Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-jwm4-955w-4hj3 | Jenkins Themis Plugin is missing a permission check | 2025-10-29T15:31:56Z | 2025-11-05T20:52:56Z |
| ghsa-jfg6-4gx3-3v7w | Jenkins JDepend Plugin vulnerable to XML external entity attacks | 2025-10-29T15:31:56Z | 2025-11-05T20:52:47Z |
| ghsa-jc99-58pq-g6c3 | In the Linux kernel, the following vulnerability has been resolved: scsi: ses: Fix possible addl_d… | 2025-10-29T15:31:56Z | 2025-10-29T15:31:56Z |
| ghsa-j7r7-7qmf-xq87 | Jenkins SAML Plugin does not implement a replay cache | 2025-10-29T15:31:56Z | 2025-11-05T20:51:56Z |
| ghsa-h83r-7f9f-mqjj | Jenkins Nexus Task Runner Plugin is missing a permission check | 2025-10-29T15:31:56Z | 2025-11-05T20:53:05Z |
| ghsa-c4qv-5j2j-52m7 | DLL hijacking vulnerability in Evope Collector 1.1.6.9.0 and related components load the wtsapi32.d… | 2025-10-29T15:31:56Z | 2025-10-29T15:31:56Z |
| ghsa-9q6p-w395-hc48 | The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is vulnerable … | 2025-10-29T15:31:56Z | 2025-10-29T15:31:56Z |
| ghsa-93mh-mx9w-m69q | Jenkins Themis Plugin vulnerable to cross-site request forgery | 2025-10-29T15:31:56Z | 2025-11-05T20:52:28Z |
| ghsa-899c-h4r4-cxr9 | A CSRF issue was discovered in the administrative web GUI in Blu-Castle BCUM221E 1.0.0P220507. This… | 2025-10-29T15:31:56Z | 2025-10-29T15:31:56Z |
| ghsa-6mgr-3374-4p3c | Jenkins Start Windocks Containers Plugin vulnerable to cross-site request forgery | 2025-10-29T15:31:56Z | 2025-11-05T20:52:20Z |
| ghsa-5797-v2fm-f69x | The Call Now Button – The #1 Click to Call Button for WordPress plugin for WordPress is vulnerable … | 2025-10-29T15:31:56Z | 2025-10-29T15:31:56Z |
| ghsa-4653-9q2r-684q | Jenkins OpenShift Pipeline Plugin stores authorization tokens unencrypted in job config.xml files | 2025-10-29T15:31:56Z | 2025-11-05T20:53:36Z |
| ghsa-3jw2-5hjg-hc2c | Jenkins Extensible Choice Parameter Plugin vulnerable to cross-site request forgery | 2025-10-29T15:31:56Z | 2025-11-05T20:52:04Z |
| ghsa-2vmr-8c82-x8xq | Jenkins ByteGuard Build Actions Plugin stores API tokens unencrypted in job config.xml files | 2025-10-29T15:31:56Z | 2025-11-05T20:53:52Z |
| ghsa-2cjq-ppmx-48x5 | In the Linux kernel, the following vulnerability has been resolved: ALSA: usb-audio: Fix NULL poin… | 2025-10-29T15:31:56Z | 2025-10-29T15:31:56Z |
| ghsa-23vj-j6jc-w892 | Jenkins Curseforge Publisher Plugin stores API Keys unencrypted in job config.xml files | 2025-10-29T15:31:56Z | 2025-11-05T20:54:11Z |
| ghsa-xrw3-prcw-c39g | Rejected reason: Duplicate of CVE-2023-52441. | 2025-10-29T12:30:25Z | 2025-10-29T12:30:25Z |
| ghsa-vch3-8jh3-g32c | This vulnerability allows an attacker to access parts of the application that are not protected by … | 2025-10-29T12:30:25Z | 2025-10-29T12:30:25Z |
| ghsa-qp98-37p8-mxj7 | Rejected reason: Duplicate of CVE-2023-52442. | 2025-10-29T12:30:25Z | 2025-10-29T12:30:25Z |
| ghsa-gqxj-68c6-vgjx | Buffer Copy without Checking Size of Input ('Classic Buffer Overflow') vulnerability in ABB Terra A… | 2025-10-29T12:30:25Z | 2025-10-29T12:30:25Z |
| ghsa-fvmg-22f6-q6vj | The LiteSpeed Cache plugin for WordPress is vulnerable to Reflected Cross-Site Scripting via URLs i… | 2025-10-29T12:30:25Z | 2025-10-29T12:30:25Z |
| ghsa-9vm5-3w25-78p5 | The Easy Testimonial Slider and Form plugin for WordPress is vulnerable to SQL Injection via the 'i… | 2025-10-29T12:30:25Z | 2025-10-29T12:30:25Z |
| ghsa-3386-f7wg-696x | The Thumbnail Slider With Lightbox plugin for WordPress is vulnerable to SQL Injection via the 'id'… | 2025-10-29T12:30:25Z | 2025-10-29T12:30:25Z |
| ghsa-9f58-4465-23c7 | Sharp user-provided input can be evaluated in a SharpShowTextField with Vue template syntax | 2025-10-29T10:52:08Z | 2025-10-29T10:52:08Z |
| ghsa-5jpx-9hw9-2fx4 | NextAuthjs Email misdelivery Vulnerability | 2025-10-29T10:43:57Z | 2025-10-29T10:43:58Z |
| ghsa-xgg2-8225-6c5g | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2025-10-29T09:30:24Z | 2025-11-13T12:31:33Z |
| ghsa-w8qr-ffgq-7q5j | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2025-10-29T09:30:24Z | 2025-11-13T12:31:33Z |
| ghsa-r8fw-gf62-v77w | Missing Authorization vulnerability in Evergreen Content Poster Evergreen Content Poster evergreen-… | 2025-10-29T09:30:24Z | 2025-11-13T12:31:33Z |
| ghsa-q7hf-mwj3-84gh | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusi… | 2025-10-29T09:30:24Z | 2025-11-13T12:31:33Z |
| ghsa-pmpr-2fww-r5fw | Cross-Site Request Forgery (CSRF) vulnerability in WpEstate WP Rentals wprentals allows Cross Site … | 2025-10-29T09:30:24Z | 2025-11-13T12:31:33Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-62785 | Wazuh fillData NULL pointer dereference causes analysi… |
wazuh |
wazuh |
2025-10-29T15:37:43.108Z | 2025-10-29T16:10:18.690Z | |
| cve-2025-12148 | 6 (v4.0) | Unauthorized access to fields protected by Field Maski… |
floragunn |
Search Guard FLX |
2025-10-29T15:31:32.419Z | 2025-10-29T16:11:51.396Z |
| cve-2024-14012 | 7.3 (v4.0) | Potential Privilege Escalation in Revenera InstallShie… |
Revenera |
InstallShield |
2025-10-29T15:30:53.784Z | 2025-10-29T17:40:17.707Z |
| cve-2025-12147 | 6 (v4.0) | Unauthorized access to fields protected by Field-Level… |
floragunn |
Search Guard FLX |
2025-10-29T15:29:54.302Z | 2025-10-29T15:53:51.291Z |
| cve-2025-54384 | CKAN stored XSS vulnerability in Markdown description fields |
ckan |
ckan |
2025-10-29T15:26:38.426Z | 2025-10-29T17:41:12.571Z | |
| cve-2024-58269 | 4.3 (v3.1) | Rancher exposes sensitive information through audit logs |
SUSE |
rancher |
2025-10-29T14:58:06.640Z | 2025-10-29T15:10:05.138Z |
| cve-2023-32199 | 4.3 (v3.1) | Rancher user retains access to clusters despite Global… |
SUSE |
rancher |
2025-10-29T14:54:04.162Z | 2025-10-29T15:26:02.274Z |
| cve-2025-10932 | 8.2 (v3.1) | AS2 module allows uncontrolled file uploads |
Progress |
MOVEit Transfer |
2025-10-29T14:12:33.439Z | 2025-10-29T14:33:14.601Z |
| cve-2023-7324 | N/A | scsi: ses: Fix possible addl_desc_ptr out-of-bounds accesses |
Linux |
Linux |
2025-10-29T13:46:14.184Z | 2025-10-29T13:46:14.184Z |
| cve-2025-40085 | N/A | ALSA: usb-audio: Fix NULL pointer deference in try_to_… |
Linux |
Linux |
2025-10-29T13:37:04.707Z | 2025-10-29T13:37:04.707Z |
| cve-2025-40084 | N/A | ksmbd: transport_ipc: validate payload size before rea… |
Linux |
Linux |
2025-10-29T13:37:03.185Z | 2025-11-03T00:39:28.104Z |
| cve-2025-40083 | N/A | net/sched: sch_qfq: Fix null-deref in agg_dequeue |
Linux |
Linux |
2025-10-29T13:37:01.868Z | 2025-11-02T13:30:42.936Z |
| cve-2025-64150 | N/A | A missing permission check in Jenkins Publish to … |
Jenkins Project |
Jenkins Publish to Bitbucket Plugin |
2025-10-29T13:29:52.313Z | 2025-11-04T21:14:47.588Z |
| cve-2025-64149 | N/A | A cross-site request forgery (CSRF) vulnerability… |
Jenkins Project |
Jenkins Publish to Bitbucket Plugin |
2025-10-29T13:29:51.666Z | 2025-11-04T21:14:46.295Z |
| cve-2025-64148 | N/A | A missing permission check in Jenkins Publish to … |
Jenkins Project |
Jenkins Publish to Bitbucket Plugin |
2025-10-29T13:29:51.005Z | 2025-11-04T21:14:44.983Z |
| cve-2025-64147 | N/A | Jenkins Curseforge Publisher Plugin 1.0 does not … |
Jenkins Project |
Jenkins Curseforge Publisher Plugin |
2025-10-29T13:29:50.359Z | 2025-11-04T21:14:43.680Z |
| cve-2025-64146 | N/A | Jenkins Curseforge Publisher Plugin 1.0 stores AP… |
Jenkins Project |
Jenkins Curseforge Publisher Plugin |
2025-10-29T13:29:49.711Z | 2025-11-04T21:14:42.392Z |
| cve-2025-64145 | N/A | Jenkins ByteGuard Build Actions Plugin 1.0 does n… |
Jenkins Project |
Jenkins ByteGuard Build Actions Plugin |
2025-10-29T13:29:49.056Z | 2025-11-04T21:14:41.055Z |
| cve-2025-64144 | N/A | Jenkins ByteGuard Build Actions Plugin 1.0 stores… |
Jenkins Project |
Jenkins ByteGuard Build Actions Plugin |
2025-10-29T13:29:48.402Z | 2025-11-04T21:14:39.751Z |
| cve-2025-64143 | N/A | Jenkins OpenShift Pipeline Plugin 1.0.57 and earl… |
Jenkins Project |
Jenkins OpenShift Pipeline Plugin |
2025-10-29T13:29:47.762Z | 2025-11-04T21:14:38.426Z |
| cve-2025-64142 | N/A | A missing permission check in Jenkins Nexus Task … |
Jenkins Project |
Jenkins Nexus Task Runner Plugin |
2025-10-29T13:29:47.116Z | 2025-11-04T21:14:37.130Z |
| cve-2025-64141 | N/A | A cross-site request forgery (CSRF) vulnerability… |
Jenkins Project |
Jenkins Nexus Task Runner Plugin |
2025-10-29T13:29:46.447Z | 2025-11-04T21:14:35.812Z |
| cve-2025-64140 | N/A | Jenkins Azure CLI Plugin 0.9 and earlier does not… |
Jenkins Project |
Jenkins Azure CLI Plugin |
2025-10-29T13:29:45.804Z | 2025-11-04T21:14:34.461Z |
| cve-2025-64139 | N/A | A missing permission check in Jenkins Start Windo… |
Jenkins Project |
Jenkins Start Windocks Containers Plugin |
2025-10-29T13:29:45.114Z | 2025-11-04T21:14:33.120Z |
| cve-2025-64138 | N/A | A cross-site request forgery (CSRF) vulnerability… |
Jenkins Project |
Jenkins Start Windocks Containers Plugin |
2025-10-29T13:29:44.349Z | 2025-11-04T21:14:31.752Z |
| cve-2025-64137 | N/A | A missing permission check in Jenkins Themis Plug… |
Jenkins Project |
Jenkins Themis Plugin |
2025-10-29T13:29:43.669Z | 2025-11-04T21:14:30.356Z |
| cve-2025-64136 | N/A | A cross-site request forgery (CSRF) vulnerability… |
Jenkins Project |
Jenkins Themis Plugin |
2025-10-29T13:29:42.998Z | 2025-11-04T21:14:29.011Z |
| cve-2025-64135 | N/A | Jenkins Eggplant Runner Plugin 0.0.1.301.v963cffe… |
Jenkins Project |
Jenkins Eggplant Runner Plugin |
2025-10-29T13:29:42.358Z | 2025-11-04T21:14:27.669Z |
| cve-2025-64134 | N/A | Jenkins JDepend Plugin 1.3.1 and earlier includes… |
Jenkins Project |
Jenkins JDepend Plugin |
2025-10-29T13:29:41.699Z | 2025-11-04T21:14:26.342Z |
| cve-2025-64133 | N/A | A cross-site request forgery (CSRF) vulnerability… |
Jenkins Project |
Jenkins Extensible Choice Parameter Plugin |
2025-10-29T13:29:41.045Z | 2025-11-04T21:14:25.010Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-11202 | 9.8 (v3.0) | win-cli-mcp-server resolveCommandPath Command Injectio… |
win-cli-mcp-server |
win-cli-mcp-server |
2025-10-29T19:36:39.563Z | 2025-10-30T14:35:53.727Z |
| cve-2025-11201 | 8.1 (v3.0) | MLflow Tracking Server Model Creation Directory Traver… |
MLflow |
MLflow |
2025-10-29T19:37:10.690Z | 2025-10-31T03:55:31.166Z |
| cve-2025-11200 | 8.1 (v3.0) | MLflow Weak Password Requirements Authentication Bypas… |
MLflow |
MLflow |
2025-10-29T19:42:03.734Z | 2025-10-31T03:55:31.971Z |
| cve-2025-10934 | 7.8 (v3.0) | GIMP XWD File Parsing Heap-based Buffer Overflow Remot… |
GIMP |
GIMP |
2025-10-29T19:58:55.670Z | 2025-11-04T00:12:05.168Z |
| cve-2025-10925 | 7.8 (v3.0) | GIMP ILBM File Parsing Stack-based Buffer Overflow Rem… |
GIMP |
GIMP |
2025-10-29T19:29:54.680Z | 2025-10-31T03:55:16.818Z |
| cve-2025-10924 | 7.8 (v3.0) | GIMP FF File Parsing Integer Overflow Remote Code Exec… |
GIMP |
GIMP |
2025-10-29T19:29:50.398Z | 2025-10-31T03:55:15.889Z |
| cve-2025-10923 | 7.8 (v3.0) | GIMP WBMP File Parsing Integer Overflow Remote Code Ex… |
GIMP |
GIMP |
2025-10-29T19:29:46.493Z | 2025-10-31T03:55:14.539Z |
| cve-2025-10922 | 7.8 (v3.0) | GIMP DCM File Parsing Heap-based Buffer Overflow Remot… |
GIMP |
GIMP |
2025-10-29T19:29:42.905Z | 2025-11-03T17:31:38.433Z |
| cve-2025-10921 | 7.8 (v3.0) | GIMP HDR File Parsing Heap-based Buffer Overflow Remot… |
GIMP |
GIMP |
2025-10-29T19:29:39.135Z | 2025-11-03T17:31:37.440Z |
| cve-2025-10920 | 7.8 (v3.0) | GIMP ICNS File Parsing Out-Of-Bounds Write Remote Code… |
GIMP |
GIMP |
2025-10-29T19:29:35.471Z | 2025-10-30T03:56:05.775Z |
| cve-2025-64104 | LangGraph SQLite Checkpoint Filter Key SQL Injection P… |
langchain-ai |
langgraph |
2025-10-29T18:55:06.129Z | 2025-10-30T15:33:07.541Z | |
| cve-2025-64103 | Zitadel Bypass Second Authentication Factor |
zitadel |
zitadel |
2025-10-29T18:43:46.934Z | 2025-10-30T14:51:19.189Z | |
| cve-2025-64102 | Zitadel allows brute-forcing authentication factors |
zitadel |
zitadel |
2025-10-29T18:36:15.390Z | 2025-10-30T14:53:53.184Z | |
| cve-2025-64101 | ZITADEL Vulnerable to Account Takeover via Malicious F… |
zitadel |
zitadel |
2025-10-29T18:30:14.999Z | 2025-10-29T19:35:39.237Z | |
| cve-2025-61876 | N/A | Insecure Direct Object Reference (IDOR) in /tenan… |
n/a |
n/a |
2025-10-29T00:00:00.000Z | 2025-10-30T14:35:48.145Z |
| cve-2018-25120 | 9.3 (v4.0) | D-Link DNS-343 ShareCenter <= 1.05 Command Injection v… |
D-Link |
DNS-343 ShareCenter |
2025-10-29T18:39:03.581Z | 2025-10-30T17:37:43.230Z |
| cve-2025-64100 | CKAN Vulnerable to Session Cookie Fixation |
ckan |
ckan |
2025-10-29T17:54:51.997Z | 2025-10-29T19:29:13.337Z | |
| cve-2025-62797 | CSRF in FluxCP account endpoints allows account takeov… |
rathena |
FluxCP |
2025-10-29T17:49:07.899Z | 2025-10-29T19:01:54.985Z | |
| cve-2025-57227 | N/A | An unquoted service path in Kingosoft Technology … |
n/a |
n/a |
2025-10-29T00:00:00.000Z | 2025-10-29T20:31:06.475Z |
| cve-2025-35980 | N/A | {'providerMetadata': {'orgId': 'b86d76f8-0f8a-4a96-a78d-d8abfc7fc29b', 'shortName': 'talos', 'dateUpdated': '2025-10-29T17:55:21.990Z'}, 'rejectedReasons': [{'lang': 'en', 'value': '** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: The CNA or individual who requested this candidate did not associate it with any vulnerability during 2025. Notes: none.'}]} | N/A | N/A | 2025-10-29T17:55:21.990Z | |
| cve-2025-11232 | Invalid characters cause assert |
ISC |
Kea |
2025-10-29T18:02:39.421Z | 2025-11-04T21:09:09.184Z | |
| cve-2025-62792 | Wazuh vulnerable to Heap-based Buffer Over-read in w_e… |
wazuh |
wazuh |
2025-10-29T16:50:05.994Z | 2025-10-29T18:10:35.915Z | |
| cve-2025-62791 | Wazuh vulnerable to NULL pointer dereference in DecodeCiscat |
wazuh |
wazuh |
2025-10-29T16:48:25.220Z | 2025-10-29T19:03:17.183Z | |
| cve-2025-62790 | Wazuh vulnerable to NULL pointer dereference in fim_fe… |
wazuh |
wazuh |
2025-10-29T16:46:31.020Z | 2025-10-29T19:08:06.068Z | |
| cve-2025-62789 | Wazuh vulnerable to NULL pointer dereference in fim_al… |
wazuh |
wazuh |
2025-10-29T16:44:30.540Z | 2025-10-29T19:09:13.693Z | |
| cve-2025-62788 | Wazuh Vulnerable to Heap Use After Free in w_copy_even… |
wazuh |
wazuh |
2025-10-29T16:42:35.789Z | 2025-10-29T19:15:30.726Z | |
| cve-2025-62787 | Wazuh Vulnerable to Heap-based Buffer Over-read in Dec… |
wazuh |
wazuh |
2025-10-29T16:30:26.950Z | 2025-10-29T17:38:48.781Z | |
| cve-2025-61234 | N/A | Incorrect access control on Dataphone A920 v2025.… |
n/a |
n/a |
2025-10-29T00:00:00.000Z | 2025-10-30T20:31:01.774Z |
| cve-2025-60595 | N/A | SPH Engineering UgCS 5.13.0 is vulnerable to Arbi… |
n/a |
n/a |
2025-10-29T00:00:00.000Z | 2025-10-30T20:29:49.865Z |
| cve-2025-56558 | N/A | An issue discovered in Dyson App v6.1.23041-23595… |
n/a |
n/a |
2025-10-29T00:00:00.000Z | 2025-10-29T20:38:05.202Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-188341 | Malicious code in norma-public-grus-supercluster (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188340 | Malicious code in non-blocking-miranda-gridsome-cosmicray (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188339 | Malicious code in non-blocking-luna-axios-pegasus (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188338 | Malicious code in nodemon-vega-umbriel-polaris (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188337 | Malicious code in nodemon-terser-webpack-plugin-private-mantle (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188336 | Malicious code in nodemon-slides-frontend-tethys (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188335 | Malicious code in nodemon-meissa-outercore-hyperion (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188334 | Malicious code in nodemon-kinetic-native-cassini (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188333 | Malicious code in nodemon-heka-wezen-meissa (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188332 | Malicious code in nodemon-europa-antares-frontend (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188331 | Malicious code in nodemon-css-loader-husky-parcel (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188330 | Malicious code in nodejs-sublimation-blueshift-ganymede (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188329 | Malicious code in nodejs-sass-loader-carina-duplex (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188328 | Malicious code in nodejs-radioastronomy-tailwindcss-chalk (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188327 | Malicious code in nodejs-oberon-ignite-node-sass (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188326 | Malicious code in nodejs-hyperion-quito-start (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188325 | Malicious code in nodejs-csrf-sagitta-materialize (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188324 | Malicious code in nodejs-cosmicweb-chakra-ui-vortex (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188323 | Malicious code in node-sass-slides-koa-hexo (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188322 | Malicious code in node-sass-nuxtjs-octans-eris (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188321 | Malicious code in node-sass-nashira-xerxes-css-minimizer-webpack-plugin (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188320 | Malicious code in node-sass-mutation-cladistics-helios (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188319 | Malicious code in node-sass-luna-ora-terser-webpack-plugin (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188318 | Malicious code in node-sass-kastra-bellatrix-express (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188317 | Malicious code in node-sass-ignite-dotenv-safe-neptunology (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188316 | Malicious code in node-sass-eslint-kaus-relay (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188315 | Malicious code in node-sass-commitlint-lynx-public (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188314 | Malicious code in node-sass-blitz-paleobotany-decoherence (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188313 | Malicious code in node-optimize-table-alpha-final (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188312 | Malicious code in node-mu-private-new-runtime (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:3931 | Red Hat Security Advisory: kernel security update | 2025-04-15T20:47:09+00:00 | 2025-11-06T22:35:58+00:00 |
| rhsa-2025:3930 | Red Hat Security Advisory: RHACS 4.7 security update | 2025-04-15T20:29:23+00:00 | 2025-11-15T00:11:54+00:00 |
| rhsa-2025:3929 | Red Hat Security Advisory: ACS 4.6 enhancement and security update | 2025-04-15T19:52:32+00:00 | 2025-11-15T00:11:53+00:00 |
| rhsa-2025:3928 | Red Hat Security Advisory: ACS 4.5 enhancement and security update | 2025-04-15T19:46:07+00:00 | 2025-11-15T00:11:53+00:00 |
| rhsa-2025:3922 | Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.5.10 | 2025-04-15T17:24:31+00:00 | 2025-11-15T00:11:53+00:00 |
| rhsa-2025:3913 | Red Hat Security Advisory: expat security update | 2025-04-15T16:28:28+00:00 | 2025-11-07T18:40:23+00:00 |
| rhsa-2025:3903 | Red Hat Security Advisory: kernel security update | 2025-04-15T11:55:07+00:00 | 2025-11-06T22:35:53+00:00 |
| rhsa-2025:3901 | Red Hat Security Advisory: kernel-rt security update | 2025-04-15T11:41:33+00:00 | 2025-11-06T22:35:53+00:00 |
| rhsa-2025:3893 | Red Hat Security Advisory: kernel security update | 2025-04-15T09:57:12+00:00 | 2025-11-11T16:17:53+00:00 |
| rhsa-2025:3894 | Red Hat Security Advisory: kernel-rt security update | 2025-04-15T09:50:32+00:00 | 2025-11-11T16:17:54+00:00 |
| rhsa-2025:3888 | Red Hat Security Advisory: kernel security update | 2025-04-15T09:09:47+00:00 | 2025-11-06T22:35:51+00:00 |
| rhsa-2025:3889 | Red Hat Security Advisory: kernel-rt security update | 2025-04-15T09:00:01+00:00 | 2025-11-06T22:35:51+00:00 |
| rhsa-2025:3887 | Red Hat Security Advisory: kernel security update | 2025-04-15T08:21:07+00:00 | 2025-11-06T22:35:51+00:00 |
| rhsa-2025:3886 | Red Hat Security Advisory: RHOAI 2.19.0 - Red Hat OpenShift AI | 2025-04-15T07:52:02+00:00 | 2025-11-15T00:11:52+00:00 |
| rhsa-2025:3880 | Red Hat Security Advisory: kernel security update | 2025-04-15T02:10:46+00:00 | 2025-11-06T22:35:51+00:00 |
| rhsa-2025:3871 | Red Hat Security Advisory: kernel security update | 2025-04-15T01:38:57+00:00 | 2025-11-06T22:35:50+00:00 |
| rhsa-2025:3863 | Red Hat Security Advisory: Red Hat multicluster global hub 1.3.3 bug fixes and container update | 2025-04-14T18:00:47+00:00 | 2025-11-15T00:11:52+00:00 |
| rhsa-2025:3867 | Red Hat Security Advisory: Network Observability 1.8.1 for OpenShift | 2025-04-14T16:34:44+00:00 | 2025-11-06T22:35:55+00:00 |
| rhsa-2025:3861 | Red Hat Security Advisory: kernel-rt security update | 2025-04-14T15:14:00+00:00 | 2025-11-06T22:35:50+00:00 |
| rhsa-2025:3837 | Red Hat Security Advisory: openssh security update | 2025-04-14T11:04:59+00:00 | 2025-11-06T23:34:59+00:00 |
| rhsa-2025:3838 | Red Hat Security Advisory: kernel security update | 2025-04-14T10:53:04+00:00 | 2025-11-06T22:35:49+00:00 |
| rhsa-2025:3839 | Red Hat Security Advisory: kernel-rt security update | 2025-04-14T10:51:55+00:00 | 2025-11-06T22:35:50+00:00 |
| rhsa-2025:3833 | Red Hat Security Advisory: gvisor-tap-vsock security update | 2025-04-14T09:21:59+00:00 | 2025-11-15T00:11:52+00:00 |
| rhsa-2025:3832 | Red Hat Security Advisory: kernel security update | 2025-04-14T08:14:34+00:00 | 2025-11-06T22:35:49+00:00 |
| rhsa-2025:3827 | Red Hat Security Advisory: kernel security update | 2025-04-14T01:26:43+00:00 | 2025-11-06T22:35:49+00:00 |
| rhsa-2025:3573 | Red Hat Security Advisory: OpenShift Container Platform 4.12.75 packages and security update | 2025-04-10T21:37:13+00:00 | 2025-11-14T21:13:07+00:00 |
| rhsa-2025:3820 | Red Hat Security Advisory: RHTAS 1.1.2 - Red Hat Trusted Artifact Signer Release | 2025-04-10T17:22:43+00:00 | 2025-11-15T00:11:52+00:00 |
| rhsa-2025:3814 | Red Hat Security Advisory: RHTAS 1.1.2 - Red Hat Trusted Artifact Signer Release | 2025-04-10T15:20:44+00:00 | 2025-11-15T00:11:51+00:00 |
| rhsa-2025:3813 | Red Hat Security Advisory: RHTAS 1.1.2 - Red Hat Trusted Artifact Signer Release | 2025-04-10T14:56:45+00:00 | 2025-11-15T00:11:50+00:00 |
| rhsa-2025:3811 | Red Hat Security Advisory: RHTAS 1.1.2 - Red Hat Trusted Artifact Signer Release | 2025-04-10T14:32:08+00:00 | 2025-11-15T00:11:50+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2024-56567 | ad7780: fix division by zero in ad7780_write_raw() | 2024-12-02T00:00:00.000Z | 2025-03-08T00:00:00.000Z |
| msrc_cve-2024-56566 | mm/slub: Avoid list corruption when removing a slab from the full list | 2024-12-02T00:00:00.000Z | 2025-09-25T01:02:33.000Z |
| msrc_cve-2024-56565 | f2fs: fix to drop all discards after creating snapshot on lvm device | 2024-12-02T00:00:00.000Z | 2025-10-10T14:35:28.000Z |
| msrc_cve-2024-56551 | drm/amdgpu: fix usage slab after free | 2024-12-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-56549 | cachefiles: Fix NULL pointer dereference in object->file | 2024-12-02T00:00:00.000Z | 2025-09-03T21:21:02.000Z |
| msrc_cve-2024-56548 | hfsplus: don't query the device logical block size multiple times | 2024-12-02T00:00:00.000Z | 2025-03-08T00:00:00.000Z |
| msrc_cve-2024-56538 | drm: zynqmp_kms: Unplug DRM device before removal | 2024-12-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-56433 | shadow-utils (aka shadow) 4.4 through 4.17.0 establishes a default /etc/subuid behavior (e.g., uid 100000 through 165535 for the first user account) that can realistically conflict with the uids of users defined on locally administered networks, potentially leading to account takeover, e.g., by leveraging newuidmap for access to an NFS home directory (or same-host resources in the case of remote logins by these local network users). NOTE: it may also be argued that system administrators should not have assigned uids, within local networks, that are within the range that can occur in /etc/subuid. | 2024-12-02T00:00:00.000Z | 2025-09-03T21:50:29.000Z |
| msrc_cve-2024-56326 | Jinja has a sandbox breakout through indirect reference to format method | 2024-12-02T00:00:00.000Z | 2025-01-17T00:00:00.000Z |
| msrc_cve-2024-56201 | Jinja has a sandbox breakout through malicious filenames | 2024-12-02T00:00:00.000Z | 2025-02-22T00:00:00.000Z |
| msrc_cve-2024-54661 | readline.sh in socat before1.8.0.2 relies on the /tmp/$USER/stderr2 file. | 2024-12-02T00:00:00.000Z | 2025-01-17T00:00:00.000Z |
| msrc_cve-2024-54132 | GitHub CLI allows downloading malicious GitHub Actions workflow artifact to result in path traversal vulnerability | 2024-12-02T00:00:00.000Z | 2024-12-21T00:00:00.000Z |
| msrc_cve-2024-53846 | ssl fails to validate incorrect extened key usage | 2024-12-02T00:00:00.000Z | 2024-12-20T00:00:00.000Z |
| msrc_cve-2024-53589 | GNU objdump 2.43 is vulnerable to Buffer Overflow in the BFD (Binary File Descriptor) library's handling of tekhex format files. | 2024-12-02T00:00:00.000Z | 2025-09-03T21:53:33.000Z |
| msrc_cve-2024-53580 | iperf v3.17.1 was discovered to contain a segmentation violation via the iperf_exchange_parameters() function. | 2024-12-02T00:00:00.000Z | 2025-01-17T00:00:00.000Z |
| msrc_cve-2024-53259 | quic-go affected by an ICMP Packet Too Large Injection Attack on Linux | 2024-12-02T00:00:00.000Z | 2025-04-16T00:00:00.000Z |
| msrc_cve-2024-53257 | Vitess allows HTML injection in /debug/querylogz & /debug/env | 2024-12-02T00:00:00.000Z | 2025-04-16T00:00:00.000Z |
| msrc_cve-2024-53239 | ALSA: 6fire: Release resources at card release | 2024-12-02T00:00:00.000Z | 2025-03-08T00:00:00.000Z |
| msrc_cve-2024-53237 | Bluetooth: fix use-after-free in device_for_each_child() | 2024-12-02T00:00:00.000Z | 2025-03-08T00:00:00.000Z |
| msrc_cve-2024-53234 | erofs: handle NONHEAD !delta[1] lclusters gracefully | 2024-12-02T00:00:00.000Z | 2025-10-10T01:01:52.000Z |
| msrc_cve-2024-53231 | cpufreq: CPPC: Fix possible null-ptr-deref for cpufreq_cpu_get_raw() | 2024-12-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-53230 | cpufreq: CPPC: Fix possible null-ptr-deref for cppc_get_cpu_cost() | 2024-12-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-53227 | scsi: bfa: Fix use-after-free in bfad_im_module_exit() | 2024-12-02T00:00:00.000Z | 2025-03-08T00:00:00.000Z |
| msrc_cve-2024-53226 | RDMA/hns: Fix NULL pointer derefernce in hns_roce_map_mr_sg() | 2024-12-02T00:00:00.000Z | 2025-03-08T00:00:00.000Z |
| msrc_cve-2024-53222 | zram: fix NULL pointer in comp_algorithm_show() | 2024-12-02T00:00:00.000Z | 2025-09-03T21:18:57.000Z |
| msrc_cve-2024-53221 | f2fs: fix null-ptr-deref in f2fs_submit_page_bio() | 2024-12-02T00:00:00.000Z | 2025-09-04T00:18:53.000Z |
| msrc_cve-2024-53220 | f2fs: fix to account dirty data in __get_secs_required() | 2024-12-02T00:00:00.000Z | 2025-10-10T01:01:46.000Z |
| msrc_cve-2024-53219 | virtiofs: use pages instead of pointer for kernel direct IO | 2024-12-02T00:00:00.000Z | 2025-09-03T22:37:01.000Z |
| msrc_cve-2024-53217 | NFSD: Prevent NULL dereference in nfsd4_process_cb_update() | 2024-12-02T00:00:00.000Z | 2025-03-08T00:00:00.000Z |
| msrc_cve-2024-53215 | svcrdma: fix miss destroy percpu_counter in svc_rdma_proc_init() | 2024-12-02T00:00:00.000Z | 2025-03-08T00:00:00.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2013-000088 | ChamaCargo vulnerable to cross-site scripting | 2013-09-13T12:21+09:00 | 2013-09-18T16:12+09:00 |
| jvndb-2013-000086 | Opera vulnerable to cross-site scripting | 2013-09-12T14:13+09:00 | 2013-09-17T14:20+09:00 |
| jvndb-2013-000082 | Cybozu Office vulnerable to cross-site scripting | 2013-09-10T13:56+09:00 | 2013-09-11T13:34+09:00 |
| jvndb-2013-003469 | Apache Struts vulnerable to remote command execution | 2013-09-06T14:12+09:00 | 2015-08-11T15:19+09:00 |
| jvndb-2013-000085 | VMware ESX and ESXi vulnerable to buffer overflow | 2013-09-06T14:03+09:00 | 2013-09-11T14:06+09:00 |
| jvndb-2013-000084 | VMware ESX and ESXi vulnerable to directory traversal | 2013-09-06T13:59+09:00 | 2013-09-11T13:59+09:00 |
| jvndb-2013-000081 | EC-CUBE vulnerable to directory traversal when used in Windows | 2013-08-30T14:38+09:00 | 2013-09-02T18:25+09:00 |
| jvndb-2013-000080 | PHP OpenID Library vulnerable to XML external entity injection | 2013-08-21T14:26+09:00 | 2013-08-23T18:38+09:00 |
| jvndb-2013-000079 | Yahoo! Japan Shopping for Android contains an issue where it fails to verify SSL server certificates | 2013-08-19T15:50+09:00 | 2013-08-23T18:42+09:00 |
| jvndb-2013-000078 | Yafuoku! contains an issue where it fails to verify SSL server certificates | 2013-08-19T15:35+09:00 | 2013-08-23T18:43+09:00 |
| jvndb-2013-000077 | Cybozu Mailwise vulnerable to information disclosure | 2013-08-13T12:22+09:00 | 2013-08-20T11:37+09:00 |
| jvndb-2013-000075 | docomo overseas usage application vulnerability in the connection process | 2013-08-07T15:01+09:00 | 2013-08-14T14:17+09:00 |
| jvndb-2013-000076 | JP1/IT Desktop Management - Manager and Hitachi IT Operations Director vulnerable to privilege escalation | 2013-07-29T13:39+09:00 | 2013-08-02T18:17+09:00 |
| jvndb-2012-002110 | WordPress vulnerable to cross-site scripting | 2013-07-26T13:33+09:00 | 2013-07-26T13:33+09:00 |
| jvndb-2013-003391 | Oracle Enterprise Manager vulnerable to cross-site scripting | 2013-07-22T15:00+09:00 | 2013-07-22T15:00+09:00 |
| jvndb-2013-000072 | JBoss RichFaces vulnerable to remote code execution | 2013-07-19T12:32+09:00 | 2013-07-24T16:16+09:00 |
| jvndb-2013-000071 | Oracle Outside In vulnerable to denial-of-service (DoS) | 2013-07-17T13:56+09:00 | 2013-08-28T14:31+09:00 |
| jvndb-2013-000070 | Oracle Outside In vulnerable to buffer overflow | 2013-07-17T13:45+09:00 | 2014-02-24T16:38+09:00 |
| jvndb-2013-000069 | Cybozu Office session management vulnerability | 2013-07-16T12:27+09:00 | 2013-07-23T19:09+09:00 |
| jvndb-2013-000068 | AQUOS PhotoPlayer HN-PP150 vulnerable to denial-of-service (DoS) | 2013-07-11T15:39+09:00 | 2013-07-16T14:21+09:00 |
| jvndb-2013-000066 | POST-MAIL vulnerable to cross-site scripting | 2013-06-27T14:38+09:00 | 2013-07-02T15:47+09:00 |
| jvndb-2013-000067 | CLIP-MAIL vulnerable to cross-site scripting | 2013-06-27T14:35+09:00 | 2013-07-02T15:52+09:00 |
| jvndb-2013-000065 | EC-CUBE vulnerable to directory traversal | 2013-06-27T14:33+09:00 | 2013-07-02T16:15+09:00 |
| jvndb-2013-000064 | EC-CUBE vulnerable to cross-site scripting | 2013-06-27T14:31+09:00 | 2013-07-02T16:10+09:00 |
| jvndb-2013-000063 | EC-CUBE vulnerable to cross-site scripting | 2013-06-27T14:31+09:00 | 2013-07-02T16:06+09:00 |
| jvndb-2013-000062 | EC-CUBE vulnerable to code injection | 2013-06-27T14:29+09:00 | 2013-07-02T16:01+09:00 |
| jvndb-2013-000061 | EC-CUBE vulnerable to directory traversal | 2013-06-27T14:29+09:00 | 2013-07-02T15:57+09:00 |
| jvndb-2013-003074 | Cross-site Scripting Vulnerability in Hitachi Command Suite Products | 2013-06-20T14:37+09:00 | 2013-06-20T14:37+09:00 |
| jvndb-2013-003073 | Vulnerability in JP1/HIBUN Advanced Edition Information Cypher Removable Media Encryption | 2013-06-20T14:24+09:00 | 2013-06-20T14:24+09:00 |
| jvndb-2013-000060 | Cybozu Live for Android vulnerable in the WebView class | 2013-06-18T15:20+09:00 | 2013-06-26T14:43+09:00 |
| ID | Description | Updated |
|---|