-crhf-c264 | Nagios XI versions prior to 5.2.4 are vulnerable to cross-site scripting (XSS) via the “My Reports”… | 2025-10-31T00:30:31Z | 2025-11-05T18:31:29Z |
| ghsa-vxgw-44xc-h6c6 | Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the recurring… | 2025-10-31T00:30:30Z | 2025-11-06T15:31:02Z |
| ghsa-vwm3-9rh9-v735 | Nagios XI versions prior to 2012R1.6 contain an authorization flaw in the Auto-Discovery functional… | 2025-10-31T00:30:30Z | 2025-11-06T15:31:02Z |
| ghsa-vqcj-w8vp-2m7x | Nagios XI versions prior to 2011R1.9 are vulnerable to cross-site scripting (XSS) via the link-hand… | 2025-10-31T00:30:30Z | 2025-11-06T15:31:02Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2020-36865 | 5.1 (v4.0) | Nagios XI < 5.7.2 XSS via BPI Config Management |
Nagios |
XI |
2025-10-30T21:50:14.113Z | 2025-10-31T14:13:33.104Z |
| cve-2021-47696 | 5.1 (v4.0) | Nagios XI < 5.8.0 XSS via BPI Config ID Handling |
Nagios |
XI |
2025-10-30T21:49:49.447Z | 2025-10-31T13:55:12.351Z |
| cve-2023-7314 | 5.1 (v4.0) | Nagios XI < 5.11.3 XSS via Bandwidth Report |
Nagios |
XI |
2025-10-30T21:49:27.209Z | 2025-10-31T13:55:18.483Z |
| cve-2011-10036 | 5.1 (v4.0) | Nagios XI < 2011R1.9 XSS via backend_url JavaScript Li… |
Nagios |
XI |
2025-10-30T21:49:05.959Z | 2025-10-31T13:55:24.570Z |
| cve-2011-10039 | 5.1 (v4.0) | Nagios XI < 2011R1.9 XSS via Alert Heatmap Report & “M… |
Nagios |
XI |
2025-10-30T21:48:44.152Z | 2025-10-31T13:55:30.243Z |
| cve-2021-47699 | 5.1 (v4.0) | Nagios XI < 5.8.7 XSS in Audit Log via Send to NLS Form |
Nagios |
XI |
2025-10-30T21:48:05.631Z | 2025-10-31T13:55:35.903Z |
| cve-2023-53688 | 5.1 (v4.0) | Nagios XI < 5.11.3 XSS & CSRF via Hypermap Replay |
Nagios |
XI |
2025-10-30T21:47:42.470Z | 2025-10-31T13:22:57.676Z |
| cve-2023-7317 | 9.4 (v4.0) | Nagios XI < 2024R1 Web SSH Terminal Missing Access Control |
Nagios |
XI |
2025-10-30T21:47:19.903Z | 2025-10-31T13:23:05.947Z |
| cve-2020-36863 | 8.7 (v4.0) | Nagios XI < 5.7.2 Unrestricted File Upload via Audio I… |
Nagios |
XI |
2025-10-30T21:46:58.792Z | 2025-10-31T13:23:15.327Z |
| cve-2020-36862 | 6.9 (v4.0) | Nagios XI < 5.6.11 Unauthenticated XSS and SSRF via Hi… |
Nagios |
XI |
2025-10-30T21:46:37.314Z | 2025-10-31T13:23:22.228Z |
| cve-2022-50587 | 5.1 (v4.0) | Nagios XI < 5.8.9 Stored XSS via Command Names in Appl… |
Nagios |
XI |
2025-10-30T21:46:15.817Z | 2025-10-31T13:55:41.690Z |
| cve-2022-50586 | 5.1 (v4.0) | Nagios XI < 5.8.9 Stored XSS via BPI Info URL |
Nagios |
XI |
2025-10-30T21:45:53.493Z | 2025-10-31T13:55:47.451Z |
| cve-2022-50588 | 5.1 (v4.0) | Nagios XI < 5.8.9 Stored XSS in Update Checking |
Nagios |
XI |
2025-10-30T21:45:33.708Z | 2025-10-31T13:55:52.866Z |
| cve-2020-36869 | 8.7 (v4.0) | Nagios XI < 5.7.5 SQL injection via SNMP Trap Interfac… |
Nagios |
XI |
2025-10-30T21:45:10.468Z | 2025-10-31T13:23:30.086Z |
| cve-2016-15050 | 8.7 (v4.0) | Nagios XI < 5.2.4 SQL Injection in Notification Search |
Nagios |
XI |
2025-10-30T21:44:49.116Z | 2025-10-31T13:23:37.003Z |
| cve-2024-13996 | 9.2 (v4.0) | Nagios XI < 2024R1.1.3 Session Not Invalidated After P… |
Nagios |
XI |
2025-10-30T21:44:26.053Z | 2025-10-31T13:55:58.885Z |
| cve-2024-13993 | 5.1 (v4.0) | Nagios XI < 2024R1.1.2 Reflected XSS via Login Page on… |
Nagios |
XI |
2025-10-30T21:43:55.640Z | 2025-10-31T13:23:45.427Z |
| cve-2013-10071 | 5.1 (v4.0) | Nagios XI < 2012R1.6 Reflected XSS via Dashlet AJAX Lo… |
Nagios |
XI |
2025-10-30T21:43:34.559Z | 2025-10-31T13:23:53.753Z |
| cve-2024-14008 | 9.4 (v4.0) | Nagios XI < 2024R1.3.2 RCE via WinRM Configuration Wizard |
Nagios |
XI |
2025-10-30T21:43:07.355Z | 2025-10-31T13:24:00.739Z |
| cve-2025-34286 | 9.4 (v4.0) | Nagios XI < 2026R1 RCE via Run Check Command in CCM |
Nagios |
XI |
2025-10-30T21:42:44.052Z | 2025-10-31T13:24:10.001Z |
| cve-2024-14003 | 9.4 (v4.0) | Nagios XI < 2024R1.2 RCE via NRDP Server Plugins |
Nagios |
XI |
2025-10-30T21:42:19.225Z | 2025-10-31T13:24:16.576Z |
| cve-2025-34134 | 9.4 (v4.0) | Nagios XI < 2024R1.4.2 RCE via Business Process Intell… |
Nagios |
XI |
2025-10-30T21:41:58.188Z | 2025-10-31T13:24:24.573Z |
| cve-2011-10035 | 7.3 (v4.0) | Nagios XI < 2011R1.9 Race Conditions in Crontab Instal… |
Nagios |
XI |
2025-10-30T21:41:36.116Z | 2025-10-31T13:24:30.803Z |
| cve-2024-14009 | 9.4 (v4.0) | Nagios XI < 2024R1.0.1 Privilege Escalation via System… |
Nagios |
XI |
2025-10-30T21:41:13.594Z | 2025-10-31T13:24:39.298Z |
| cve-2024-14004 | 8.7 (v4.0) | Nagios XI < 2024R1.2 Privilege Escalation via NagVis C… |
Nagios |
XI |
2025-10-30T21:40:51.523Z | 2025-10-31T13:24:45.744Z |
| cve-2018-25123 | 8.5 (v4.0) | Nagios XI < 5.5.7 Privilege Escalation via MRTG Graphi… |
Nagios |
XI |
2025-10-30T21:40:26.892Z | 2025-10-31T13:24:53.962Z |
| cve-2020-36868 | 8.5 (v4.0) | Nagios XI < 5.7.3 Privilege escalation via Insecure ge… |
Nagios |
XI |
2025-10-30T21:40:03.387Z | 2025-10-31T13:24:59.886Z |
| cve-2025-34287 | 8.4 (v4.0) | Nagios XI < 2024R2 Privilege Escalation via process_pe… |
Nagios |
XI |
2025-10-30T21:39:43.482Z | 2025-10-31T13:56:07.335Z |
| cve-2025-34135 | 5.1 (v4.0) | Nagios XI < 2024R1.4.2 Overly Permissive Permissions o… |
Nagios |
XI |
2025-10-30T21:39:22.649Z | 2025-10-31T13:56:12.807Z |
| cve-2021-47700 | 8.5 (v4.0) | Nagios XI < 5.8.7 Insecure Permissions on Highcharts T… |
Nagios |
XI |
2025-10-30T21:39:02.693Z | 2025-10-31T13:25:10.658Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-52664 | SQL injection in Revive Adserver 6.0.0 causes pot… |
Revive |
Revive Adserver |
2025-10-30T23:29:22.906Z | 2025-11-03T17:44:56.120Z | |
| cve-2025-52663 | N/A | A vulnerability was identified in certain UniFi T… |
Ubiquiti Inc |
UniFi Talk Touch |
2025-10-30T23:30:28.298Z | 2025-11-03T15:36:24.687Z |
| cve-2025-48984 | N/A | A vulnerability allowing remote code execution (R… |
Veeam |
Backup and Replication |
2025-10-30T23:31:34.218Z | 2025-11-01T03:55:51.554Z |
| cve-2025-48983 | A vulnerability in the Mount service of Veeam Bac… |
Veeam |
Backup and Replication |
2025-10-30T23:33:01.993Z | 2025-11-01T03:55:50.741Z | |
| cve-2025-48982 | This vulnerability in Veeam Agent for Microsoft W… |
Veeam |
Agent for Microsoft Windows |
2025-10-30T23:33:01.695Z | 2025-11-01T03:55:49.438Z | |
| cve-2025-48980 | In Brave Browser Desktop versions prior to 1.83.1… |
Brave |
Desktop Browser |
2025-10-30T23:29:44.075Z | 2025-10-31T14:48:00.254Z | |
| cve-2025-27208 | A reflected Cross-Site Scripting (XSS) vulnerabil… |
Revive |
Revive Adserver |
2025-10-30T23:32:11.103Z | 2025-11-03T17:32:21.909Z | |
| cve-2025-34298 | 8.7 (v4.0) | Nagios Log Server < 2024R1.3.2 Set Email Privilege Esc… |
Nagios |
Log Server |
2025-10-30T21:25:52.056Z | 2025-10-31T17:40:32.919Z |
| cve-2025-34287 | 8.4 (v4.0) | Nagios XI < 2024R2 Privilege Escalation via process_pe… |
Nagios |
XI |
2025-10-30T21:39:43.482Z | 2025-10-31T13:56:07.335Z |
| cve-2025-34286 | 9.4 (v4.0) | Nagios XI < 2026R1 RCE via Run Check Command in CCM |
Nagios |
XI |
2025-10-30T21:42:44.052Z | 2025-10-31T13:24:10.001Z |
| cve-2025-34284 | 9.4 (v4.0) | Nagios XI < 2024R2 Authenticated Command Injection via… |
Nagios |
XI |
2025-10-30T21:30:19.179Z | 2025-10-31T15:05:49.240Z |
| cve-2025-34283 | 7.1 (v4.0) | Nagios XI < 2024R1.4.2 API Key Disclosure via Neptune Themes |
Nagios |
XI |
2025-10-30T21:29:37.293Z | 2025-10-31T15:06:58.704Z |
| cve-2025-34280 | 8.6 (v4.0) | Nagios Network Analyzer < 2024R2.0.1 RCE in LDAP Certi… |
Nagios |
Network Analyzer |
2025-10-30T21:27:41.203Z | 2025-10-31T15:10:43.481Z |
| cve-2025-34278 | 5.1 (v4.0) | Nagios Network Analyzer < 2024R1 Source Groups / Perce… |
Nagios |
Network Analyzer |
2025-10-30T21:28:11.933Z | 2025-10-31T15:10:10.830Z |
| cve-2025-34277 | 9.4 (v4.0) | Nagios Log Server < 2024R1.3.1 RCE via Malformed Dashb… |
Nagios |
Log Server |
2025-10-30T21:25:32.852Z | 2025-10-31T17:39:38.415Z |
| cve-2025-34274 | 9.3 (v4.0) | Nagios Log Server < 2024R2.0.3 Logstash Process Root P… |
Nagios |
Log Server |
2025-10-30T21:23:54.741Z | 2025-10-31T17:22:23.727Z |
| cve-2025-34273 | 7.1 (v4.0) | Nagios Log Server < 2024R2.0.3 Non-Admin Dashboard Deletion |
Nagios |
Log Server |
2025-10-30T21:24:43.451Z | 2025-10-31T17:24:00.208Z |
| cve-2025-34272 | 5.3 (v4.0) | Nagios Log Server < 2024R2.0.3 Non-Empty Default Dashb… |
Nagios |
Log Server |
2025-10-30T21:25:10.601Z | 2025-10-31T17:25:33.564Z |
| cve-2025-34271 | 8.7 (v4.0) | Nagios Log Server < 2024R2.0.2 Cluster Manager Credent… |
Nagios |
Log Server |
2025-10-30T21:22:51.043Z | 2025-10-31T15:14:30.335Z |
| cve-2025-34270 | 6.9 (v4.0) | Nagios Log Server < 2024R2.0.2 AD/LDAP Import Password… |
Nagios |
Log Server |
2025-10-30T21:22:28.949Z | 2025-10-31T15:15:43.748Z |
| cve-2025-34269 | N/A | {'providerMetadata': {'orgId': '83251b91-4cc7-4094-a5c7-464a1b83ea10', 'shortName': 'VulnCheck', 'dateUpdated': '2025-11-07T18:20:15.157Z'}, 'rejectedReasons': [{'lang': 'en', 'supportingMedia': [{'base64': False, 'type': 'text/html', 'value': 'This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2025-60424.'}], 'value': 'This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2025-60424.'}], 'replacedBy': ['CVE-2025-60424'], 'x_generator': {'engine': 'Vulnogram 0.1.0-dev'}} | N/A | N/A | 2025-10-30T21:19:26.752Z | 2025-11-07T18:20:15.157Z |
| cve-2025-34249 | N/A | {'providerMetadata': {'orgId': '83251b91-4cc7-4094-a5c7-464a1b83ea10', 'shortName': 'VulnCheck', 'dateUpdated': '2025-11-07T18:19:39.010Z'}, 'rejectedReasons': [{'lang': 'en', 'supportingMedia': [{'base64': False, 'type': 'text/html', 'value': 'This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2025-60425.'}], 'value': 'This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of\xa0CVE-2025-60425.'}], 'replacedBy': ['CVE-2025-60425'], 'x_generator': {'engine': 'Vulnogram 0.1.0-dev'}} | N/A | N/A | 2025-10-30T21:19:05.690Z | 2025-11-07T18:19:39.010Z |
| cve-2025-34135 | 5.1 (v4.0) | Nagios XI < 2024R1.4.2 Overly Permissive Permissions o… |
Nagios |
XI |
2025-10-30T21:39:22.649Z | 2025-10-31T13:56:12.807Z |
| cve-2025-34134 | 9.4 (v4.0) | Nagios XI < 2024R1.4.2 RCE via Business Process Intell… |
Nagios |
XI |
2025-10-30T21:41:58.188Z | 2025-10-31T13:24:24.573Z |
| cve-2024-58273 | 8.5 (v4.0) | Nagios Log Server < 2024R1.0.2 LPE from Apache/Backend… |
Nagios |
Log Server |
2025-10-30T21:24:15.621Z | 2025-10-31T17:23:05.220Z |
| cve-2024-58272 | N/A | {'providerMetadata': {'orgId': '83251b91-4cc7-4094-a5c7-464a1b83ea10', 'shortName': 'VulnCheck', 'dateUpdated': '2025-11-10T18:51:10.222Z'}, 'rejectedReasons': [{'lang': 'en', 'supportingMedia': [{'base64': False, 'type': 'text/html', 'value': 'This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of CVE-2023-7323.'}], 'value': 'This CVE ID has been rejected or withdrawn by its CVE Numbering Authority as it is a duplicate of\xa0CVE-2023-7323.'}], 'replacedBy': ['CVE-2023-7323'], 'x_generator': {'engine': 'Vulnogram 0.1.0-dev'}} | N/A | N/A | 2025-10-30T21:26:13.848Z | 2025-11-10T18:51:10.222Z |
| cve-2024-14009 | 9.4 (v4.0) | Nagios XI < 2024R1.0.1 Privilege Escalation via System… |
Nagios |
XI |
2025-10-30T21:41:13.594Z | 2025-10-31T13:24:39.298Z |
| cve-2024-14008 | 9.4 (v4.0) | Nagios XI < 2024R1.3.2 RCE via WinRM Configuration Wizard |
Nagios |
XI |
2025-10-30T21:43:07.355Z | 2025-10-31T13:24:00.739Z |
| cve-2024-14006 | 8.8 (v4.0) | Nagios XI < 2024R1.2.2 Host Header Injection |
Nagios |
XI |
2025-10-30T21:38:42.351Z | 2025-10-31T13:25:16.804Z |
| cve-2024-14005 | 9.4 (v4.0) | Nagios XI < 2024R1.2 Command Injection via Docker Wizard |
Nagios |
XI |
2025-10-30T21:37:28.667Z | 2025-10-31T13:25:31.802Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-188671 | Malicious code in phoebe-global-google-yakutsk (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188670 | Malicious code in phoebe-cosmicweb-meteor-install (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188669 | Malicious code in phoebe-coronalmassejection-lightyear-jupiter (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188668 | Malicious code in phoebe-borealis-vuepress-coronalmassejection (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188667 | Malicious code in phoebe-betelgeuse-sadr-miranda (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188666 | Malicious code in phi-void-long-reject-import (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188665 | Malicious code in phi-transpile-delta-table-unix (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188664 | Malicious code in phi-shell-old-old-pi (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188663 | Malicious code in phi-secure-deploy-air-finally (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188662 | Malicious code in phi-private-async-earth-xi (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188661 | Malicious code in phenomic-terser-markdown-archaeogenetics (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188660 | Malicious code in phenomic-superposition-publish-fomalhaut (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188659 | Malicious code in phenomic-resolvers-node-config-postgres (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188658 | Malicious code in phenomic-prettier-stylelint-development-library (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188657 | Malicious code in phenomic-paleoclimatology-slidev-websockets (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188656 | Malicious code in phenomic-metalsmith-neptune-fornax (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188655 | Malicious code in phenomic-mesosphere-multiverse-paleoecology (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188654 | Malicious code in phenomic-loopback-rigel-mechatronics (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188653 | Malicious code in phenomic-got-norma-gravity (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188652 | Malicious code in phenomic-google-antares-quark (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188651 | Malicious code in phenomic-gemini-adonis-neptune (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188650 | Malicious code in phenomic-avior-greatfilter-boson (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188649 | Malicious code in petrology-supercluster-relay-jasmine (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188648 | Malicious code in petrology-prettier-sirius-norma (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188647 | Malicious code in petrology-module-australis-apex (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188646 | Malicious code in petrology-galaxy-paleoecology-crust (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188645 | Malicious code in perturbation-thuban-neuromorphic-dynamo (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188644 | Malicious code in perturbation-technosignature-pino-cosmicsilence (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188643 | Malicious code in perturbation-stratigraphy-eslint-plugin-fusion (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188642 | Malicious code in perturbation-nextjs-singularity-gravitationalwave (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:8137 | Red Hat Security Advisory: kernel security update | 2025-05-26T10:37:18+00:00 | 2025-11-06T22:36:01+00:00 |
| rhsa-2025:8136 | Red Hat Security Advisory: python-tornado security update | 2025-05-26T10:11:57+00:00 | 2025-11-08T07:17:32+00:00 |
| rhsa-2025:8135 | Red Hat Security Advisory: python-tornado security update | 2025-05-26T09:43:42+00:00 | 2025-11-08T07:17:32+00:00 |
| rhsa-2025:8132 | Red Hat Security Advisory: libsoup security update | 2025-05-26T08:53:02+00:00 | 2025-11-06T23:15:35+00:00 |
| rhsa-2025:8131 | Red Hat Security Advisory: ruby security update | 2025-05-26T08:36:52+00:00 | 2025-11-06T23:35:11+00:00 |
| rhsa-2025:8126 | Red Hat Security Advisory: libsoup security update | 2025-05-26T06:45:51+00:00 | 2025-11-06T23:15:34+00:00 |
| rhsa-2025:8125 | Red Hat Security Advisory: firefox security update | 2025-05-26T01:29:01+00:00 | 2025-11-06T23:42:51+00:00 |
| rhsa-2025:8075 | Red Hat Security Advisory: osbuild-composer security update | 2025-05-21T15:37:30+00:00 | 2025-11-14T04:51:37+00:00 |
| rhsa-2025:7702 | Red Hat Security Advisory: OpenShift Container Platform 4.14.52 bug fix and security update | 2025-05-21T14:54:27+00:00 | 2025-11-14T04:51:35+00:00 |
| rhsa-2025:7698 | Red Hat Security Advisory: OpenShift Container Platform 4.15.51 bug fix and security update | 2025-05-21T14:00:14+00:00 | 2025-11-14T04:51:35+00:00 |
| rhsa-2025:7669 | Red Hat Security Advisory: OpenShift Container Platform 4.17.30 bug fix and security update | 2025-05-21T13:50:02+00:00 | 2025-11-14T04:51:35+00:00 |
| rhsa-2025:8066 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-05-21T08:38:44+00:00 | 2025-11-06T22:36:01+00:00 |
| rhsa-2025:8064 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-05-21T08:35:09+00:00 | 2025-11-06T22:36:00+00:00 |
| rhsa-2025:8063 | Red Hat Security Advisory: java-21-ibm-semeru-certified-jdk bug fix and enhancement update | 2025-05-21T08:33:14+00:00 | 2025-11-11T07:51:21+00:00 |
| rhsa-2025:8065 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-05-21T08:28:59+00:00 | 2025-11-06T22:36:01+00:00 |
| rhsa-2025:8060 | Red Hat Security Advisory: firefox security update | 2025-05-21T06:39:19+00:00 | 2025-11-06T23:42:51+00:00 |
| rhsa-2025:8059 | Red Hat Security Advisory: Red Hat OpenShift Data Foundation 4.17.7 Bug Fix Update | 2025-05-21T06:13:16+00:00 | 2025-11-14T04:51:37+00:00 |
| rhsa-2025:8058 | Red Hat Security Advisory: kernel security update | 2025-05-21T05:15:34+00:00 | 2025-11-06T23:35:11+00:00 |
| rhsa-2025:8057 | Red Hat Security Advisory: kernel-rt security update | 2025-05-21T01:15:28+00:00 | 2025-11-07T16:14:41+00:00 |
| rhsa-2025:8056 | Red Hat Security Advisory: kernel security update | 2025-05-21T00:56:54+00:00 | 2025-11-13T10:35:56+00:00 |
| rhsa-2025:8049 | Red Hat Security Advisory: firefox security update | 2025-05-20T19:02:03+00:00 | 2025-11-06T23:42:51+00:00 |
| rhsa-2025:8047 | Red Hat Security Advisory: unbound security update | 2025-05-20T17:29:01+00:00 | 2025-11-11T16:08:13+00:00 |
| rhsa-2025:7863 | Red Hat Security Advisory: OpenShift Container Platform 4.18.14 bug fix and security update | 2025-05-20T17:17:48+00:00 | 2025-11-14T04:51:37+00:00 |
| rhsa-2025:8046 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-05-20T14:35:58+00:00 | 2025-11-06T23:15:34+00:00 |
| rhsa-2025:7995 | Red Hat Security Advisory: webkit2gtk3 security update | 2025-05-19T18:29:10+00:00 | 2025-11-06T23:15:34+00:00 |
| rhsa-2025:7998 | Red Hat Security Advisory: Updated Red Hat OpenShift Dev Spaces 3 container images | 2025-05-19T16:24:24+00:00 | 2025-11-06T22:56:50+00:00 |
| rhsa-2025:7967 | Red Hat Security Advisory: osbuild-composer security update | 2025-05-19T09:52:50+00:00 | 2025-11-14T04:51:37+00:00 |
| rhsa-2025:7956 | Red Hat Security Advisory: kernel security update | 2025-05-19T09:46:59+00:00 | 2025-11-11T08:33:05+00:00 |
| rhsa-2025:7937 | Red Hat Security Advisory: compat-openssl11 security update | 2025-05-19T08:51:39+00:00 | 2025-11-06T21:44:13+00:00 |
| rhsa-2025:7903 | Red Hat Security Advisory: kernel security update | 2025-05-19T06:36:19+00:00 | 2025-11-11T16:17:55+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2024-57949 | irqchip/gic-v3-its: Don't enable interrupts in its_irq_set_vcpu_affinity() | 2025-02-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2024-57852 | firmware: qcom: scm: smc: Handle missing SCM device | 2025-02-02T00:00:00.000Z | 2025-09-03T22:03:50.000Z |
| msrc_cve-2024-57834 | media: vidtv: Fix a null-ptr-deref in vidtv_mux_stop_thread | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2024-57259 | sqfs_search_dir in Das U-Boot before 2025.01-rc1 exhibits an off-by-one error and resultant heap memory corruption for squashfs directory listing because the path separator is not considered in a size calculation. | 2025-02-02T00:00:00.000Z | 2025-09-04T04:14:59.000Z |
| msrc_cve-2024-57258 | Integer overflows in memory allocation in Das U-Boot before 2025.01-rc1 occur for a crafted squashfs filesystem via sbrk, via request2size, or because ptrdiff_t is mishandled on x86_64. | 2025-02-02T00:00:00.000Z | 2025-09-04T04:25:09.000Z |
| msrc_cve-2024-57257 | A stack consumption issue in sqfs_size in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with deep symlink nesting. | 2025-02-02T00:00:00.000Z | 2025-09-04T04:59:51.000Z |
| msrc_cve-2024-57256 | An integer overflow in ext4fs_read_symlink in Das U-Boot before 2025.01-rc1 occurs for zalloc (adding one to an le32 variable) via a crafted ext4 filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite. | 2025-02-02T00:00:00.000Z | 2025-09-03T22:38:00.000Z |
| msrc_cve-2024-57255 | An integer overflow in sqfs_resolve_symlink in Das U-Boot before 2025.01-rc1 occurs via a crafted squashfs filesystem with an inode size of 0xffffffff, resulting in a malloc of zero and resultant memory overwrite. | 2025-02-02T00:00:00.000Z | 2025-09-04T03:52:20.000Z |
| msrc_cve-2024-57254 | An integer overflow in sqfs_inode_size in Das U-Boot before 2025.01-rc1 occurs in the symlink size calculation via a crafted squashfs filesystem. | 2025-02-02T00:00:00.000Z | 2025-09-04T03:04:13.000Z |
| msrc_cve-2024-57075 | A prototype pollution in the lib.Logger function of eazy-logger v4.0.1 allows attackers to cause a Denial of Service (DoS) via supplying a crafted payload. | 2025-02-02T00:00:00.000Z | 2025-09-03T22:21:42.000Z |
| msrc_cve-2024-56171 | libxml2 before 2.12.10 and 2.13.x before 2.13.6 has a use-after-free in xmlSchemaIDCFillNodeTables and xmlSchemaBubbleIDCNodeTables in xmlschemas.c. To exploit this, a crafted XML document must be validated against an XML schema with certain identity constraints, or a crafted XML schema must be used. | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2024-54458 | scsi: ufs: bsg: Set bsg_queue to NULL after removal | 2025-02-02T00:00:00.000Z | 2025-04-09T00:00:00.000Z |
| msrc_cve-2024-53427 | decNumberCopy in decNumber.c in jq through 1.7.1 does not properly consider that NaN is interpreted as numeric, which has a resultant stack-based buffer overflow and out-of-bounds write, as demonstrated by use of --slurp with subtraction, such as a filter of .-. when the input has a certain form of digit string with NaN (e.g., "1 NaN123" immediately followed by many more digits). | 2025-02-02T00:00:00.000Z | 2025-03-18T00:00:00.000Z |
| msrc_cve-2024-52560 | fs/ntfs3: Mark inode as bad as soon as error detected in mi_enum_attr() | 2025-02-02T00:00:00.000Z | 2025-09-04T00:00:56.000Z |
| msrc_cve-2024-52559 | drm/msm/gem: prevent integer overflow in msm_ioctl_gem_submit() | 2025-02-02T00:00:00.000Z | 2025-09-03T21:03:12.000Z |
| msrc_cve-2024-50609 | An issue was discovered in Fluent Bit 3.1.9. When the OpenTelemetry input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_traces_proto_ng() at opentelemetry_prot.c. | 2025-02-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2024-50608 | An issue was discovered in Fluent Bit 3.1.9. When the Prometheus Remote Write input plugin is running and listening on an IP address and port, one can send a packet with Content-Length: 0 and it crashes the server. Improper handling of the case when Content-Length is 0 allows a user (with access to the endpoint) to perform a remote Denial of service attack. The crash happens because of a NULL pointer dereference when 0 (from the Content-Length) is passed to the function cfl_sds_len, which in turn tries to cast a NULL pointer into struct cfl_sds. This is related to process_payload_metrics_ng() at prom_rw_prot.c. | 2025-02-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2024-45783 | Grub2: fs/hfs+: refcount can be decremented twice | 2025-02-02T00:00:00.000Z | 2025-09-03T23:53:10.000Z |
| msrc_cve-2024-45781 | Grub2: fs/ufs: oob write in the heap | 2025-02-02T00:00:00.000Z | 2025-09-04T00:05:26.000Z |
| msrc_cve-2024-45777 | Grub2: grub-core/gettext: integer overflow leads to heap oob write. | 2025-02-02T00:00:00.000Z | 2025-09-03T22:49:56.000Z |
| msrc_cve-2024-45776 | Grub2: grub-core/gettext: integer overflow leads to heap oob write and read. | 2025-02-02T00:00:00.000Z | 2025-09-03T23:26:40.000Z |
| msrc_cve-2024-45775 | Grub2: commands/extcmd: missing check for failed allocation | 2025-02-02T00:00:00.000Z | 2025-09-03T23:39:00.000Z |
| msrc_cve-2024-45774 | Grub2: reader/jpeg: heap oob write during jpeg parsing | 2025-02-02T00:00:00.000Z | 2025-09-03T23:43:28.000Z |
| msrc_cve-2024-3220 | Default mimetype known files writeable on Windows | 2025-02-02T00:00:00.000Z | 2025-09-03T22:36:11.000Z |
| msrc_cve-2024-12797 | RFC7250 handshakes with unauthenticated servers don't abort as expected | 2025-02-02T00:00:00.000Z | 2025-03-14T00:00:00.000Z |
| msrc_cve-2024-12243 | Gnutls: gnutls impacted by inefficient der decoding in libtasn1 leading to remote dos | 2025-02-02T00:00:00.000Z | 2025-04-22T00:00:00.000Z |
| msrc_cve-2024-12133 | Libtasn1: inefficient der decoding in libtasn1 leading to potential remote dos | 2025-02-02T00:00:00.000Z | 2025-04-12T00:00:00.000Z |
| msrc_cve-2024-11831 | Npm-serialize-javascript: cross-site scripting (xss) in serialize-javascript | 2025-02-02T00:00:00.000Z | 2025-09-03T23:04:58.000Z |
| msrc_cve-2022-49728 | ipv6: Fix signed integer overflow in __ip6_append_data | 2025-02-02T00:00:00.000Z | 2025-09-03T21:32:44.000Z |
| msrc_cve-2022-49651 | srcu: Tighten cleanup_srcu_struct() GP checks | 2025-02-02T00:00:00.000Z | 2025-09-04T03:37:05.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2015-000133 | Koritore vulnerable to URL whitelist bypass | 2015-09-16T16:58+09:00 | 2015-10-02T17:22+09:00 |
| jvndb-2015-000132 | MEGAPHONE MUSIC vulnerable to URL whitelist bypass | 2015-09-16T16:58+09:00 | 2015-10-02T17:22+09:00 |
| jvndb-2015-000131 | Auction Camera vulnerable to URL whitelist bypass | 2015-09-16T16:58+09:00 | 2015-09-16T16:58+09:00 |
| jvndb-2015-000130 | applican vulnerable to URL whitelist bypass | 2015-09-16T16:58+09:00 | 2015-10-14T16:30+09:00 |
| jvndb-2015-000129 | PIXMA MG7500 Series vulnerable to cross-site request forgery | 2015-09-11T14:17+09:00 | 2015-09-15T17:17+09:00 |
| jvndb-2015-000116 | Japan Connected-free Wi-Fi vulnerable to script injection | 2015-09-11T14:17+09:00 | 2015-09-15T17:17+09:00 |
| jvndb-2015-000115 | Japan Connected-free Wi-Fi vulnerable to allow URL whitelist bypass | 2015-09-11T14:16+09:00 | 2016-05-27T14:32+09:00 |
| jvndb-2015-000127 | ELPhoneBtnV6 ActiveX control vulnerable to buffer overflow | 2015-09-07T13:38+09:00 | 2015-09-09T14:02+09:00 |
| jvndb-2015-000128 | OpenDocMan vulnerable to cross-site scripting | 2015-09-04T18:13+09:00 | 2015-09-09T14:02+09:00 |
| jvndb-2015-000125 | Apache Struts vulnerable to cross-site scripting | 2015-09-04T15:12+09:00 | 2017-10-02T12:08+09:00 |
| jvndb-2015-000124 | Apache Struts vulnerable to cross-site scripting | 2015-09-04T15:12+09:00 | 2015-12-25T13:45+09:00 |
| jvndb-2015-000301 | BBS X102 vulnerable to cross-site scripting | 2015-09-03T15:00+09:00 | 2015-09-09T14:02+09:00 |
| jvndb-2015-000302 | hitSuji (rktSNS2) vulnetable to cross-site scripting | 2015-09-03T14:46+09:00 | 2015-09-09T14:02+09:00 |
| jvndb-2015-000123 | NScripter vulnerable to buffer overflow | 2015-09-02T15:46+09:00 | 2015-09-09T14:02+09:00 |
| jvndb-2015-000121 | Twit BBS vulnerable to cross-site scripting | 2015-09-01T14:18+09:00 | 2015-09-09T14:02+09:00 |
| jvndb-2015-000120 | Rakuten card App for iOS fails to verify SSL server certificates | 2015-09-01T14:18+09:00 | 2018-03-14T12:30+09:00 |
| jvndb-2015-000122 | desknet's NEO vulnerable to directory traversal | 2015-09-01T12:36+09:00 | 2015-09-09T14:02+09:00 |
| jvndb-2015-000119 | File Encryption Software "ED" where encrypted data may be easier to decipher when files of small size are encrypted | 2015-08-27T15:03+09:00 | 2015-09-02T17:57+09:00 |
| jvndb-2015-000118 | Apache Tapestry deserializes untrusted data | 2015-08-20T15:53+09:00 | 2015-08-26T17:51+09:00 |
| jvndb-2015-000117 | Multiple I-O DATA LAN routers vulnerable in UPnP functionality | 2015-08-18T15:21+09:00 | 2015-08-28T17:29+09:00 |
| jvndb-2015-000114 | Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site request forgery | 2015-08-12T15:13+09:00 | 2015-08-26T17:28+09:00 |
| jvndb-2015-000113 | Photo Gallery CMS for PC, smartphone and feature phone (Free) vulnerable to cross-site scripting | 2015-08-12T15:13+09:00 | 2015-08-26T17:38+09:00 |
| jvndb-2015-000112 | Microsoft Office discloses a file path of a local file | 2015-08-12T15:13+09:00 | 2015-08-12T15:13+09:00 |
| jvndb-2015-000111 | Yodobashi App for Android fails to verify SSL server certificates | 2015-08-07T13:50+09:00 | 2018-04-04T12:28+09:00 |
| jvndb-2015-000110 | Yodobashi App for Android vulnerable to arbitrary Java method execution | 2015-08-07T13:50+09:00 | 2015-08-11T12:22+09:00 |
| jvndb-2015-000109 | yoyaku_v41 vulnerable to OS command injection | 2015-07-29T14:58+09:00 | 2015-07-30T15:14+09:00 |
| jvndb-2015-000108 | yoyaku_v41 vulnerable to authentication bypass | 2015-07-29T14:58+09:00 | 2015-07-30T15:14+09:00 |
| jvndb-2015-000107 | yoyaku_v41 vulnerable to arbitrary file creation | 2015-07-29T14:58+09:00 | 2015-07-30T15:14+09:00 |
| jvndb-2015-000106 | Gazou BBS plus vulnerability in file upload processing | 2015-07-28T13:47+09:00 | 2015-07-30T15:14+09:00 |
| jvndb-2014-007612 | Welcart vulnerable to SQL injection | 2015-07-24T14:52+09:00 | 2015-07-24T14:52+09:00 |
| ID | Description | Updated |
|---|