Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-48rj-4wmq-xq7p | IPFire versions prior to 2.29 (Core Update 198) contain a stored cross-site scripting (XSS) vulnera… | 2025-10-28T15:30:44Z | 2025-11-03T18:31:50Z |
| ghsa-2hwv-ff5w-xmw9 | IPFire versions prior to 2.29 (Core Update 198) contain a SQL injection vulnerability that allows a… | 2025-10-28T15:30:44Z | 2025-11-03T18:31:50Z |
| ghsa-wqw9-fwjq-chcw | A use-after-free vulnerability exists in the XML parser functionality of GCC Productions Inc. Fade … | 2025-10-28T15:30:43Z | 2025-11-03T18:31:49Z |
| ghsa-rg35-5v25-mqvp | Keycloak vulnerable to session takeovers due to reuse of session identifiers | 2025-10-28T15:30:43Z | 2025-11-14T00:30:27Z |
| ghsa-qwm8-rr7r-8h48 | By making minor configuration changes to the TropOS 4th Gen device, an authenticated user with the … | 2025-10-28T15:30:43Z | 2025-10-28T15:30:43Z |
| ghsa-mmmm-6m78-44q2 | Starting with Firefox 142, it was possible for a compromised child process to trigger a use-after-f… | 2025-10-28T15:30:43Z | 2025-10-29T15:31:53Z |
| ghsa-hrh8-rvch-7hh9 | A flaw was found in Red Hat Openshift AI Service. The TrustyAI component is granting all service ac… | 2025-10-28T15:30:43Z | 2025-11-12T18:31:04Z |
| ghsa-4h48-5g6c-r5j3 | Command injection vulnerability exists in the “Logging” page of the web-based configuration utility… | 2025-10-28T15:30:43Z | 2025-10-28T15:30:43Z |
| ghsa-28jm-jxrw-gvxg | The “Diagnostics Tools” page of the web-based configuration utility does not properly validate user… | 2025-10-28T15:30:43Z | 2025-10-28T15:30:43Z |
| ghsa-9pp9-cfwx-54rm | ImageMagick has Integer Overflow in BMP Decoder (ReadBMP) | 2025-10-28T14:43:20Z | 2025-11-03T18:31:46Z |
| ghsa-xrxh-pcqg-5r4x | In the Linux kernel, the following vulnerability has been resolved: ocfs2: fix double free in user… | 2025-10-28T12:30:17Z | 2025-10-29T15:31:53Z |
| ghsa-xj3g-qjx7-6cfm | In the Linux kernel, the following vulnerability has been resolved: tty: n_gsm: Don't block input … | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-w5hw-p7rf-8672 | In the Linux kernel, the following vulnerability has been resolved: fanotify: Validate the return … | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-rxpf-8w5h-7fch | In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: reject index allocat… | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-rvq5-xw4g-6wj7 | In the Linux kernel, the following vulnerability has been resolved: bpf: Explicitly check accesses… | 2025-10-28T12:30:17Z | 2025-10-29T15:31:53Z |
| ghsa-r76g-qww9-ch8r | In the Linux kernel, the following vulnerability has been resolved: hfsplus: fix slab-out-of-bound… | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-qqfp-3f8f-fv6r | In the Linux kernel, the following vulnerability has been resolved: vhost: vringh: Fix copy_to_ite… | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-pv64-h258-4663 | In the Linux kernel, the following vulnerability has been resolved: drm/msm: Do not validate SSPP … | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-p5wm-p7x9-9mrc | In the Linux kernel, the following vulnerability has been resolved: coresight: Fix incorrect handl… | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-mp9c-x94p-8jh7 | In the Linux kernel, the following vulnerability has been resolved: nbd: restrict sockets to TCP a… | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-m7w6-fmw8-2v8x | In the Linux kernel, the following vulnerability has been resolved: RISC-V: KVM: Write hgatp regis… | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-hwfw-95mf-c924 | In the Linux kernel, the following vulnerability has been resolved: iommu/vt-d: Disallow dirty tra… | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-hw24-w8rj-6q65 | In the Linux kernel, the following vulnerability has been resolved: riscv, bpf: Sign extend struct… | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-gv9m-p4c7-mxp3 | In the Linux kernel, the following vulnerability has been resolved: fs: ntfs3: Fix integer overflo… | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-g35w-4vfx-hjpg | In the Linux kernel, the following vulnerability has been resolved: ipv4: start using dst_dev_rcu(… | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-c64c-4m7r-82v9 | In the Linux kernel, the following vulnerability has been resolved: RDMA/rxe: Fix race in do_task(… | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-c442-5cxr-p4xq | In the Linux kernel, the following vulnerability has been resolved: smc: Fix use-after-free in __p… | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-94hr-47ff-rmcx | In the Linux kernel, the following vulnerability has been resolved: crypto: comp - Use same defini… | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-8w6p-wg52-cjgx | In the Linux kernel, the following vulnerability has been resolved: coresight: trbe: Return NULL p… | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ghsa-8r3f-48gc-phmq | In the Linux kernel, the following vulnerability has been resolved: wifi: mt76: mt7996: Check phy … | 2025-10-28T12:30:17Z | 2025-10-28T12:30:17Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-34305 | 5.1 (v4.0) | IPFire < v2.29 Stored XSS via Multiple Methods in clea… |
IPFire.org |
IPFire |
2025-10-28T14:34:36.345Z | 2025-10-29T18:09:14.373Z |
| cve-2025-34310 | 5.1 (v4.0) | IPFire < v2.29 Stored XSS via Quality of Service (QoS)… |
IPFire.org |
IPFire |
2025-10-28T14:34:18.157Z | 2025-10-29T18:12:26.568Z |
| cve-2025-34315 | 5.1 (v4.0) | IPFire < v2.29 Stored XSS via Remote Syslog Server Address |
IPFire.org |
IPFire |
2025-10-28T14:33:54.312Z | 2025-10-29T18:13:29.333Z |
| cve-2025-34302 | 5.1 (v4.0) | IPFire < v2.29 Stored XSS via Service Creation |
IPFire.org |
IPFire |
2025-10-28T14:33:32.017Z | 2025-10-29T19:00:31.741Z |
| cve-2025-34314 | 5.1 (v4.0) | IPFire < v2.29 Stored XSS via Time Constraint Rule URL… |
IPFire.org |
IPFire |
2025-10-28T14:33:09.667Z | 2025-10-29T18:26:57.565Z |
| cve-2025-34313 | 5.1 (v4.0) | IPFire < v2.29 Stored XSS via User Quota Rule URL Filter |
IPFire.org |
IPFire |
2025-10-28T14:32:47.658Z | 2025-10-28T20:02:22.245Z |
| cve-2025-34303 | 5.1 (v4.0) | IPFire < v2.29 Stored XSS via Whitelisted Host Creation |
IPFire.org |
IPFire |
2025-10-28T14:32:25.557Z | 2025-10-28T19:55:14.149Z |
| cve-2025-12380 | N/A | Use-after-free in WebGPU internals triggered from a co… |
Mozilla |
Firefox |
2025-10-28T14:06:34.814Z | 2025-11-04T15:47:51.527Z |
| cve-2025-53855 | An out-of-bounds write vulnerability exists in th… |
GCC Productions Inc. |
Fade In |
2025-10-28T13:45:40.355Z | 2025-11-03T17:45:01.203Z | |
| cve-2025-53814 | A use-after-free vulnerability exists in the XML … |
GCC Productions Inc. |
Fade In |
2025-10-28T13:45:38.831Z | 2025-11-03T17:44:59.975Z | |
| cve-2025-12103 | 5 (v3.1) | Openshift-ai: trusty ai grants all authenticated users… |
Red Hat |
Red Hat OpenShift AI 3.0 |
2025-10-28T13:31:59.318Z | 2025-11-12T16:41:13.699Z |
| cve-2025-12390 | 6 (v3.1) | Org.keycloak.protocol.oidc.endpoints.logoutendpoint: o… |
Red Hat |
Red Hat build of Keycloak 26.4 |
2025-10-28T13:23:34.634Z | 2025-11-13T22:32:57.560Z |
| cve-2025-1038 | 7.5 (v4.0) | The “Diagnostics Tools” page of the web-based con… |
Hitachi Energy |
TropOS 4th Gen |
2025-10-28T12:17:23.182Z | 2025-10-28T13:11:10.628Z |
| cve-2025-1037 | 7.5 (v4.0) | By making minor configuration changes to the Trop… |
Hitachi Energy |
TropOS 4th Gen |
2025-10-28T12:16:36.060Z | 2025-10-28T13:13:02.115Z |
| cve-2025-1036 | 8.7 (v4.0) | Command injection vulnerability exists in the “Lo… |
Hitachi Energy |
TropOS 4th Gen |
2025-10-28T12:15:29.573Z | 2025-10-28T13:14:18.210Z |
| cve-2025-9313 | 9.3 (v4.0) | Unauthorized database access in Asseco mMedica |
Asseco Poland S.A. |
mMedica |
2025-10-28T11:49:29.119Z | 2025-10-28T13:15:31.459Z |
| cve-2025-40082 | N/A | hfsplus: fix slab-out-of-bounds read in hfsplus_uni2asc() |
Linux |
Linux |
2025-10-28T11:48:45.975Z | 2025-10-28T11:48:45.975Z |
| cve-2025-40081 | N/A | perf: arm_spe: Prevent overflow in PERF_IDX2OFF() |
Linux |
Linux |
2025-10-28T11:48:45.392Z | 2025-10-29T13:20:01.782Z |
| cve-2025-40080 | N/A | nbd: restrict sockets to TCP and UDP |
Linux |
Linux |
2025-10-28T11:48:44.796Z | 2025-10-28T11:48:44.796Z |
| cve-2025-40079 | N/A | riscv, bpf: Sign extend struct ops return values properly |
Linux |
Linux |
2025-10-28T11:48:44.122Z | 2025-10-28T11:48:44.122Z |
| cve-2025-40078 | N/A | bpf: Explicitly check accesses to bpf_sock_addr |
Linux |
Linux |
2025-10-28T11:48:43.548Z | 2025-10-29T13:19:59.525Z |
| cve-2025-40077 | N/A | f2fs: fix to avoid overflow while left shift operation |
Linux |
Linux |
2025-10-28T11:48:42.976Z | 2025-10-28T11:48:42.976Z |
| cve-2025-40076 | N/A | PCI: rcar-host: Pass proper IRQ domain to generic_hand… |
Linux |
Linux |
2025-10-28T11:48:42.385Z | 2025-10-28T11:48:42.385Z |
| cve-2025-40075 | N/A | tcp_metrics: use dst_dev_net_rcu() |
Linux |
Linux |
2025-10-28T11:48:41.791Z | 2025-10-28T11:48:41.791Z |
| cve-2025-40074 | N/A | ipv4: start using dst_dev_rcu() |
Linux |
Linux |
2025-10-28T11:48:41.202Z | 2025-10-28T11:48:41.202Z |
| cve-2025-40073 | N/A | drm/msm: Do not validate SSPP when it is not ready |
Linux |
Linux |
2025-10-28T11:48:40.588Z | 2025-10-28T11:48:40.588Z |
| cve-2025-40072 | N/A | fanotify: Validate the return value of mnt_ns_from_den… |
Linux |
Linux |
2025-10-28T11:48:39.999Z | 2025-10-28T11:48:39.999Z |
| cve-2025-40071 | N/A | tty: n_gsm: Don't block input queue by waiting MSC |
Linux |
Linux |
2025-10-28T11:48:39.417Z | 2025-10-28T11:48:39.417Z |
| cve-2025-40070 | N/A | pps: fix warning in pps_register_cdev when register de… |
Linux |
Linux |
2025-10-28T11:48:38.838Z | 2025-10-29T13:19:57.243Z |
| cve-2025-40069 | N/A | drm/msm: Fix obj leak in VM_BIND error path |
Linux |
Linux |
2025-10-28T11:48:38.232Z | 2025-10-28T11:48:38.232Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-64162 | N/A | {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-10-29T03:55:04.987Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} | N/A | N/A | 2025-10-29T03:55:04.987Z | |
| cve-2025-64161 | N/A | {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-10-29T03:55:05.817Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} | N/A | N/A | 2025-10-29T03:55:05.817Z | |
| cve-2025-64160 | N/A | {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-10-29T03:55:06.432Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} | N/A | N/A | 2025-10-29T03:55:06.432Z | |
| cve-2025-64159 | N/A | {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-10-29T03:55:06.994Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} | N/A | N/A | 2025-10-29T03:55:06.994Z | |
| cve-2025-64158 | N/A | {'providerMetadata': {'orgId': '6abe59d8-c742-4dff-8ce8-9b0ca1073da8', 'shortName': 'fortinet', 'dateUpdated': '2025-10-29T03:55:07.530Z'}, 'rejectedReasons': [{'lang': 'en', 'value': 'Not used'}]} | N/A | N/A | 2025-10-29T03:55:07.530Z | |
| cve-2025-57931 | 5.3 (v3.1) | WordPress Popup box plugin <= 5.5.4 - Cross Site Reque… |
Ays Pro |
Popup box |
2025-10-29T04:02:09.962Z | 2025-10-29T14:05:13.270Z |
| cve-2025-4665 | 9.6 (v3.1) | WordPress plugin Contact Form CFDB7 versions up t… |
WordPress Contact Form 7 Database Addon CFDB7 By Arshid |
CFDB7 |
2025-10-28T23:54:29.436Z | 2025-10-29T14:48:16.726Z |
| cve-2025-64095 | DNN Insufficient Access Control - Image Upload allows … |
dnnsoftware |
Dnn.Platform |
2025-10-28T21:46:11.267Z | 2025-10-29T14:51:08.317Z | |
| cve-2025-64094 | DNN vulnerable to stored cross-site-scripting (XSS) vi… |
dnnsoftware |
Dnn.Platform |
2025-10-28T21:44:31.408Z | 2025-10-29T14:52:01.123Z | |
| cve-2025-62802 | DNN CKEditor Provider allows unauthenticated upload ou… |
dnnsoftware |
Dnn.Platform |
2025-10-28T21:42:07.724Z | 2025-10-29T14:53:52.509Z | |
| cve-2025-62801 | FastMCP vulnerable to windows command injection in Fas… |
jlowin |
fastmcp |
2025-10-28T21:36:41.167Z | 2025-10-29T14:54:56.687Z | |
| cve-2025-62800 | FastMCP vulnerable to reflected XSS in client's callba… |
jlowin |
fastmcp |
2025-10-28T21:34:40.392Z | 2025-10-29T15:52:44.433Z | |
| cve-2025-62798 | Sharp user-provided input can be evaluated in a SharpS… |
code16 |
sharp |
2025-10-28T20:58:21.793Z | 2025-10-29T17:31:24.267Z | |
| cve-2025-62796 | PrivateBin persistent HTML injection in attachment fil… |
PrivateBin |
PrivateBin |
2025-10-28T20:47:50.277Z | 2025-10-29T13:31:54.964Z | |
| cve-2025-62794 | GitHub Workflow Updater stored the optional Github tok… |
RichardoC |
github-workflow-updater-extension |
2025-10-28T20:53:14.167Z | 2025-10-29T17:33:19.209Z | |
| cve-2025-62727 | Starlette vulnerable to O(n^2) DoS via Range header me… |
Kludex |
starlette |
2025-10-28T20:14:53.655Z | 2025-11-04T17:41:42.316Z | |
| cve-2025-62368 | Taiga Authenticated Remote Code Execution |
taigaio |
taiga-back |
2025-10-28T20:08:29.569Z | 2025-10-29T17:35:40.840Z | |
| cve-2025-61598 | Discourse is missing Cache-Control response header on … |
discourse |
discourse |
2025-10-28T20:38:54.753Z | 2025-10-29T13:43:00.335Z | |
| cve-2025-43017 | 8.5 (v4.0) | HP ThinPro 8.1 SP8 Security Updates |
HP Inc. |
HP ThinPro 8.1 |
2025-10-28T20:40:19.040Z | 2025-10-30T03:56:02.832Z |
| cve-2025-11375 | 6.5 (v3.1) | Consul's event endpoint is vulnerable to denial of service |
HashiCorp |
Consul |
2025-10-28T20:12:14.325Z | 2025-10-29T17:34:25.690Z |
| cve-2025-11374 | 6.5 (v3.1) | Consul's KV endpoint is vulnerable to denial of service |
HashiCorp |
Consul |
2025-10-28T20:19:05.292Z | 2025-10-28T20:36:06.085Z |
| cve-2025-62367 | Taiga Blind SQL Injection Time Based |
taigaio |
taiga-back |
2025-10-28T20:06:51.497Z | 2025-10-28T20:17:55.146Z | |
| cve-2025-61235 | N/A | An issue was discovered in Dataphone A920 v2025.0… |
n/a |
n/a |
2025-10-28T00:00:00.000Z | 2025-10-29T13:57:25.919Z |
| cve-2025-59837 | astro allows bypass of image proxy domain validation l… |
withastro |
astro |
2025-10-28T19:54:28.683Z | 2025-10-29T17:42:43.327Z | |
| cve-2025-27093 | Sliver does not restricted traffic between Wireguard c… |
BishopFox |
sliver |
2025-10-28T19:29:16.147Z | 2025-10-29T17:43:54.102Z | |
| cve-2025-40843 | 5.9 (v3.1) | Buffer overflow in CodeChecker log command |
Ericsson |
CodeChecker |
2025-10-28T18:49:49.516Z | 2025-10-28T19:30:25.737Z |
| cve-2025-12425 | 10 (v4.0) | Local Privilege Escalation |
Azure Access Technology |
BLU-IC2 |
2025-10-28T18:21:48.593Z | 2025-10-28T19:08:08.029Z |
| cve-2025-12424 | 10 (v4.0) | Privilege Escalation through SUID-bit Binary |
Azure Access Technology |
BLU-IC2 |
2025-10-28T18:18:47.127Z | 2025-10-28T19:10:07.120Z |
| cve-2025-12423 | 10 (v4.0) | Denial of Service - Protocol Manipulation |
Azure Access Technology |
BLU-IC2 |
2025-10-28T18:14:57.727Z | 2025-10-28T19:09:14.374Z |
| cve-2025-61080 | N/A | A reflected Cross-Site Scripting (XSS) vulnerabil… |
n/a |
n/a |
2025-10-28T00:00:00.000Z | 2025-10-28T20:03:28.315Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-188191 | Malicious code in nconf-markdownlint-archaeometry-superagent (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188190 | Malicious code in nconf-gemini-webdriver-mocha-forever (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188189 | Malicious code in nconf-cryptography-paleoanthropology-janus (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188188 | Malicious code in nconf-aurora-ionosphere-callisto (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188187 | Malicious code in native-transform-nightmare-polaris (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188186 | Malicious code in native-thermosphere-hermes-server (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188185 | Malicious code in native-rollup-plugin-sagitta-tectonophysics (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188184 | Malicious code in native-rate-limiter-uninstall-regulus (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188183 | Malicious code in native-quasar-middleware-cz-conventional-changelog (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188182 | Malicious code in native-nashira-seismology-heliophysics (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188181 | Malicious code in native-izar-hugo-start (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188180 | Malicious code in native-galaxy-antares-global (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188179 | Malicious code in native-gacrux-antares-phoenix (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188178 | Malicious code in native-electron-builder-nashira-tachyon (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188177 | Malicious code in native-docusaurus-xerxes-unuk (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188176 | Malicious code in native-coronalmassejection-writable-bionics (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188175 | Malicious code in native-callback-prettier-magellan (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188174 | Malicious code in native-blackhole-parcel-node-sass (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188173 | Malicious code in nashira-winston-aurora-gatsby (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188172 | Malicious code in nashira-materialize-publish-galaxy (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188171 | Malicious code in nashira-dotenv-parse-variables-gulp-lynx (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188170 | Malicious code in nashira-betelgeuse-astrometry-callback (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188169 | Malicious code in nanotechnology-seismology-dotenv-parse-variables-darkenergy (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188168 | Malicious code in nanotechnology-nightwatch-elara-mira (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188167 | Malicious code in nanotechnology-eventhoriz-iota-commitizen (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188166 | Malicious code in nanotechnology-ariel-atlas-loopback (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188165 | Malicious code in mysql-spectron-webdriver-primatology-eslint-plugin (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188164 | Malicious code in mysql-quasar-nodejs-node-sass (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188163 | Malicious code in mysql-local-bootes-triton (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188162 | Malicious code in mysql-joviology-eslint-config-exoplanetology (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:3132 | Red Hat Security Advisory: Logging for Red Hat OpenShift - 6.0.6 | 2025-03-26T17:34:00+00:00 | 2025-11-15T14:36:47+00:00 |
| rhsa-2025:3269 | Red Hat Security Advisory: libreoffice security update | 2025-03-26T15:18:39+00:00 | 2025-11-06T23:24:24+00:00 |
| rhsa-2025:3267 | Red Hat Security Advisory: libreoffice security update | 2025-03-26T14:54:53+00:00 | 2025-11-06T23:24:19+00:00 |
| rhsa-2025:3268 | Red Hat Security Advisory: container-tools:rhel8 security update | 2025-03-26T14:31:13+00:00 | 2025-11-15T14:37:00+00:00 |
| rhsa-2025:3266 | Red Hat Security Advisory: container-tools:rhel8 security update | 2025-03-26T14:25:08+00:00 | 2025-11-15T14:36:57+00:00 |
| rhsa-2025:3262 | Red Hat Security Advisory: nginx:1.24 security update | 2025-03-26T14:24:14+00:00 | 2025-11-06T23:24:18+00:00 |
| rhsa-2025:3260 | Red Hat Security Advisory: kernel security update | 2025-03-26T14:11:44+00:00 | 2025-11-11T16:17:55+00:00 |
| rhsa-2025:3261 | Red Hat Security Advisory: nginx:1.22 security update | 2025-03-26T14:09:28+00:00 | 2025-11-06T23:24:18+00:00 |
| rhsa-2025:3265 | Red Hat Security Advisory: libreoffice security update | 2025-03-26T14:05:48+00:00 | 2025-11-06T23:24:19+00:00 |
| rhsa-2025:3264 | Red Hat Security Advisory: kernel-rt security update | 2025-03-26T14:04:53+00:00 | 2025-11-11T16:17:53+00:00 |
| rhsa-2025:3215 | Red Hat Security Advisory: kernel security update | 2025-03-26T02:23:26+00:00 | 2025-11-11T16:17:51+00:00 |
| rhsa-2025:3210 | Red Hat Security Advisory: container-tools:rhel8 security update | 2025-03-26T02:19:46+00:00 | 2025-11-15T14:36:55+00:00 |
| rhsa-2025:3208 | Red Hat Security Advisory: kernel security update | 2025-03-26T02:18:01+00:00 | 2025-11-11T16:17:48+00:00 |
| rhsa-2025:3216 | Red Hat Security Advisory: kernel security update | 2025-03-26T02:14:41+00:00 | 2025-11-11T16:17:52+00:00 |
| rhsa-2025:3212 | Red Hat Security Advisory: kernel security update | 2025-03-26T02:07:56+00:00 | 2025-11-11T16:17:50+00:00 |
| rhsa-2025:3213 | Red Hat Security Advisory: kernel security update | 2025-03-26T02:04:46+00:00 | 2025-11-11T16:17:51+00:00 |
| rhsa-2025:3211 | Red Hat Security Advisory: kernel-rt security update | 2025-03-26T01:36:31+00:00 | 2025-11-11T16:17:50+00:00 |
| rhsa-2025:3207 | Red Hat Security Advisory: kernel security update | 2025-03-26T01:23:41+00:00 | 2025-11-11T16:17:47+00:00 |
| rhsa-2025:3214 | Red Hat Security Advisory: kernel-rt security update | 2025-03-26T01:15:46+00:00 | 2025-11-11T16:17:51+00:00 |
| rhsa-2025:3209 | Red Hat Security Advisory: kernel security update | 2025-03-26T01:15:11+00:00 | 2025-11-11T16:17:53+00:00 |
| rhsa-2025:3186 | Red Hat Security Advisory: podman security update | 2025-03-25T20:42:41+00:00 | 2025-11-15T14:36:53+00:00 |
| rhsa-2025:3185 | Red Hat Security Advisory: gvisor-tap-vsock security update | 2025-03-25T20:37:10+00:00 | 2025-11-15T14:36:55+00:00 |
| rhsa-2025:3184 | Red Hat Security Advisory: podman security update | 2025-03-25T20:36:10+00:00 | 2025-11-15T14:36:51+00:00 |
| rhsa-2025:3172 | Red Hat Security Advisory: VolSync 0.12.1 security fixes and enhancements for RHEL 9 | 2025-03-25T19:58:29+00:00 | 2025-11-15T14:36:50+00:00 |
| rhsa-2025:3175 | Red Hat Security Advisory: container-tools:rhel8 security update | 2025-03-25T18:12:58+00:00 | 2025-11-15T14:36:53+00:00 |
| rhsa-2025:3162 | Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Container Release Update | 2025-03-25T17:10:27+00:00 | 2025-11-13T17:26:51+00:00 |
| rhsa-2025:3169 | Red Hat Security Advisory: libreoffice security update | 2025-03-25T17:05:24+00:00 | 2025-11-06T23:24:18+00:00 |
| rhsa-2025:3165 | Red Hat Security Advisory: podman security update | 2025-03-25T14:24:49+00:00 | 2025-11-15T14:36:49+00:00 |
| rhsa-2025:3160 | Red Hat Security Advisory: Red Hat Ansible Automation Platform 2.5 Product Security and Bug Fix Update | 2025-03-25T12:26:53+00:00 | 2025-11-13T17:26:51+00:00 |
| rhsa-2025:3068 | Red Hat Security Advisory: OpenShift Container Platform 4.18.6 packages and security update | 2025-03-25T07:18:49+00:00 | 2025-11-15T14:36:42+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2024-52532 | GNOME libsoup before 3.6.1 has an infinite loop and memory consumption. during the reading of certain patterns of WebSocket data from clients. | 2024-11-02T00:00:00.000Z | 2024-11-27T00:00:00.000Z |
| msrc_cve-2024-52531 | GNOME libsoup before 3.6.1 allows a buffer overflow in applications that perform conversion to UTF-8 in soup_header_parse_param_list_strict. | 2024-11-02T00:00:00.000Z | 2024-11-27T00:00:00.000Z |
| msrc_cve-2024-52530 | GNOME libsoup before 3.6.0 allows HTTP request smuggling in some configurations | 2024-11-02T00:00:00.000Z | 2024-11-27T00:00:00.000Z |
| msrc_cve-2024-52338 | Apache Arrow R package: Arbitrary code execution when loading a malicious data file | 2024-11-02T00:00:00.000Z | 2025-05-27T00:00:00.000Z |
| msrc_cve-2024-52337 | Tuned: improper sanitization of `instance_name` parameter of the `instance_create()` method | 2024-11-02T00:00:00.000Z | 2024-12-20T00:00:00.000Z |
| msrc_cve-2024-52336 | Tuned: `script_pre` and `script_post` options allow to pass arbitrary scripts executed by root | 2024-11-02T00:00:00.000Z | 2024-12-20T00:00:00.000Z |
| msrc_cve-2024-52308 | Connecting to a malicious Codespaces via GH CLI could allow command execution on the user's computer | 2024-11-02T00:00:00.000Z | 2024-12-13T00:00:00.000Z |
| msrc_cve-2024-51744 | Bad documentation of error handling in ParseWithClaims can lead to potentially dangerous situations in golang-jwt | 2024-11-02T00:00:00.000Z | 2025-04-24T00:00:00.000Z |
| msrc_cve-2024-50304 | ipv4: ip_tunnel: Fix suspicious RCU usage warning in ip_tunnel_find() | 2024-11-02T00:00:00.000Z | 2025-09-03T21:36:13.000Z |
| msrc_cve-2024-50302 | HID: core: zero-initialize the report buffer | 2024-11-02T00:00:00.000Z | 2025-03-10T00:00:00.000Z |
| msrc_cve-2024-50301 | security/keys: fix slab-out-of-bounds in key_task_permission | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-50300 | regulator: rtq2208: Fix uninitialized use of regulator_config | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-50299 | sctp: properly validate chunk size in sctp_sf_ootb() | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-50298 | net: enetc: allocate vf_state during PF probes | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-50296 | net: hns3: fix kernel crash when uninstalling driver | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-50292 | ASoC: stm32: spdifrx: fix dma channel release in stm32_spdifrx_remove | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-50289 | media: av7110: fix a spectre vulnerability | 2024-11-02T00:00:00.000Z | 2025-09-04T00:41:38.000Z |
| msrc_cve-2024-50287 | media: v4l2-tpg: prevent the risk of a division by zero | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-50286 | ksmbd: fix slab-use-after-free in ksmbd_smb2_session_create | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-50285 | ksmbd: check outstanding simultaneous SMB operations | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-50284 | ksmbd: Fix the missing xa_store error check | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-50283 | ksmbd: fix slab-use-after-free in smb3_preauth_hash_rsp | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-50282 | drm/amdgpu: add missing size check in amdgpu_debugfs_gprwave_read() | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-50280 | dm cache: fix flushing uninitialized delayed_work on cache_ctr error | 2024-11-02T00:00:00.000Z | 2025-09-04T04:24:51.000Z |
| msrc_cve-2024-50279 | dm cache: fix out-of-bounds access to the dirty bitset when resizing | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-50278 | dm cache: fix potential out-of-bounds access on the first resume | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-50277 | dm: fix a crash if blk_alloc_disk fails | 2024-11-02T00:00:00.000Z | 2025-08-21T17:24:40.000Z |
| msrc_cve-2024-50276 | net: vertexcom: mse102x: Fix possible double free of TX skb | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-50275 | arm64/sve: Discard stale CPU state when handling SVE traps | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| msrc_cve-2024-50273 | btrfs: reinitialize delayed ref list after deleting it from the list | 2024-11-02T00:00:00.000Z | 2025-01-29T00:00:00.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2012-000067 | Movable Type plugin MT4i vulnerable to cross-site scripting | 2012-07-06T17:14+09:00 | 2012-07-06T17:14+09:00 |
| jvndb-2012-000066 | Ruby hash table implementation vulnerable to denial-of-service | 2012-07-06T17:11+09:00 | 2012-07-06T17:11+09:00 |
| jvndb-2012-000064 | Yome Collection for Android issue in management of IMEI | 2012-07-03T14:57+09:00 | 2012-07-03T14:57+09:00 |
| jvndb-2012-000065 | Zenphoto vulnerable to cross-site scripting | 2012-07-03T14:49+09:00 | 2012-07-03T14:49+09:00 |
| jvndb-2012-000063 | Python SimpleHTTPServer vulnerable to cross-site scripting | 2012-06-19T14:38+09:00 | 2012-12-26T18:01+09:00 |
| jvndb-2012-000061 | WEB PATIO vulnerable to cross-site scripting | 2012-06-19T14:31+09:00 | 2012-06-19T14:31+09:00 |
| jvndb-2012-000060 | SmallPICT vulnerable to cross-site scripting | 2012-06-19T14:00+09:00 | 2012-06-19T14:00+09:00 |
| jvndb-2012-000062 | WEB PATIO vulnerable to cross-site scripting | 2012-06-19T12:35+09:00 | 2012-06-19T12:35+09:00 |
| jvndb-2012-000057 | Dolphin Browser vulnerable in the WebView class | 2012-06-14T14:20+09:00 | 2012-06-14T14:20+09:00 |
| jvndb-2012-000046 | Flash Player issue in implementations of the Same Origin Policy | 2012-06-11T15:05+09:00 | 2012-06-13T16:39+09:00 |
| jvndb-2012-000056 | FeedDemon vulnerable to arbitrary script execution | 2012-06-07T15:39+09:00 | 2012-06-07T15:39+09:00 |
| jvndb-2012-000059 | SEIL series fail to restrict access permissions | 2012-06-06T12:39+09:00 | 2012-06-06T12:39+09:00 |
| jvndb-2012-000058 | WordPress plugin WassUp vulnerable to cross-site scripting | 2012-06-06T12:29+09:00 | 2012-06-06T12:29+09:00 |
| jvndb-2012-000055 | @WEB ShoppingCart vulnerable to cross-site scripting | 2012-06-05T14:04+09:00 | 2012-06-05T14:04+09:00 |
| jvndb-2012-000054 | Puella Magi Madoka Magica iP for Android vulnerable to information disclosure | 2012-06-01T14:09+09:00 | 2012-06-01T14:09+09:00 |
| jvndb-2012-000053 | Segue vulnerable to SQL injection | 2012-06-01T14:06+09:00 | 2012-06-01T14:06+09:00 |
| jvndb-2012-000052 | Segue vulnerable to cross-site scripting | 2012-06-01T14:03+09:00 | 2012-06-01T14:03+09:00 |
| jvndb-2012-000051 | Logitec LAN-W300N/R series fails to restrict access permissions | 2012-05-25T15:50+09:00 | 2012-05-25T15:50+09:00 |
| jvndb-2012-000050 | Roundcube Webmail vulnerable to cross-site scripting | 2012-05-25T15:43+09:00 | 2012-05-25T15:43+09:00 |
| jvndb-2012-000049 | Opera fails to verify SSL server certificates | 2012-05-25T15:40+09:00 | 2012-07-26T17:31+09:00 |
| jvndb-2012-000048 | RSSOwl vulnerable to arbitrary script execution | 2012-05-25T15:37+09:00 | 2012-05-25T15:37+09:00 |
| jvndb-2012-000047 | Sybase EAServer vulnerable to cross-site scripting | 2012-05-25T15:34+09:00 | 2012-05-25T15:34+09:00 |
| jvndb-2012-000044 | iLunascape for Android vulnerable in the WebView class | 2012-05-21T13:56+09:00 | 2012-05-21T13:56+09:00 |
| jvndb-2012-000045 | Drupal Form API fails to validate the redirect URL | 2012-05-17T13:55+09:00 | 2012-05-17T13:55+09:00 |
| jvndb-2012-000043 | baserCMS vulnerable to session management | 2012-05-15T16:56+09:00 | 2012-05-15T16:56+09:00 |
| jvndb-2012-000042 | WEB MART from KENT-WEB vulnerable to cross-site scripting | 2012-05-15T16:53+09:00 | 2012-05-15T16:53+09:00 |
| jvndb-2012-000041 | WEB MART from KENT-WEB vulnerable to cross-site scripting | 2012-05-15T16:44+09:00 | 2012-05-15T16:44+09:00 |
| jvndb-2012-002377 | Arbitrary Code Execution Vulnerability in Hitachi COBOL GUI Option on Windows | 2012-05-15T15:14+09:00 | 2012-05-15T15:14+09:00 |
| jvndb-2012-000037 | sp mode mail issue in the verification of SSL certificates | 2012-04-26T14:21+09:00 | 2012-04-26T14:21+09:00 |
| jvndb-2012-000036 | OSQA vulnerable to cross-site scripting | 2012-04-26T14:15+09:00 | 2012-04-26T14:15+09:00 |
| ID | Description | Updated |
|---|