Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-2hvh-cw5c-8q8q | CKAN vulnerable to fixed session IDs | 2025-10-29T21:49:14Z | 2025-10-29T21:49:15Z |
| ghsa-3m8r-w7xg-jqvw | DNN Insufficient Access Control - Image Upload allows for Site Content Overwrite | 2025-10-29T21:48:52Z | 2025-10-29T21:48:52Z |
| ghsa-hmvq-8p83-cq52 | DNN vulnerable to stored cross-site-scripting (XSS) via SVG upload | 2025-10-29T21:47:49Z | 2025-10-29T21:47:49Z |
| ghsa-2374-6cvw-qmx6 | DNN CKEditor Provider allows unauthenticated upload out-of-the-box | 2025-10-29T21:44:28Z | 2025-10-29T21:44:28Z |
| ghsa-x73c-96p4-3xvv | Razer Synapse 3 RazerPhilipsHueUninstall Link Following Local Privilege Escalation Vulnerability. T… | 2025-10-29T21:30:33Z | 2025-10-29T21:30:33Z |
| ghsa-wv7v-cchq-8fjh | GIMP XWD File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerab… | 2025-10-29T21:30:33Z | 2025-11-04T03:30:26Z |
| ghsa-w4vf-cc4x-mpjq | LiteLLM Information health API_KEY Information Disclosure Vulnerability. This vulnerability allows … | 2025-10-29T21:30:33Z | 2025-10-29T21:30:33Z |
| ghsa-r6ww-7hxw-68c6 | memoQ 10.1.13.ef1b2b52aae and earlier contains an unquoted service path vulnerability in the memoQ … | 2025-10-29T21:30:33Z | 2025-10-30T15:32:34Z |
| ghsa-qg28-3m9m-fp3g | GIMP FF File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability allow… | 2025-10-29T21:30:33Z | 2025-10-29T21:30:33Z |
| ghsa-q3g4-86cm-rj2h | Allegra DatabaseBackupBL Directory Traversal Information Disclosure Vulnerability. This vulnerabili… | 2025-10-29T21:30:33Z | 2025-10-29T21:30:33Z |
| ghsa-pcf6-9gh3-h6jw | Ashlar-Vellum Cobalt CO File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulne… | 2025-10-29T21:30:33Z | 2025-10-29T21:30:33Z |
| ghsa-p2c7-54v2-7989 | win-cli-mcp-server resolveCommandPath Command Injection Remote Code Execution Vulnerability. This v… | 2025-10-29T21:30:33Z | 2025-10-29T21:30:33Z |
| ghsa-j494-wrfm-4v9c | Razer Synapse 3 Macro Module Link Following Local Privilege Escalation Vulnerability. This vulnerab… | 2025-10-29T21:30:33Z | 2025-10-29T21:30:33Z |
| ghsa-9p8c-493c-qp6m | GIMP DCM File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerab… | 2025-10-29T21:30:33Z | 2025-11-03T18:31:51Z |
| ghsa-9cpj-q6fm-2g3q | Ashlar-Vellum Cobalt XE File Parsing Integer Overflow Remote Code Execution Vulnerability. This vul… | 2025-10-29T21:30:33Z | 2025-10-29T21:30:33Z |
| ghsa-6xj8-rrqx-r4cv | MLflow Weak Password Requirements Authentication Bypass Vulnerability | 2025-10-29T21:30:33Z | 2025-11-05T16:09:13Z |
| ghsa-6v3v-9p87-2gg6 | Insecure Direct Object Reference (IDOR) in /tenants/{id} API endpoint in Inforcer Platform version … | 2025-10-29T21:30:33Z | 2025-10-30T15:32:34Z |
| ghsa-6pqm-mccv-6977 | GIMP HDR File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerab… | 2025-10-29T21:30:33Z | 2025-11-03T18:31:51Z |
| ghsa-69mp-wcfm-5322 | GIMP ILBM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulner… | 2025-10-29T21:30:33Z | 2025-10-29T21:30:33Z |
| ghsa-68v9-mpj8-43v9 | Razer Synapse 3 Chroma Connect Link Following Local Privilege Escalation Vulnerability. This vulner… | 2025-10-29T21:30:33Z | 2025-10-29T21:30:33Z |
| ghsa-5cvj-7rg6-jggj | MLflow Tracking Server Model Creation Directory Traversal Remote Code Execution Vulnerability | 2025-10-29T21:30:33Z | 2025-11-05T16:12:40Z |
| ghsa-4hq6-c566-v4h6 | GIMP WBMP File Parsing Integer Overflow Remote Code Execution Vulnerability. This vulnerability all… | 2025-10-29T21:30:33Z | 2025-10-29T21:30:33Z |
| ghsa-3r6w-f62x-hc2h | D-Link DNS-343 ShareCenter devices running firmware versions up to and including 1.05 contain a com… | 2025-10-29T21:30:33Z | 2025-10-29T21:30:33Z |
| ghsa-2x5h-7fq5-8m9f | GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code Execution Vulnerability. This vulnerability … | 2025-10-29T21:30:33Z | 2025-10-29T21:30:33Z |
| ghsa-2r4p-cp55-g7gf | Ashlar-Vellum Cobalt CO File Parsing Heap-based Buffer Overflow Remote Code Execution Vulnerability… | 2025-10-29T21:30:33Z | 2025-10-29T21:30:33Z |
| ghsa-wcxf-jmjh-x27q | To trigger the issue, three configuration parameters must have specific settings: "hostname-char-se… | 2025-10-29T18:30:35Z | 2025-11-05T00:31:31Z |
| ghsa-r9fw-cwjr-j3hp | An unquoted service path in Kingosoft Technology Ltd Kingo ROOT v1.5.8.3353 allows attackers to esc… | 2025-10-29T18:30:35Z | 2025-10-29T21:30:32Z |
| ghsa-h2c5-5pm8-g4x6 | An issue discovered in Dyson App v6.1.23041-23595 allows unauthenticated attackers to control other… | 2025-10-29T18:30:34Z | 2025-10-29T21:30:33Z |
| ghsa-g7mp-3c2c-6235 | Incorrect access control on Dataphone A920 v2025.07.161103 exposes a service on port 8888 by defaul… | 2025-10-29T18:30:34Z | 2025-10-30T21:30:45Z |
| ghsa-55f4-6pv4-vw79 | SPH Engineering UgCS 5.13.0 is vulnerable to Arbitary code execution. | 2025-10-29T18:30:34Z | 2025-10-30T21:30:45Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-40087 | N/A | NFSD: Define a proc_layoutcommit for the FlexFiles lay… |
Linux |
Linux |
2025-10-30T09:47:56.675Z | 2025-10-30T09:47:56.675Z |
| cve-2025-40086 | N/A | drm/xe: Don't allow evicting of BOs in same VM in arra… |
Linux |
Linux |
2025-10-30T09:47:56.005Z | 2025-10-30T09:47:56.005Z |
| cve-2025-54471 | 6.5 (v3.1) | NeuVector is shipping cryptographic material into its binary |
SUSE |
neuvector |
2025-10-30T09:45:56.931Z | 2025-10-30T13:59:54.426Z |
| cve-2025-54941 | Apache Airflow: Command injection in "example_dag_decorator" |
Apache Software Foundation |
Apache Airflow |
2025-10-30T09:45:26.712Z | 2025-11-04T21:12:56.896Z | |
| cve-2025-54469 | 9.9 (v3.1) | NeuVector Enforcer is vulnerable to Command Injection … |
SUSE |
neuvector |
2025-10-30T09:41:57.086Z | 2025-10-31T03:55:27.162Z |
| cve-2025-54470 | 8.6 (v3.1) | NeuVector telemetry sender is vulnerable to MITM and DoS |
SUSE |
neuvector |
2025-10-30T09:38:58.261Z | 2025-10-30T14:01:08.513Z |
| cve-2025-62402 | Apache Airflow: Airflow 3 API: /api/v2/dagReports exec… |
Apache Software Foundation |
Apache Airflow |
2025-10-30T09:14:27.456Z | 2025-10-31T03:55:27.925Z | |
| cve-2025-62503 | Apache Airflow: Privilege boundary bypass in bulk APIs… |
Apache Software Foundation |
Apache Airflow |
2025-10-30T09:11:16.813Z | 2025-10-30T14:25:43.960Z | |
| cve-2025-11906 | 6.7 (v3.1) | Privilege escalation via writable configuration files … |
Progress Software |
Flowmon |
2025-10-30T07:39:38.530Z | 2025-10-31T03:55:28.727Z |
| cve-2025-11881 | AppPresser – Mobile App Framework <= 4.5.0 - Missing A… |
scottopolis |
AppPresser – Mobile App Framework |
2025-10-30T06:45:40.381Z | 2025-10-30T14:11:55.365Z | |
| cve-2025-10636 | N/A | NS Maintenance Mode for WP <= 1.3.1 - Admin+ Stored XSS |
Unknown |
NS Maintenance Mode for WP |
2025-10-30T06:00:07.969Z | 2025-10-30T14:09:05.103Z |
| cve-2025-62229 | 7.3 (v3.1) | Xorg: xmayland: use-after-free in xpresentnotify struc… |
Red Hat |
Red Hat Enterprise Linux 10 |
2025-10-30T05:28:48.131Z | 2025-11-11T20:33:54.695Z |
| cve-2025-10008 | Translate WordPress and go Multilingual – Weglot <= 5.… |
remyb92 |
Translate WordPress and go Multilingual – Weglot |
2025-10-30T05:28:27.857Z | 2025-10-30T14:01:45.215Z | |
| cve-2025-11627 | Site Checkup AI Troubleshooting with Wizard and Tips f… |
sminozzi |
Site Checkup Debug AI Troubleshooting with Wizard and Tips for Each Issue |
2025-10-30T05:28:27.216Z | 2025-10-30T13:53:07.955Z | |
| cve-2025-62230 | 7.3 (v3.1) | Xorg: xwayland: use-after-free in xkb client resource … |
Red Hat |
Red Hat Enterprise Linux 10 |
2025-10-30T05:19:40.445Z | 2025-11-11T20:35:54.038Z |
| cve-2025-62231 | 7.3 (v3.1) | Xorg: xmayland: value overflow in xkbsetcompatmap() |
Red Hat |
Red Hat Enterprise Linux 10 |
2025-10-30T05:08:32.155Z | 2025-11-11T20:36:03.829Z |
| cve-2025-12475 | Blocksy Companion <= 2.1.14 - Authenticated (Contribut… |
creativethemeshq |
Blocksy Companion |
2025-10-30T04:26:01.452Z | 2025-10-30T13:54:22.488Z | |
| cve-2025-63885 | N/A | A stored cross-site scripting (XSS) vulnerability… |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-10-30T18:27:03.667Z |
| cve-2025-63608 | N/A | A SQL injection vulnerability exists in CSZ-CMS <… |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-10-30T14:28:47.918Z |
| cve-2025-63423 | N/A | Each Italy Wireless Mini Router WIRELESS-N 300M v… |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-10-30T20:59:59.390Z |
| cve-2025-63422 | N/A | Incorrect access control in the Web management in… |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-10-30T20:58:32.148Z |
| cve-2025-63298 | N/A | A path traversal vulnerability was identified in … |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-10-30T20:57:36.156Z |
| cve-2025-61498 | N/A | A buffer overflow in the UPnP service of Tenda AC… |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-10-30T21:01:04.959Z |
| cve-2025-61196 | N/A | An issue in BusinessNext CRMnext v.10.8.3.0 allow… |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-10-31T14:42:04.943Z |
| cve-2025-61141 | N/A | sqls-server/sqls 0.2.28 is vulnerable to command … |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-10-30T21:02:01.794Z |
| cve-2025-61121 | N/A | Mobile Scanner Android App version 2.12.38 (packa… |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-10-30T20:53:59.183Z |
| cve-2025-61120 | N/A | AG Life Logger Android App version v1.0.2.72 and … |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-10-30T20:52:38.303Z |
| cve-2025-61119 | N/A | Kanova Android App version 1.0.27 (package name c… |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-10-30T20:49:42.126Z |
| cve-2025-61118 | N/A | mCarFix Motorists App version 2.3 (package name c… |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-10-30T20:45:29.185Z |
| cve-2025-61117 | N/A | Senza: Keto & Fasting Android App version 2.10.15… |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-10-30T20:44:23.402Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-5342 | 4.3 (v3.1) | Denial of Service (DoS) |
Zohocorp |
ManageEngine Exchange Reporter Plus |
2025-10-30T14:20:53.989Z | 2025-10-30T14:46:13.685Z |
| cve-2025-50574 | N/A | Cross-site scripting (XSS) vulnerability in blog-… |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-11-04T15:42:06.733Z |
| cve-2025-46423 | 7.8 (v3.1) | Dell Unity, version(s) 5.5 and prior, contain(s) … |
Dell |
Unity |
2025-10-30T14:14:47.745Z | 2025-10-31T03:55:24.553Z |
| cve-2025-46422 | 7.8 (v3.1) | Dell Unity, version(s) 5.5 and prior, contain(s) … |
Dell |
Unity |
2025-10-30T14:19:34.880Z | 2025-10-31T03:55:23.625Z |
| cve-2025-43942 | 7.8 (v3.1) | Dell Unity, version(s) 5.5 and prior, contain(s) … |
Dell |
Unity |
2025-10-30T14:23:26.312Z | 2025-10-31T03:55:22.772Z |
| cve-2025-43027 | 9.8 (v3.1) | A critical severity vulnerability has been identi… |
Genetec Inc. |
Genetec Security Center |
2025-10-30T14:12:27.918Z | 2025-10-31T03:55:30.389Z |
| cve-2025-50739 | N/A | iib0011 omni-tools v0.4.0 is vulnerable to remote… |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-11-04T15:45:10.590Z |
| cve-2025-50736 | N/A | An open redirect vulnerability exists in Byaidu P… |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-11-04T15:46:51.400Z |
| cve-2025-43941 | 7.2 (v3.1) | Dell Unity, version(s) 5.5 and Prior, contain(s) … |
Dell |
Unity |
2025-10-30T13:57:25.065Z | 2025-10-31T03:55:29.572Z |
| cve-2025-43940 | 7.8 (v3.1) | Dell Unity, version(s) 5.5 and Prior, contain(s) … |
Dell |
Unity |
2025-10-30T14:05:17.818Z | 2025-10-31T03:55:21.915Z |
| cve-2025-43939 | 7.8 (v3.1) | Dell Unity, version(s) 5.4 and prior, contain(s) … |
Dell |
Unity |
2025-10-30T14:10:14.508Z | 2025-10-31T03:55:21.085Z |
| cve-2025-63608 | N/A | A SQL injection vulnerability exists in CSZ-CMS <… |
n/a |
n/a |
2025-10-30T00:00:00.000Z | 2025-10-30T14:28:47.918Z |
| cve-2025-10348 | 5.1 (v4.0) | Stored Cross-Site Scripting in URVE Smart Office |
Eveo |
URVE Smart Office |
2025-10-30T13:00:43.106Z | 2025-10-30T14:26:38.615Z |
| cve-2025-10317 | 5.1 (v4.0) | Multiple Cross-Site Request Forgery in Quick.Cart |
OpenSolution |
Quick.Cart |
2025-10-30T11:48:43.747Z | 2025-10-30T13:14:48.997Z |
| cve-2025-53883 | 9.3 (v4.0) | spacewalk-java has various XSS issues on search page |
SUSE |
Container suse manager 5.0 |
2025-10-30T10:50:07.580Z | 2025-10-31T03:55:20.245Z |
| cve-2025-53880 | 8.7 (v4.0) | susemanager-tftpsync-recv allows arbitrary file creati… |
SUSE |
Container suse/manager/4.3/proxy-httpd:latest |
2025-10-30T10:31:15.866Z | 2025-10-31T03:55:25.371Z |
| cve-2025-39663 | Cross Site Scripting through compromised remote site |
Checkmk GmbH |
Checkmk |
2025-10-30T10:43:08.500Z | 2025-11-07T16:04:27.994Z | |
| cve-2025-62503 | Apache Airflow: Privilege boundary bypass in bulk APIs… |
Apache Software Foundation |
Apache Airflow |
2025-10-30T09:11:16.813Z | 2025-10-30T14:25:43.960Z | |
| cve-2025-62402 | Apache Airflow: Airflow 3 API: /api/v2/dagReports exec… |
Apache Software Foundation |
Apache Airflow |
2025-10-30T09:14:27.456Z | 2025-10-31T03:55:27.925Z | |
| cve-2025-54941 | Apache Airflow: Command injection in "example_dag_decorator" |
Apache Software Foundation |
Apache Airflow |
2025-10-30T09:45:26.712Z | 2025-11-04T21:12:56.896Z | |
| cve-2025-54471 | 6.5 (v3.1) | NeuVector is shipping cryptographic material into its binary |
SUSE |
neuvector |
2025-10-30T09:45:56.931Z | 2025-10-30T13:59:54.426Z |
| cve-2025-54470 | 8.6 (v3.1) | NeuVector telemetry sender is vulnerable to MITM and DoS |
SUSE |
neuvector |
2025-10-30T09:38:58.261Z | 2025-10-30T14:01:08.513Z |
| cve-2025-54469 | 9.9 (v3.1) | NeuVector Enforcer is vulnerable to Command Injection … |
SUSE |
neuvector |
2025-10-30T09:41:57.086Z | 2025-10-31T03:55:27.162Z |
| cve-2025-40105 | N/A | vfs: Don't leak disconnected dentries on umount |
Linux |
Linux |
2025-10-30T09:48:09.674Z | 2025-10-30T09:48:09.674Z |
| cve-2025-40104 | N/A | ixgbevf: fix mailbox API compatibility by negotiating … |
Linux |
Linux |
2025-10-30T09:48:09.051Z | 2025-10-30T09:48:09.051Z |
| cve-2025-40103 | N/A | smb: client: Fix refcount leak for cifs_sb_tlink |
Linux |
Linux |
2025-10-30T09:48:08.421Z | 2025-10-30T09:48:08.421Z |
| cve-2025-40102 | N/A | KVM: arm64: Prevent access to vCPU events before init |
Linux |
Linux |
2025-10-30T09:48:07.790Z | 2025-10-30T09:48:07.790Z |
| cve-2025-40101 | N/A | btrfs: fix memory leaks when rejecting a non SINGLE da… |
Linux |
Linux |
2025-10-30T09:48:07.155Z | 2025-10-30T09:48:07.155Z |
| cve-2025-40100 | N/A | btrfs: do not assert we found block group item when cr… |
Linux |
Linux |
2025-10-30T09:48:06.521Z | 2025-10-30T09:48:06.521Z |
| cve-2025-40099 | N/A | cifs: parse_dfs_referrals: prevent oob on malformed input |
Linux |
Linux |
2025-10-30T09:48:05.859Z | 2025-10-30T09:48:05.859Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-188491 | Malicious code in package-eventhoriz-gammarayburst-parsec (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188490 | Malicious code in package-changelog-css-loader-slidev (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188489 | Malicious code in outercore-sync-fornax-lightyear (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188488 | Malicious code in outercore-quasarjet-ora-saturnology (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188487 | Malicious code in outercore-cli-concurrently-troposphere (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188486 | Malicious code in oscillation-readable-supernova-karma (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188485 | Malicious code in oscillation-oscillation-accretion-comet (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188484 | Malicious code in oscillation-leda-warp-framework (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188483 | Malicious code in oscillation-grunt-magellan-dorado (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188482 | Malicious code in oscillation-aquarius-ursa-parallax (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188481 | Malicious code in orogeny-rollup-heka-miranda (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188480 | Malicious code in orogeny-quark-archaeoastronomy-auth (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188479 | Malicious code in orogeny-karma-babel-sequelize (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188478 | Malicious code in orogeny-fork-query-troposphere (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188477 | Malicious code in orogeny-fermion-mui-jovian (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188476 | Malicious code in orogeny-algol-kastra-xo (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188475 | Malicious code in orchestrate-web-simulate-float-abstract (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188474 | Malicious code in orchestrate-process-cache-data-async (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188473 | Malicious code in orchestrate-grid-dog-air-route (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188472 | Malicious code in orchestrate-benchmark-spy-air-cat (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188471 | Malicious code in orchestrate-awk-encrypt-moon-fork (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188470 | Malicious code in orbit-zenith-magellan-antares (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188469 | Malicious code in orbit-typeorm-nucleosynthesis-tectonic (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188468 | Malicious code in orbit-publish-dynamo-helmet (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188467 | Malicious code in orbit-luna-indus-xanthus (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188466 | Malicious code in orbit-library-blueshift-vortex (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188465 | Malicious code in orbit-html-webpack-plugin-xml-docusaurus (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188464 | Malicious code in orbit-css-minimizer-webpack-plugin-paleontology-centaurus (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188463 | Malicious code in orbit-cosmicweb-meteor-wolf (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188462 | Malicious code in ora-release-it-ichnology-subscription (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:7085 | Red Hat Security Advisory: pcs security update | 2025-05-13T08:24:53+00:00 | 2025-11-06T23:35:04+00:00 |
| rhsa-2025:7109 | Red Hat Security Advisory: python3.11 security update | 2025-05-13T08:24:03+00:00 | 2025-11-06T23:24:30+00:00 |
| rhba-2025:6470 | Red Hat Bug Fix Advisory: rsync bug fix and enhancement update | 2025-05-13T08:18:15+00:00 | 2025-11-06T21:56:32+00:00 |
| rhba-2025:6314 | Red Hat Bug Fix Advisory: openssl bug fix and enhancement update | 2025-05-13T08:05:47+00:00 | 2025-11-08T07:12:53+00:00 |
| rhba-2025:6597 | Red Hat Bug Fix Advisory: libxml2 bug fix and enhancement update | 2025-05-13T07:56:17+00:00 | 2025-11-08T07:16:19+00:00 |
| rhsa-2025:4810 | Red Hat Security Advisory: RHSA: Submariner 0.18.5 - bug and security update | 2025-05-12T15:04:37+00:00 | 2025-11-14T17:12:33+00:00 |
| rhsa-2025:4797 | Red Hat Security Advisory: thunderbird security update | 2025-05-12T12:36:42+00:00 | 2025-11-06T23:15:26+00:00 |
| rhsa-2025:4793 | Red Hat Security Advisory: emacs security update | 2025-05-12T10:29:22+00:00 | 2025-11-06T22:35:59+00:00 |
| rhsa-2025:4794 | Red Hat Security Advisory: emacs security update | 2025-05-12T10:04:02+00:00 | 2025-11-06T22:35:59+00:00 |
| rhsa-2025:4787 | Red Hat Security Advisory: emacs security update | 2025-05-12T01:33:16+00:00 | 2025-11-06T22:35:58+00:00 |
| rhsa-2025:4788 | Red Hat Security Advisory: redis security update | 2025-05-12T01:33:11+00:00 | 2025-11-14T00:56:17+00:00 |
| rhsa-2025:4789 | Red Hat Security Advisory: redis security update | 2025-05-12T01:31:32+00:00 | 2025-11-14T00:56:17+00:00 |
| rhsa-2025:4431 | Red Hat Security Advisory: OpenShift Container Platform 4.17.28 bug fix and security update | 2025-05-09T04:33:03+00:00 | 2025-11-13T17:26:59+00:00 |
| rhsa-2025:4427 | Red Hat Security Advisory: OpenShift Container Platform 4.18.12 bug fix and security update | 2025-05-09T04:31:09+00:00 | 2025-11-14T16:53:50+00:00 |
| rhsa-2025:4752 | Red Hat Security Advisory: firefox security update | 2025-05-08T19:58:18+00:00 | 2025-11-06T23:15:26+00:00 |
| rhsa-2025:4751 | Red Hat Security Advisory: firefox security update | 2025-05-08T19:57:48+00:00 | 2025-11-06T23:15:26+00:00 |
| rhsa-2025:4756 | Red Hat Security Advisory: firefox security update | 2025-05-08T19:55:39+00:00 | 2025-11-06T23:15:26+00:00 |
| rhsa-2025:4422 | Red Hat Security Advisory: OpenShift Container Platform 4.15.50 bug fix and security update | 2025-05-08T19:55:32+00:00 | 2025-11-14T17:12:27+00:00 |
| rhsa-2025:4409 | Red Hat Security Advisory: OpenShift Container Platform 4.12.76 bug fix and security update | 2025-05-08T19:54:33+00:00 | 2025-11-14T17:12:27+00:00 |
| rhsa-2025:4753 | Red Hat Security Advisory: firefox security update | 2025-05-08T19:50:03+00:00 | 2025-11-06T23:15:26+00:00 |
| rhsa-2025:4408 | Red Hat Security Advisory: OpenShift Container Platform 4.12.76 security and extras update | 2025-05-08T19:30:19+00:00 | 2025-11-13T17:26:58+00:00 |
| rhsa-2025:4521 | Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.4 release and security update | 2025-05-08T12:17:27+00:00 | 2025-11-11T12:35:04+00:00 |
| rhsa-2025:4522 | Red Hat Security Advisory: Red Hat JBoss Web Server 5.8.4 release and security update | 2025-05-08T12:15:06+00:00 | 2025-11-11T12:35:04+00:00 |
| rhsa-2025:4666 | Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.11.7 container updates | 2025-05-07T16:17:54+00:00 | 2025-11-14T17:12:32+00:00 |
| rhsa-2025:4669 | Red Hat Security Advisory: osbuild-composer security update | 2025-05-07T14:59:09+00:00 | 2025-11-14T17:12:33+00:00 |
| rhsa-2025:4667 | Red Hat Security Advisory: Updated 7.1 container image is now available in the Red Hat Ecosystem Catalog. | 2025-05-07T12:55:17+00:00 | 2025-11-13T17:42:08+00:00 |
| rhsa-2025:4664 | Red Hat Security Advisory: Red Hat Ceph Storage 7.1 security, bug fix, and enhancement updates | 2025-05-07T12:48:57+00:00 | 2025-11-13T17:42:07+00:00 |
| rhsa-2025:4624 | Red Hat Security Advisory: libsoup security update | 2025-05-07T07:04:14+00:00 | 2025-11-06T23:15:26+00:00 |
| rhsa-2025:4609 | Red Hat Security Advisory: libsoup security update | 2025-05-07T04:31:24+00:00 | 2025-11-06T23:15:26+00:00 |
| rhsa-2025:4605 | Red Hat Security Advisory: multicluster Engine for Kubernetes 2.6.7 container updates | 2025-05-07T03:32:30+00:00 | 2025-11-14T16:53:55+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2024-56763 | tracing: Prevent bad count for tracing_cpumask_write | 2025-01-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2024-56761 | x86/fred: Clear WFE in missing-ENDBRANCH #CPs | 2025-01-02T00:00:00.000Z | 2025-09-03T20:01:52.000Z |
| msrc_cve-2024-56760 | PCI/MSI: Handle lack of irqdomain gracefully | 2025-01-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2024-56757 | Bluetooth: btusb: mediatek: add intf release flow when usb disconnect | 2025-01-02T00:00:00.000Z | 2025-09-03T20:07:07.000Z |
| msrc_cve-2024-56369 | drm/modes: Avoid divide by zero harder in drm_mode_vrefresh() | 2025-01-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2024-55916 | Drivers: hv: util: Avoid accessing a ringbuffer not initialized yet | 2025-01-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2024-55553 | In FRRouting (FRR) all routes are re-validated if the total size of an update received via RTR exceeds the internal socket's buffer size | 2025-01-02T00:00:00.000Z | 2025-07-11T00:00:00.000Z |
| msrc_cve-2024-55459 | An issue in keras 3.7.0 allows attackers to write arbitrary files to the user's machine via downloading a crafted tar file through the get_file function. | 2025-01-02T00:00:00.000Z | 2025-09-03T22:00:02.000Z |
| msrc_cve-2024-54683 | netfilter: IDLETIMER: Fix for possible ABBA deadlock | 2025-01-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2024-53687 | riscv: Fix IPIs usage in kfence_protect_page() | 2025-01-02T00:00:00.000Z | 2025-10-17T01:01:36.000Z |
| msrc_cve-2024-53263 | Git LFS permits exfiltration of credentials via crafted HTTP URLs | 2025-01-02T00:00:00.000Z | 2025-02-01T00:00:00.000Z |
| msrc_cve-2024-52006 | Newline confusion in credential helpers can lead to credential exfiltration in git | 2025-01-02T00:00:00.000Z | 2025-05-27T00:00:00.000Z |
| msrc_cve-2024-52005 | The sideband payload is passed unfiltered to the terminal in git | 2025-01-02T00:00:00.000Z | 2025-09-03T21:13:58.000Z |
| msrc_cve-2024-51741 | Redis allows denial-of-service due to malformed ACL selectors | 2025-01-02T00:00:00.000Z | 2025-01-18T00:00:00.000Z |
| msrc_cve-2024-50349 | Git does not sanitize URLs when asking for credentials interactively | 2025-01-02T00:00:00.000Z | 2025-05-27T00:00:00.000Z |
| msrc_cve-2024-49569 | nvme-rdma: unquiesce admin_q before destroy it | 2025-01-02T00:00:00.000Z | 2025-07-11T00:00:00.000Z |
| msrc_cve-2024-49568 | net/smc: check v2_ext_offset/eid_cnt/ism_gid_cnt when receiving proposal msg | 2025-01-02T00:00:00.000Z | 2025-10-17T01:01:27.000Z |
| msrc_cve-2024-48881 | bcache: revert replacing IS_ERR_OR_NULL with IS_ERR again | 2025-01-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2024-48875 | btrfs: don't take dev_replace rwsem on task already holding it | 2025-01-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2024-48873 | wifi: rtw89: check return value of ieee80211_probereq_get() for RNR | 2025-01-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2024-47809 | dlm: fix possible lkb_resource null dereference | 2025-01-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2024-47794 | bpf: Prevent tailcall infinite loop caused by freplace | 2025-01-02T00:00:00.000Z | 2025-09-04T00:54:29.000Z |
| msrc_cve-2024-47143 | dma-debug: fix a possible deadlock on radix_lock | 2025-01-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2024-47141 | pinmux: Use sequential access to access desc->pinmux data | 2025-01-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2024-46981 | Redis' Lua library commands may lead to remote code execution | 2025-01-02T00:00:00.000Z | 2025-01-24T00:00:00.000Z |
| msrc_cve-2024-45828 | i3c: mipi-i3c-hci: Mask ring interrupts before ring stop request | 2025-01-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| msrc_cve-2024-45341 | Usage of IPv6 zone IDs can bypass URI name constraints in crypto/x509 | 2025-01-02T00:00:00.000Z | 2025-02-13T00:00:00.000Z |
| msrc_cve-2024-45339 | Vulnerability when creating log files in github.com/golang/glog | 2025-01-02T00:00:00.000Z | 2025-02-21T00:00:00.000Z |
| msrc_cve-2024-45336 | Sensitive headers incorrectly sent after cross-domain redirect in net/http | 2025-01-02T00:00:00.000Z | 2025-02-13T00:00:00.000Z |
| msrc_cve-2024-43098 | i3c: Use i3cdev->desc->info instead of calling i3c_device_get_info() to avoid deadlock | 2025-01-02T00:00:00.000Z | 2025-03-13T00:00:00.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2014-000106 | 365 Links series vulnerable to cross-site scripting | 2014-09-17T15:23+09:00 | 2014-09-19T13:33+09:00 |
| jvndb-2014-000105 | Help Page in multiple Adobe products vulnerable to cross-site scripting | 2014-09-12T14:00+09:00 | 2014-09-29T11:42+09:00 |
| jvndb-2014-000104 | Movable Type vulnerable to cross-site scripting | 2014-09-09T15:02+09:00 | 2014-09-11T16:56+09:00 |
| jvndb-2014-000084 | WisePoint vulnerable to session fixation | 2014-09-04T16:46+09:00 | 2014-09-09T15:02+09:00 |
| jvndb-2014-000103 | EmFTP may insecurely load executable files | 2014-09-04T16:36+09:00 | 2014-09-09T15:15+09:00 |
| jvndb-2014-000102 | Kindle App for Android fails to verify SSL server certificates | 2014-08-29T13:38+09:00 | 2014-09-03T18:25+09:00 |
| jvndb-2014-000101 | MailPoet Newsletters vulnerable to cross-site request forgery | 2014-08-26T13:33+09:00 | 2014-08-28T18:13+09:00 |
| jvndb-2014-000099 | Advance-Flow vulnerable to SQL injection | 2014-08-19T12:35+09:00 | 2014-08-20T16:26+09:00 |
| jvndb-2014-000100 | Cakifo vulnerable to cross-site scripting | 2014-08-18T13:32+09:00 | 2014-08-20T16:30+09:00 |
| jvndb-2014-000096 | Shutter vulnerable to cross-site scripting | 2014-08-15T13:27+09:00 | 2014-08-19T16:27+09:00 |
| jvndb-2014-000095 | Shutter vulnerable to SQL injection | 2014-08-15T13:24+09:00 | 2015-01-15T17:47+09:00 |
| jvndb-2014-000098 | Ameba for Android contains an issue where it fails to verify SSL server certificates | 2014-08-14T12:32+09:00 | 2014-08-18T12:22+09:00 |
| jvndb-2014-000097 | Dominion KX2-101 vulnerable to denial-of-service (DoS) | 2014-08-12T14:03+09:00 | 2014-08-18T09:44+09:00 |
| jvndb-2014-000094 | Piwigo vulnerable to SQL injection | 2014-08-08T13:57+09:00 | 2014-08-08T13:57+09:00 |
| jvndb-2014-000093 | Piwigo vulnerable to cross-site scripting | 2014-08-08T13:52+09:00 | 2014-08-19T16:48+09:00 |
| jvndb-2014-000092 | Piwigo vulnerable to cross-site scripting | 2014-08-08T13:49+09:00 | 2014-08-15T13:35+09:00 |
| jvndb-2014-000085 | GOM Player vulnerable to denial-of-service (DoS) | 2014-08-06T15:22+09:00 | 2014-08-13T18:29+09:00 |
| jvndb-2014-000091 | ServerView Operations Manager vulnerable to cross-site scripting | 2014-08-01T15:42+09:00 | 2014-08-18T10:05+09:00 |
| jvndb-2014-000086 | Outlook.com for Android contains an issue where it fails to verify SSL server certificates | 2014-07-30T15:11+09:00 | 2014-08-18T10:09+09:00 |
| jvndb-2014-000087 | Multiple I-O DATA IP Cameras vulnerable to authentication bypass | 2014-07-29T14:24+09:00 | 2014-08-01T18:30+09:00 |
| jvndb-2014-000088 | PerlMailer vulnerable to cross-site scripting | 2014-07-29T14:20+09:00 | 2014-08-01T18:28+09:00 |
| jvndb-2014-000089 | acmailer contains a cross-site request forgery vulnerability | 2014-07-29T14:15+09:00 | 2014-08-01T18:29+09:00 |
| jvndb-2013-002240 | Arbitrary program execution vulnerability in TrendLink ActiveX control | 2014-07-25T14:44+09:00 | 2014-07-25T14:44+09:00 |
| jvndb-2014-000082 | FuelPHP vulnerable to remote code execution | 2014-07-18T13:50+09:00 | 2014-07-23T11:03+09:00 |
| jvndb-2014-000081 | File Explorer vulnerable to directory traversal | 2014-07-18T13:48+09:00 | 2014-07-23T11:02+09:00 |
| jvndb-2014-000080 | Meridian vulnerable to cross-site scripting | 2014-07-18T13:47+09:00 | 2014-07-23T11:02+09:00 |
| jvndb-2014-000079 | Multifunctional MailForm Free vulnerable to cross-site scripting | 2014-07-16T15:13+09:00 | 2014-07-23T11:02+09:00 |
| jvndb-2014-000078 | Cybozu Garoon vulnerable to cross-site scritping | 2014-07-15T14:47+09:00 | 2014-07-23T11:01+09:00 |
| jvndb-2014-000077 | Cybozu Garoon vulnerable to access restriction bypass | 2014-07-15T14:46+09:00 | 2014-07-23T11:01+09:00 |
| jvndb-2014-000076 | Cybozu Garoon vulnerable to cross-site scritping | 2014-07-15T14:46+09:00 | 2014-07-23T11:01+09:00 |
| ID | Description | Updated |
|---|