Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-wmwf-9ccg-fff5 | Apache Tomcat Vulnerable to Relative Path Traversal | 2025-10-27T18:31:13Z | 2025-11-15T02:28:57Z |
| ghsa-vfww-5hm6-hx2j | Apache Tomcat Vulnerable to Improper Neutralization of Escape, Meta, or Control Sequences | 2025-10-27T18:31:13Z | 2025-11-05T20:50:27Z |
| ghsa-qv46-gpx3-c62f | A flaw has been found in PHPGurukul Curfew e-Pass Management System 1.0. The impacted element is an… | 2025-10-27T18:31:13Z | 2025-10-27T18:31:13Z |
| ghsa-q3q4-2x44-pxxp | IDOR vulnerability in Educare ERP 1.0 (2025-04-22) allows unauthorized access to sensitive data via… | 2025-10-27T18:31:13Z | 2025-10-27T21:30:26Z |
| ghsa-jrvq-jxhp-g2x3 | Email Password Disclosure.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | 2025-10-27T18:31:13Z | 2025-11-10T15:31:03Z |
| ghsa-hgrr-935x-pq79 | Apache Tomcat Vulnerable to Improper Resource Shutdown or Release | 2025-10-27T18:31:13Z | 2025-11-05T20:50:57Z |
| ghsa-c764-p2rv-7xhv | Reflected Cross Site Scripting vulnerability in Rubikon Banking Solution 4.0.3 in the "Search For C… | 2025-10-27T18:31:13Z | 2025-10-27T21:30:26Z |
| ghsa-8r58-4933-43vx | A vulnerability was detected in code-projects Simple Food Ordering System 1.0. The affected element… | 2025-10-27T18:31:13Z | 2025-10-27T18:31:13Z |
| ghsa-684r-2x4m-wrjh | An XSS issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does … | 2025-10-27T18:31:13Z | 2025-10-27T21:30:26Z |
| ghsa-5p2h-wm97-rcm6 | Weak Password Policy.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5. | 2025-10-27T18:31:13Z | 2025-11-10T15:31:03Z |
| ghsa-x7xc-36fh-7mvr | TRUfusion Enterprise through 7.10.4.0 exposes the encrypted COOKIEID as an authentication mechanism… | 2025-10-27T18:31:12Z | 2025-10-28T15:30:42Z |
| ghsa-wr27-qc8h-mq4h | An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Service does not require… | 2025-10-27T18:31:12Z | 2025-10-28T15:30:42Z |
| ghsa-v477-vfvp-p23v | A vulnerability was identified in code-projects Simple Food Ordering System 1.0. This affects an un… | 2025-10-27T18:31:12Z | 2025-10-27T18:31:12Z |
| ghsa-rwf6-2p77-cj6v | A weakness has been identified in code-projects Simple Food Ordering System 1.0. This issue affects… | 2025-10-27T18:31:12Z | 2025-10-27T18:31:12Z |
| ghsa-qfcx-xg9g-qf68 | A security vulnerability has been detected in code-projects Simple Food Ordering System 1.0. Impact… | 2025-10-27T18:31:12Z | 2025-10-27T18:31:12Z |
| ghsa-pppq-6rq6-872v | TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/getCobrandingData endpoint to retri… | 2025-10-27T18:31:12Z | 2025-10-27T21:30:26Z |
| ghsa-hjpj-63j9-h7v4 | An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service does not … | 2025-10-27T18:31:12Z | 2025-10-27T21:30:26Z |
| ghsa-g458-fw23-89vc | TRUfusion Enterprise through 7.10.4.0 uses the /trufusionPortal/fileupload endpoint to upload files… | 2025-10-27T18:31:12Z | 2025-10-28T15:30:42Z |
| ghsa-c8j5-2c3h-j47c | An issue was discovered in BAE SOCET GXP before 4.6.0.3. It permits external entities in certain XM… | 2025-10-27T18:31:12Z | 2025-10-28T15:30:42Z |
| ghsa-9jqp-v598-j43c | An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Status Service fails to … | 2025-10-27T18:31:12Z | 2025-10-28T15:30:43Z |
| ghsa-6rgh-fx72-j723 | A security flaw has been discovered in code-projects Simple Food Ordering System 1.0. This vulnerab… | 2025-10-27T18:31:12Z | 2025-10-27T18:31:12Z |
| ghsa-5r3g-pg92-2j3q | TRUfusion Enterprise through 7.10.4.0 exposes the /trufusionPortal/jsp/internal_admin_contact_login… | 2025-10-27T18:31:12Z | 2025-10-27T21:30:26Z |
| ghsa-xmj2-c2q3-84mr | A security vulnerability has been detected in D-Link DAP-2695 2.00RC13. The impacted element is the… | 2025-10-27T18:31:11Z | 2025-10-27T18:31:12Z |
| ghsa-jfx7-932x-94fg | Easywork Enterprise 2.1.3.354 is vulnerable to Cleartext Storage of Sensitive Information in Memory… | 2025-10-27T18:31:11Z | 2025-10-27T21:30:26Z |
| ghsa-g3g3-vj3v-hhx9 | Wimi Teamwork versions prior to 7.38.17 contains a cross-site request forgery (CSRF) vulnerability … | 2025-10-27T18:31:11Z | 2025-10-27T18:31:11Z |
| ghsa-fwmh-3wrg-x2v3 | indieka900 online-shopping-system-php 1.0 is vulnerable to SQL Injection in the password parameter … | 2025-10-27T18:31:11Z | 2025-10-27T21:30:26Z |
| ghsa-fmw9-c6hw-79vg | A weakness has been identified in D-Link DAP-2695 2.00RC13. The affected element is the function su… | 2025-10-27T18:31:11Z | 2025-10-27T18:31:11Z |
| ghsa-5w58-vmv5-p957 | Nagios Fusion v2024R1.2 and v2024R2 does not invalidate already existing session tokens when the tw… | 2025-10-27T18:31:11Z | 2025-10-27T21:30:26Z |
| ghsa-2rcq-28xm-f7jp | A vulnerability was detected in atjiu pybbs up to 6.0.0. This affects an unknown function of the fi… | 2025-10-27T18:31:11Z | 2025-10-27T18:31:12Z |
| ghsa-r6fg-m2vv-9gfg | A security flaw has been discovered in SourceCodester Point of Sales 1.0. Impacted is an unknown fu… | 2025-10-27T18:31:10Z | 2025-10-27T18:31:10Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-12315 | code-projects Food Ordering System menu.php sql injection |
code-projects |
Food Ordering System |
2025-10-27T20:02:12.148Z | 2025-10-30T15:01:14.577Z | |
| cve-2025-12314 | code-projects Food Ordering System deleteitem.php sql … |
code-projects |
Food Ordering System |
2025-10-27T20:02:09.659Z | 2025-10-28T06:28:30.719Z | |
| cve-2025-12313 | D-Link DI-7001 MINI msp_info.htm command injection |
D-Link |
DI-7001 MINI |
2025-10-27T20:02:06.408Z | 2025-10-27T20:22:23.877Z | |
| cve-2025-62594 | ImageMagick CLAHE : Unsigned underflow and division-by… |
ImageMagick |
ImageMagick |
2025-10-27T20:00:33.205Z | 2025-10-27T20:23:20.526Z | |
| cve-2025-62516 | N/A | {'rejectedReasons': [{'lang': 'en', 'value': 'Further research determined the issue is not a vulnerability.'}], 'providerMetadata': {'orgId': 'a0819718-46f1-4df5-94e2-005712e83aaa', 'shortName': 'GitHub_M', 'dateUpdated': '2025-10-29T17:21:39.746Z'}} | N/A | N/A | 2025-10-27T19:46:32.122Z | 2025-10-29T17:21:39.746Z |
| cve-2025-59151 | Pi-hole Admin Interface vulnerable to HTTP response he… |
pi-hole |
web |
2025-10-27T19:42:59.596Z | 2025-10-27T20:24:05.879Z | |
| cve-2025-62263 | 4.8 (v4.0) | Multiple cross-site scripting (XSS) vulnerabiliti… |
Liferay |
Portal |
2025-10-27T19:38:44.073Z | 2025-10-27T20:24:49.578Z |
| cve-2025-58356 | Constellation allows insecure use of LUKS2 persistent … |
edgelesssys |
constellation |
2025-10-27T19:33:23.969Z | 2025-10-27T19:44:45.350Z | |
| cve-2025-12312 | PHPGurukul Curfew e-Pass Management System view-pass-d… |
PHPGurukul |
Curfew e-Pass Management System |
2025-10-27T19:32:12.160Z | 2025-10-27T20:25:31.769Z | |
| cve-2025-12311 | PHPGurukul Curfew e-Pass Management System edit-catego… |
PHPGurukul |
Curfew e-Pass Management System |
2025-10-27T19:32:08.818Z | 2025-10-27T20:26:19.253Z | |
| cve-2025-12310 | VirtFusion Email Change _settings excessive authentication |
n/a |
VirtFusion |
2025-10-27T19:32:05.375Z | 2025-10-27T20:27:37.336Z | |
| cve-2025-53533 | Pi-hole Admin Interface vulnerable to cross-site scrip… |
pi-hole |
web |
2025-10-27T19:06:32.428Z | 2025-10-27T19:19:08.837Z | |
| cve-2025-12309 | code-projects Nero Social Networking Site friendprofil… |
code-projects |
Nero Social Networking Site |
2025-10-27T19:02:11.093Z | 2025-10-27T19:23:24.602Z | |
| cve-2025-12308 | code-projects Nero Social Networking Site deletemessag… |
code-projects |
Nero Social Networking Site |
2025-10-27T19:02:08.377Z | 2025-10-27T20:38:22.509Z | |
| cve-2025-12307 | code-projects Nero Social Networking Site addfriend.ph… |
code-projects |
Nero Social Networking Site |
2025-10-27T19:02:05.517Z | 2025-10-27T20:37:54.245Z | |
| cve-2025-62253 | 6.9 (v4.0) | Open redirect vulnerability in page administratio… |
Liferay |
Portal |
2025-10-27T18:54:47.929Z | 2025-10-27T19:38:22.629Z |
| cve-2025-36138 | 6.4 (v3.1) | IBM QRadar SIEM cross-site scripting |
IBM |
QRadar SIEM |
2025-10-27T18:47:11.153Z | 2025-10-27T19:27:11.083Z |
| cve-2025-36170 | 6.4 (v3.1) | IBM QRadar SIEM cross-site scripting |
IBM |
QRadar SIEM |
2025-10-27T18:46:38.109Z | 2025-10-27T19:32:23.075Z |
| cve-2025-32785 | Pi-hole Admin Interface vulnerable to persistent XSS o… |
pi-hole |
web |
2025-10-27T18:44:15.658Z | 2025-10-27T19:40:38.991Z | |
| cve-2025-46602 | 4.4 (v3.1) | Dell SupportAssist OS Recovery, versions prior to… |
Dell |
SupportAssist OS Recovery |
2025-10-27T18:41:46.258Z | 2025-10-27T19:30:22.955Z |
| cve-2025-36007 | 7.8 (v3.1) | IBM QRadar SIEM incorrect privilege assignment |
IBM |
QRadar SIEM |
2025-10-27T18:40:16.046Z | 2025-10-28T03:56:06.382Z |
| cve-2025-12306 | code-projects Nero Social Networking Site acceptoffres… |
code-projects |
Nero Social Networking Site |
2025-10-27T18:32:10.935Z | 2025-10-27T20:37:24.576Z | |
| cve-2025-12305 | quequnlong shiyi-blog Job SysJobController.java deseri… |
quequnlong |
shiyi-blog |
2025-10-27T18:32:08.283Z | 2025-10-27T20:34:58.437Z | |
| cve-2025-12304 | dulaiduwang003 TIME-SEA-PLUS Order Status PayControlle… |
dulaiduwang003 |
TIME-SEA-PLUS |
2025-10-27T18:32:05.681Z | 2025-10-27T20:34:32.121Z | |
| cve-2025-12365 | 6.9 (v4.0) | Error Messages Wrapped In HTTP Header |
Azure Access Technology |
BLU-IC2 |
2025-10-27T18:12:35.604Z | 2025-10-27T18:37:18.986Z |
| cve-2025-12364 | 10 (v4.0) | Weak Password Policy |
Azure Access Technology |
BLU-IC2 |
2025-10-27T18:09:07.677Z | 2025-10-27T18:19:59.291Z |
| cve-2025-12363 | 10 (v4.0) | Email Password Disclosure |
Azure Access Technology |
BLU-IC2 |
2025-10-27T18:04:44.909Z | 2025-10-27T18:21:58.672Z |
| cve-2025-12303 | PHPGurukul Curfew e-Pass Management System admin-profi… |
PHPGurukul |
Curfew e-Pass Management System |
2025-10-27T18:02:11.761Z | 2025-10-27T18:50:39.152Z | |
| cve-2025-12302 | code-projects Simple Food Ordering System editproduct.… |
code-projects |
Simple Food Ordering System |
2025-10-27T18:02:06.307Z | 2025-10-27T19:06:09.730Z | |
| cve-2025-12301 | code-projects Simple Food Ordering System editproduct.… |
code-projects |
Simple Food Ordering System |
2025-10-27T17:32:08.574Z | 2025-10-27T19:07:17.223Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2025-12378 | code-projects Simple Food Ordering System addproduct.p… |
code-projects |
Simple Food Ordering System |
2025-10-28T05:32:05.752Z | 2025-10-28T13:30:09.013Z | |
| cve-2025-11735 | HUSKY – Products Filter Professional for WooCommerce <… |
realmag777 |
HUSKY – Products Filter Professional for WooCommerce |
2025-10-28T05:27:30.225Z | 2025-10-28T13:33:05.054Z | |
| cve-2025-10145 | Auto Featured Image (Auto Post Thumbnail) <= 4.1.7 - A… |
themeisle |
Auto Featured Image (Auto Post Thumbnail) |
2025-10-28T05:27:29.647Z | 2025-10-28T20:04:08.491Z | |
| cve-2025-62777 | 8.8 (v3.0) 8.7 (v4.0) | Use of Hard-Coded Credentials issue exists in MZK… |
PLANEX COMMUNICATIONS INC. |
MZK-DP300N |
2025-10-28T04:53:00.768Z | 2025-10-28T20:03:14.159Z |
| cve-2025-10939 | 3.7 (v3.1) | Org.keycloak/keycloak-quarkus-server: unable to restri… |
Red Hat |
Red Hat build of Keycloak 26.4 |
2025-10-28T03:08:30.103Z | 2025-11-13T22:33:58.213Z |
| cve-2025-12347 | MaxSite CMS save-file-ajax.php unrestricted upload |
MaxSite |
CMS |
2025-10-28T02:02:13.123Z | 2025-10-28T20:00:38.998Z | |
| cve-2025-12346 | MaxSite CMS HTTP Header uploads-require-maxsite.php un… |
MaxSite |
CMS |
2025-10-28T02:02:09.037Z | 2025-10-28T19:54:35.900Z | |
| cve-2025-12344 | Yonyou U8 Cloud Request Header NCloudGatewayServlet un… |
Yonyou |
U8 Cloud |
2025-10-28T01:32:05.689Z | 2025-10-28T14:07:12.828Z | |
| cve-2025-12342 | Serdar Bayram Ghost Hot Spot Login Auth.php sql injection |
Serdar Bayram |
Ghost Hot Spot |
2025-10-28T01:02:07.616Z | 2025-10-28T14:10:58.342Z | |
| cve-2025-12341 | ermig1979 AntiDupl Delete Duplicate Image AntiDupl.NET… |
ermig1979 |
AntiDupl |
2025-10-28T01:02:05.100Z | 2025-10-28T14:14:47.465Z | |
| cve-2025-12339 | Campcodes Retro Basketball Shoes Online Store admin_fo… |
Campcodes |
Retro Basketball Shoes Online Store |
2025-10-28T00:32:09.124Z | 2025-10-28T14:19:46.571Z | |
| cve-2025-12338 | Campcodes Retro Basketball Shoes Online Store admin_pr… |
Campcodes |
Retro Basketball Shoes Online Store |
2025-10-28T00:32:06.361Z | 2025-10-28T14:23:27.048Z | |
| cve-2025-12337 | Campcodes Retro Basketball Shoes Online Store admin_fe… |
Campcodes |
Retro Basketball Shoes Online Store |
2025-10-28T00:02:09.929Z | 2025-10-28T13:39:10.694Z | |
| cve-2025-12336 | Campcodes Retro Basketball Shoes Online Store admin_in… |
Campcodes |
Retro Basketball Shoes Online Store |
2025-10-28T00:02:07.098Z | 2025-10-28T13:50:03.435Z | |
| cve-2025-43024 | 5.1 (v4.0) | HP ThinPro 8.1 SP8 Security Updates |
HP Inc |
ThinPro 8.1 |
2025-10-27T23:11:35.638Z | 2025-10-28T14:57:56.715Z |
| cve-2025-33133 | 6.5 (v3.1) | Fixes to common vulnerabilities found in IBM Db2 High … |
IBM |
DB2 High Performance Unload |
2025-10-27T23:57:31.927Z | 2025-10-28T13:51:03.512Z |
| cve-2025-33132 | 6.5 (v3.1) | Fixes to common vulnerabilities found in IBM Db2 High … |
IBM |
DB2 High Performance Unload |
2025-10-27T23:57:12.201Z | 2025-10-28T13:53:31.618Z |
| cve-2025-33131 | 6.5 (v3.1) | Fixes to common vulnerabilities found in IBM Db2 High … |
IBM |
DB2 High Performance Unload |
2025-10-27T23:56:34.181Z | 2025-10-28T13:57:38.628Z |
| cve-2025-33126 | 6.5 (v3.1) | Fixes to common vulnerabilities found in IBM Db2 High … |
IBM |
DB2 High Performance Unload |
2025-10-27T23:56:06.271Z | 2025-10-28T14:02:57.632Z |
| cve-2025-12335 | code-projects E-Commerce Website supplier_update.php c… |
code-projects |
E-Commerce Website |
2025-10-27T23:32:05.507Z | 2025-10-28T14:28:38.927Z | |
| cve-2025-12332 | SourceCodester Student Grades Management System admin.… |
SourceCodester |
Student Grades Management System |
2025-10-27T23:22:09.778Z | 2025-10-28T14:42:24.924Z | |
| cve-2025-62259 | 6.9 (v4.0) | Liferay Portal 7.4.0 through 7.4.3.109, and older… |
Liferay |
Portal |
2025-10-27T22:13:35.880Z | 2025-10-28T19:48:15.967Z |
| cve-2025-62258 | 7 (v4.0) | CSRF vulnerability in Headless API in Liferay Por… |
Liferay |
Portal |
2025-10-27T22:56:21.041Z | 2025-10-28T14:59:58.126Z |
| cve-2025-12334 | code-projects E-Commerce Website product_add.php cross… |
code-projects |
E-Commerce Website |
2025-10-27T22:32:11.542Z | 2025-10-28T19:50:33.682Z | |
| cve-2025-12333 | code-projects E-Commerce Website supplier_add.php cros… |
code-projects |
E-Commerce Website |
2025-10-27T22:32:08.847Z | 2025-10-28T19:49:34.911Z | |
| cve-2025-62793 | eLabFTW HTML / CSS Injection via Malicious SVG Upload … |
elabftw |
elabftw |
2025-10-27T21:25:45.642Z | 2025-10-28T15:05:40.686Z | |
| cve-2025-62781 | PILOS is missing session regeneration after password change |
THM-Health |
PILOS |
2025-10-27T21:22:06.997Z | 2025-10-28T15:08:38.476Z | |
| cve-2025-62779 | Frappe Learning users were able to add HTML through in… |
frappe |
lms |
2025-10-27T21:19:03.978Z | 2025-10-28T15:17:15.768Z | |
| cve-2025-62778 | Frappe Learning allowed students to access the Quiz F… |
frappe |
lms |
2025-10-27T21:16:06.220Z | 2025-10-28T13:38:07.740Z | |
| cve-2025-62261 | 6.9 (v4.0) | Liferay Portal 7.4.0 through 7.4.3.99, and older … |
Liferay |
Portal |
2025-10-27T21:11:46.893Z | 2025-10-28T14:27:47.375Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-188042 | Malicious code in middleware-mini-css-extract-plugin-ignite-json (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188041 | Malicious code in middleware-lyra-transport-innercore (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188040 | Malicious code in middleware-fusion-gemini-rehype (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188039 | Malicious code in middleware-exec-callisto-postcss-loader (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188038 | Malicious code in middleware-css-loader-eigenstate-pavo (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188037 | Malicious code in middleware-backend-async-oortcloud (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188036 | Malicious code in middleware-antd-hapi-nightwatch (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188035 | Malicious code in middleware-antares-bootstrap-fork (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188034 | Malicious code in meteor-zephyr-singularitarianism-local (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188033 | Malicious code in meteor-spectron-webdriver-ignite-spawn (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188032 | Malicious code in meteor-singularitarianism-procyon-nova (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188031 | Malicious code in meteor-paleoecology-mysql-middleware (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188030 | Malicious code in meteor-paleoclimatology-firebase-chromedriver (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188029 | Malicious code in meteor-octans-grunt-kuiperbelt (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188028 | Malicious code in meteor-meissa-airbnb-outercore (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188027 | Malicious code in meteor-lacerta-fornax-cryonics (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188026 | Malicious code in meteor-jupiter-jupiter-xanthus (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188025 | Malicious code in meteor-hadron-hermes-lint (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188024 | Malicious code in meteor-geochronology-element-ui-polaris (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188023 | Malicious code in meteor-fermiparadox-pino-mysql (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188022 | Malicious code in meteor-envconfig-quito-singularitarianism (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188021 | Malicious code in meteor-dysonswarm-geckodriver-grus (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188020 | Malicious code in meteor-deneb-phoebe-paleoanthropology (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188019 | Malicious code in meteor-cosmochemistry-parsec-wezen (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188018 | Malicious code in meteor-command-warp-colors (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188017 | Malicious code in meteor-cli-nightwatch-test (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188016 | Malicious code in meteor-chalk-blueshift-gulp (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188015 | Malicious code in meteor-cache-fomalhaut-winston (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188014 | Malicious code in meteor-bulma-augmentedreality-hexo (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| mal-2025-188013 | Malicious code in meteor-bionics-schema-flare (npm) | 2025-11-13T03:23:14Z | 2025-11-13T03:23:14Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2025:2507 | Red Hat Security Advisory: libxml2 security update | 2025-03-10T13:16:54+00:00 | 2025-11-06T21:43:56+00:00 |
| rhsa-2025:2502 | Red Hat Security Advisory: tigervnc security update | 2025-03-10T12:50:48+00:00 | 2025-11-06T23:34:39+00:00 |
| rhsa-2025:2501 | Red Hat Security Advisory: kernel security update | 2025-03-10T12:44:03+00:00 | 2025-11-08T07:13:30+00:00 |
| rhsa-2025:2500 | Red Hat Security Advisory: tigervnc security update | 2025-03-10T12:40:38+00:00 | 2025-11-06T23:34:38+00:00 |
| rhsa-2025:2490 | Red Hat Security Advisory: kernel security update | 2025-03-10T10:52:53+00:00 | 2025-11-08T07:13:30+00:00 |
| rhsa-2025:2489 | Red Hat Security Advisory: kernel security update | 2025-03-10T08:56:48+00:00 | 2025-11-08T07:13:29+00:00 |
| rhsa-2025:2486 | Red Hat Security Advisory: firefox security update | 2025-03-10T06:17:22+00:00 | 2025-11-06T23:24:14+00:00 |
| rhsa-2025:2484 | Red Hat Security Advisory: firefox security update | 2025-03-10T06:14:42+00:00 | 2025-11-06T23:24:13+00:00 |
| rhsa-2025:2485 | Red Hat Security Advisory: firefox security update | 2025-03-10T06:13:38+00:00 | 2025-11-06T23:24:13+00:00 |
| rhsa-2025:2483 | Red Hat Security Advisory: libxml2 security update | 2025-03-10T05:54:13+00:00 | 2025-11-06T22:35:38+00:00 |
| rhsa-2025:2482 | Red Hat Security Advisory: libxml2 security update | 2025-03-10T05:45:33+00:00 | 2025-11-06T22:35:33+00:00 |
| rhsa-2025:2479 | Red Hat Security Advisory: firefox security update | 2025-03-10T05:28:32+00:00 | 2025-11-06T23:24:13+00:00 |
| rhsa-2025:2480 | Red Hat Security Advisory: firefox security update | 2025-03-10T05:26:57+00:00 | 2025-11-06T23:24:13+00:00 |
| rhsa-2025:2481 | Red Hat Security Advisory: firefox security update | 2025-03-10T05:22:32+00:00 | 2025-11-06T23:24:13+00:00 |
| rhsa-2025:2475 | Red Hat Security Advisory: kernel security update | 2025-03-10T03:32:52+00:00 | 2025-11-06T22:35:32+00:00 |
| rhsa-2025:2476 | Red Hat Security Advisory: kernel-rt security update | 2025-03-10T03:19:43+00:00 | 2025-11-06T22:35:33+00:00 |
| rhsa-2025:2473 | Red Hat Security Advisory: kernel security update | 2025-03-10T01:37:37+00:00 | 2025-11-06T22:35:32+00:00 |
| rhsa-2025:2474 | Red Hat Security Advisory: kernel-rt security update | 2025-03-10T01:32:42+00:00 | 2025-11-06T22:35:32+00:00 |
| rhsa-2025:2470 | Red Hat Security Advisory: pcs security update | 2025-03-10T01:04:42+00:00 | 2025-11-06T22:35:31+00:00 |
| rhsa-2025:2471 | Red Hat Security Advisory: pcs security update | 2025-03-10T01:03:02+00:00 | 2025-11-06T22:35:32+00:00 |
| rhsa-2025:2452 | Red Hat Security Advisory: firefox security update | 2025-03-06T11:54:23+00:00 | 2025-11-06T23:24:12+00:00 |
| rhsa-2025:2426 | Red Hat Security Advisory: pki-core security update | 2025-03-06T00:33:10+00:00 | 2025-11-06T23:54:07+00:00 |
| rhea-2025:2422 | Red Hat Enhancement Advisory: microcode_ctl bug fix and enhancement update | 2025-03-06T00:32:41+00:00 | 2025-11-06T21:39:29+00:00 |
| rhea-2025:2423 | Red Hat Enhancement Advisory: microcode_ctl bug fix and enhancement update | 2025-03-06T00:31:56+00:00 | 2025-11-06T21:39:29+00:00 |
| rhba-2025:2428 | Red Hat Bug Fix Advisory: microcode_ctl bug fix and enhancement update | 2025-03-06T00:31:26+00:00 | 2025-11-06T21:39:20+00:00 |
| rhea-2025:2427 | Red Hat Enhancement Advisory: microcode_ctl bug fix and enhancement update | 2025-03-06T00:30:31+00:00 | 2025-11-06T21:39:31+00:00 |
| rhea-2025:2421 | Red Hat Enhancement Advisory: microcode_ctl bug fix and enhancement update | 2025-03-06T00:28:29+00:00 | 2025-11-06T21:39:29+00:00 |
| rhea-2025:2418 | Red Hat Enhancement Advisory: microcode_ctl bug fix and enhancement update | 2025-03-06T00:26:51+00:00 | 2025-11-06T21:39:26+00:00 |
| rhea-2025:2420 | Red Hat Enhancement Advisory: microcode_ctl bug fix and enhancement update | 2025-03-06T00:25:16+00:00 | 2025-11-06T21:39:27+00:00 |
| rhea-2025:2424 | Red Hat Enhancement Advisory: microcode_ctl bug fix and enhancement update | 2025-03-06T00:22:31+00:00 | 2025-11-06T21:39:29+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2024-50096 | nouveau/dmem: Fix vulnerability in migrate_to_ram upon copy error | 2024-11-02T00:00:00.000Z | 2024-12-12T00:00:00.000Z |
| msrc_cve-2024-50095 | RDMA/mad: Improve handling of timed out WRs of mad agent | 2024-11-02T00:00:00.000Z | 2024-12-12T00:00:00.000Z |
| msrc_cve-2024-50093 | thermal: intel: int340x: processor: Fix warning during module unload | 2024-11-02T00:00:00.000Z | 2024-12-12T00:00:00.000Z |
| msrc_cve-2024-50089 | This CVE has been marked Rejected in the CVE List. | 2024-11-02T00:00:00.000Z | 2024-12-13T00:00:00.000Z |
| msrc_cve-2024-4741 | Use After Free with SSL_free_buffers | 2024-11-02T00:00:00.000Z | 2025-04-18T00:00:00.000Z |
| msrc_cve-2024-36623 | moby through v25.0.3 has a Race Condition vulnerability in the streamformatter package which can be used to trigger multiple concurrent write operations resulting in data corruption or application crashes. | 2024-11-02T00:00:00.000Z | 2025-03-12T00:00:00.000Z |
| msrc_cve-2024-36621 | moby v25.0.5 is affected by a Race Condition in builder/builder-next/adapters/snapshot/layer.go. The vulnerability could be used to trigger concurrent builds that call the EnsureLayer function resulting in resource leaks/exhaustion. | 2024-11-02T00:00:00.000Z | 2025-03-12T00:00:00.000Z |
| msrc_cve-2024-36620 | moby v25.0.0 - v26.0.2 is vulnerable to NULL Pointer Dereference via daemon/images/image_history.go. | 2024-11-02T00:00:00.000Z | 2025-03-12T00:00:00.000Z |
| msrc_cve-2024-3447 | Qemu: sdhci: heap buffer overflow in sdhci_write_dataport() | 2024-11-02T00:00:00.000Z | 2025-05-06T00:00:00.000Z |
| msrc_cve-2024-30896 | InfluxDB OSS 2.x through 2.7.11 stores the administrative operator token under the default organization which allows authorized users with read access to the authorization resource of the default organization to retrieve the operator token. InfluxDB OSS 1.x, Enterprise, Cloud, Cloud Dedicated and Clustered are not affected. NOTE: The researcher states that InfluxDB allows allAccess administrators to retrieve all raw tokens via an "influx auth ls" command. The supplier indicates that the organizations feature is operating as intended and that users may choose to add users to non-default organizations. A future release of InfluxDB 2.x will remove the ability to retrieve tokens from the API. | 2024-11-02T00:00:00.000Z | 2025-09-03T21:33:37.000Z |
| msrc_cve-2024-27532 | wasm-micro-runtime (aka WebAssembly Micro Runtime or WAMR) 06df58f is vulnerable to NULL Pointer Dereference in function `block_type_get_result_types. | 2024-11-02T00:00:00.000Z | 2024-12-19T00:00:00.000Z |
| msrc_cve-2024-25431 | An issue in bytecodealliance wasm-micro-runtime before v.b3f728c and fixed in commit 06df58f allows a remote attacker to escalate privileges via a crafted file to the check_was_abi_compatibility function. | 2024-11-02T00:00:00.000Z | 2024-12-07T00:00:00.000Z |
| msrc_cve-2024-21538 | Versions of the package cross-spawn before 7.0.5 are vulnerable to Regular Expression Denial of Service (ReDoS) due to improper input sanitization. | 2024-11-02T00:00:00.000Z | 2024-11-27T00:00:00.000Z |
| msrc_cve-2024-11407 | Denial of Service through Data corruption in gRPC-C++ | 2024-11-02T00:00:00.000Z | 2025-09-03T21:47:16.000Z |
| msrc_cve-2024-11236 | Integer overflow in the firebird and dblib quoters causing OOB writes | 2024-11-02T00:00:00.000Z | 2024-12-19T00:00:00.000Z |
| msrc_cve-2024-11234 | Configuring a proxy in a stream context might allow for CRLF injection in URIs | 2024-11-02T00:00:00.000Z | 2024-12-19T00:00:00.000Z |
| msrc_cve-2024-11233 | Single byte overread with convert.quoted-printable-decode filter | 2024-11-02T00:00:00.000Z | 2024-12-19T00:00:00.000Z |
| msrc_cve-2024-11168 | Improper validation of IPv6 and IPvFuture addresses | 2024-11-02T00:00:00.000Z | 2025-01-07T00:00:00.000Z |
| msrc_cve-2024-10979 | PostgreSQL PL/Perl environment variable changes execute arbitrary code | 2024-11-02T00:00:00.000Z | 2024-11-26T00:00:00.000Z |
| msrc_cve-2024-10978 | PostgreSQL SET ROLE SET SESSION AUTHORIZATION reset to wrong user ID | 2024-11-02T00:00:00.000Z | 2024-11-26T00:00:00.000Z |
| msrc_cve-2024-10977 | PostgreSQL libpq retains an error message from man-in-the-middle | 2024-11-02T00:00:00.000Z | 2025-02-22T00:00:00.000Z |
| msrc_cve-2024-10976 | PostgreSQL row security below e.g. subqueries disregards user ID changes | 2024-11-02T00:00:00.000Z | 2025-02-12T00:00:00.000Z |
| msrc_cve-2024-10963 | Pam: improper hostname interpretation in pam_access leads to access control bypass | 2024-11-02T00:00:00.000Z | 2025-03-12T00:00:00.000Z |
| msrc_cve-2024-10524 | GNU Wget is vulnerable to an SSRF attack when accessing partially-user-controlled shorthand URLs | 2024-11-02T00:00:00.000Z | 2024-11-27T00:00:00.000Z |
| msrc_cve-2024-10224 | Qualys discovered that if unsanitized input was used with the library Modules: ScanDeps | 2024-11-02T00:00:00.000Z | 2024-11-27T00:00:00.000Z |
| msrc_cve-2024-10220 | Arbitrary command execution through gitRepo volume | 2024-11-02T00:00:00.000Z | 2025-01-16T00:00:00.000Z |
| msrc_cve-2024-0134 | NVIDIA Container Toolkit and NVIDIA GPU Operator for Linux contain a UNIX vulnerability where a specially crafted container image can lead to the creation of unauthorized files on the host. | 2024-11-02T00:00:00.000Z | 2024-12-12T00:00:00.000Z |
| msrc_cve-2023-52920 | bpf: support non-r10 register spill/fill to/from stack in precision tracking | 2024-11-02T00:00:00.000Z | 2025-09-03T19:34:28.000Z |
| msrc_cve-2023-4458 | Kernel: ksmbd: smb2_open out-of-bounds read information disclosure vulnerability | 2024-11-02T00:00:00.000Z | 2025-09-03T21:55:53.000Z |
| msrc_cve-2024-9676 | Podman: buildah: cri-o: symlink traversal vulnerability in the containers/storage library can cause denial of service (dos) | 2024-10-01T07:00:00.000Z | 2025-05-27T00:00:00.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2011-000040 | Microsoft Outlook read receipt function vulnerability | 2011-06-16T12:25+09:00 | 2011-06-16T12:25+09:00 |
| jvndb-2011-000039 | ASP.NET vulnerable to cross-site scripting | 2011-06-16T12:23+09:00 | 2011-06-16T12:23+09:00 |
| jvndb-2011-000038 | Internet Explorer vulnerable to cross-site scripting | 2011-06-16T12:21+09:00 | 2011-06-16T12:21+09:00 |
| jvndb-2011-000037 | Clipboard contents alteration vulnerability in Internet Explorer | 2011-06-16T12:18+09:00 | 2011-06-16T12:18+09:00 |
| jvndb-2011-000036 | Microsoft Windows VBScript implementation file name disclosure vulnerability | 2011-06-16T12:11+09:00 | 2011-06-16T12:11+09:00 |
| jvndb-2011-000035 | Java Web Start may insecurely load dynamic libraries | 2011-06-10T16:23+09:00 | 2013-03-26T15:14+09:00 |
| jvndb-2011-000034 | Java Web Start may insecurely load settings files | 2011-06-10T16:23+09:00 | 2013-03-26T14:46+09:00 |
| jvndb-2011-000033 | Java Web Start may insecurely load policy files | 2011-06-10T16:22+09:00 | 2013-03-29T14:50+09:00 |
| jvndb-2011-000032 | WalRack upload file handilng vulnerability | 2011-05-26T13:37+09:00 | 2011-05-26T13:37+09:00 |
| jvndb-2011-000031 | Movable Type vulnerable to cross-site scripting | 2011-05-25T17:37+09:00 | 2011-05-25T17:37+09:00 |
| jvndb-2011-000030 | iVIEW Suite vulnerable to SQL injection | 2011-05-19T16:49+09:00 | 2011-05-19T16:49+09:00 |
| jvndb-2011-000028 | Virus Buster 2009 key input encryption function vulnerability | 2011-05-17T17:17+09:00 | 2011-05-17T17:17+09:00 |
| jvndb-2011-000026 | Applications that use the Windows Help function may be vulnerable to privilege escalation | 2011-05-13T19:36+09:00 | 2011-05-13T19:36+09:00 |
| jvndb-2011-000027 | La Fonera+ vulnerable to denial-of-service (DoS) | 2011-05-13T19:17+09:00 | 2011-05-13T19:17+09:00 |
| jvndb-2011-000029 | EC-CUBE vulnerable to cross-site request forgery | 2011-05-11T08:44+09:00 | 2011-05-11T08:44+09:00 |
| jvndb-2011-000025 | Multiple Buffalo routers vulnerable to cross-site request forgery | 2011-05-11T08:37+09:00 | 2011-05-11T08:37+09:00 |
| jvndb-2011-000024 | Multiple Yamaha routers vulnerable to denial-of-service (DoS) | 2011-05-11T08:32+09:00 | 2011-05-31T10:39+09:00 |
| jvndb-2011-000023 | Password Vault Web Access vulnerable to cross-site scripting | 2011-04-08T14:09+09:00 | 2011-04-08T14:09+09:00 |
| jvndb-2011-001156 | Hitachi Tuning Manager Software Cross-Site Scripting Vulnerability | 2011-04-01T15:52+09:00 | 2011-04-01T15:52+09:00 |
| jvndb-2011-000022 | Picasa may insecurely load executable files | 2011-03-28T08:11+09:00 | 2011-03-28T08:11+09:00 |
| jvndb-2011-000021 | e107 vulnerable to cross-site scripting | 2011-03-28T08:06+09:00 | 2011-03-28T08:06+09:00 |
| jvndb-2011-000020 | IBM Tivoli vulnerable to denial-of-service (DoS) | 2011-03-10T16:38+09:00 | 2018-02-07T17:10+09:00 |
| jvndb-2011-001145 | JP1/NETM/DM Denial of Service (DoS) Vulnerability | 2011-03-08T10:25+09:00 | 2011-03-08T10:25+09:00 |
| jvndb-2011-000019 | OTRS vulnerable to OS command injection | 2011-03-07T18:19+09:00 | 2011-03-07T18:19+09:00 |
| jvndb-2011-000017 | IBM WebSphere Application Server vulnerable to denial-of-service (DoS) | 2011-03-04T19:29+09:00 | 2018-02-07T17:10+09:00 |
| jvndb-2011-000016 | IBM DB2 vulnerable to denial-of-service (DoS) | 2011-03-04T19:29+09:00 | 2018-02-07T17:10+09:00 |
| jvndb-2011-000018 | IBM Lotus vulnerable to denial-of-service (DoS) | 2011-03-04T19:28+09:00 | 2018-02-07T17:10+09:00 |
| jvndb-2011-000015 | Multiple Things CGI products vulnerable to cross-site scripting | 2011-03-02T17:27+09:00 | 2011-03-02T17:27+09:00 |
| jvndb-2011-000014 | SEIL Series routers vulnerable to buffer overflow | 2011-02-28T17:17+09:00 | 2011-02-28T17:17+09:00 |
| jvndb-2011-000012 | Lunascape may insecurely load executable files | 2011-02-23T15:41+09:00 | 2011-02-23T15:41+09:00 |
| ID | Description | Updated |
|---|