Recent vulnerabilities
| ID | Description | Published | Updated |
|---|---|---|---|
| ghsa-5wf6-gpr3-53cq | Unspecified vulnerability in BlazeDS 3.2 and earlier, as used in LiveCycle 8.0.1, 8.2.1, and 9.0, L… | 2022-05-02T03:50:11Z | 2025-10-22T03:30:27Z |
| ghsa-q4f6-24ph-r6rm | The U3D implementation in Adobe Reader and Acrobat 9.x before 9.3, 8.x before 8.2 on Windows and Ma… | 2022-05-02T03:50:11Z | 2025-10-22T03:30:27Z |
| ghsa-rv25-qx26-27xv | Use-after-free vulnerability in the Doc.media.newPlayer method in Multimedia.api in Adobe Reader an… | 2022-05-02T03:53:42Z | 2025-10-22T03:30:27Z |
| ghsa-g5pc-j3x2-5p8p | Unspecified vulnerability in Adobe Reader and Acrobat 8.x before 8.2.1 and 9.x before 9.3.1 allows … | 2022-05-02T06:10:50Z | 2025-10-22T03:30:27Z |
| ghsa-xprh-x7hf-54qr | The kernel in Microsoft Windows NT 3.1 through Windows 7, including Windows 2000 SP4, Windows XP SP… | 2022-05-02T06:11:00Z | 2025-10-22T03:30:27Z |
| ghsa-72pp-v9jm-c6xj | The JMX-Console web application in JBossAs in Red Hat JBoss Enterprise Application Platform (aka JB… | 2022-05-02T06:15:13Z | 2025-10-22T03:30:28Z |
| ghsa-8rrv-3xx7-wmfc | Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE and Java for … | 2022-05-02T06:15:59Z | 2025-10-22T03:30:28Z |
| ghsa-cv7g-qpjc-66p7 | Adobe Flash Player before 9.0.277.0 and 10.x before 10.1.53.64; Adobe AIR before 2.0.2.12610; and A… | 2022-05-02T06:21:11Z | 2025-10-22T03:30:28Z |
| ghsa-vcwg-4772-7rvx | The Web Console (aka web-console) in JBossAs in Red Hat JBoss Enterprise Application Platform (aka … | 2022-05-02T06:22:44Z | 2025-10-22T03:30:27Z |
| ghsa-qp49-3pvw-x4m5 | sinatra does not validate expanded path matches | 2022-05-03T00:00:43Z | 2025-11-04T19:36:42Z |
| ghsa-m2h2-264f-f486 | angular vulnerable to regular expression denial of service (ReDoS) | 2022-05-03T00:00:44Z | 2025-11-03T22:29:05Z |
| ghsa-8cj2-jg77-qj2p | The WinVerifyTrust function in Microsoft Windows XP SP2 and SP3, Windows Server 2003 SP2, Windows V… | 2022-05-03T00:01:27Z | 2025-10-22T03:30:35Z |
| ghsa-67cp-wr49-r977 | XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerab… | 2022-05-04T00:00:27Z | 2025-11-03T21:30:39Z |
| ghsa-f28m-wg9w-jf39 | XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerab… | 2022-05-04T00:00:27Z | 2025-11-03T21:30:39Z |
| ghsa-j8q6-xcpq-vp5v | XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerab… | 2022-05-04T00:00:27Z | 2025-11-03T21:30:39Z |
| ghsa-mpvq-c99j-qj2v | XMP Toolkit 2021.07 (and earlier) is affected by a Null pointer dereference vulnerability when pars… | 2022-05-04T00:00:27Z | 2025-11-03T21:30:39Z |
| ghsa-w9f8-7r3g-vfpm | XMP Toolkit SDK version 2021.07 (and earlier) is affected by a stack-based buffer overflow vulnerab… | 2022-05-04T00:00:27Z | 2025-11-03T21:30:39Z |
| ghsa-99qx-cj76-9w2h | The Authenticode Signature Verification function in Microsoft Windows XP SP2 and SP3, Windows Serve… | 2022-05-04T00:28:26Z | 2025-10-22T03:30:30Z |
| ghsa-xc3w-wqx5-qrf9 | The (1) ListView, (2) ListView2, (3) TreeView, and (4) TreeView2 ActiveX controls in MSCOMCTL.OCX i… | 2022-05-04T00:28:29Z | 2025-10-22T03:30:30Z |
| ghsa-4wrr-9h5r-m92w | Apache Struts Remote Java Code Execution | 2022-05-04T00:29:43Z | 2025-10-22T19:32:10Z |
| ghsa-43xj-964v-hcjf | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 Updat… | 2022-05-04T00:30:54Z | 2025-10-22T03:30:31Z |
| ghsa-cf67-jvfv-7wxp | Unspecified vulnerability in the Oracle Application Server Single Sign-On component in Oracle Fusio… | 2022-05-04T00:30:59Z | 2025-10-22T03:30:32Z |
| ghsa-mj72-h98r-6h24 | An issue was discovered on certain Fujitsu LIEFBOOK devices (A3510, U9310, U7511/U7411/U7311, U9311… | 2022-05-05T00:00:19Z | 2025-11-04T21:30:27Z |
| ghsa-95qf-v6r5-2v3v | An issue was discovered in OpenZFS through 2.0.3. When an NFS share is exported to IPv6 addresses v… | 2022-05-05T00:29:41Z | 2025-11-03T21:30:31Z |
| ghsa-px5j-h582-r6p9 | Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate poi… | 2022-05-05T02:48:21Z | 2025-10-22T03:30:33Z |
| ghsa-r293-6mhc-29xx | Multiple vulnerabilities in Oracle Java 7 before Update 11 allow remote attackers to execute arbitr… | 2022-05-05T02:48:59Z | 2025-10-22T03:30:32Z |
| ghsa-h3cw-j9j9-5pc4 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java SE 7 throu… | 2022-05-05T02:49:02Z | 2025-10-22T03:30:32Z |
| ghsa-mrph-rvc3-cv97 | On F5 BIG-IP 16.1.x versions prior to 16.1.2.2, 15.1.x versions prior to 15.1.5.1, 14.1.x versions … | 2022-05-06T00:00:39Z | 2025-10-22T00:32:32Z |
| ghsa-9xqg-wjcv-qqxq | Use after free in append_command in GitHub repository vim/vim prior to 8.2. This vulnerability is c… | 2022-05-08T00:00:29Z | 2025-11-03T21:30:40Z |
| ghsa-mvgc-rxvg-hqc6 | There is a buffer over-read in Ruby before 2.6.10, 2.7.x before 2.7.6, 3.x before 3.0.4, and 3.1.x … | 2022-05-10T00:00:17Z | 2025-11-04T18:30:38Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2016-3643 | N/A | SolarWinds Virtualization Manager 6.3.1 and earli… |
n/a |
n/a |
2016-06-17T15:00:00.000Z | 2025-10-21T23:55:51.005Z |
| cve-2016-3309 | N/A | The kernel-mode drivers in Microsoft Windows Vist… |
n/a |
n/a |
2016-08-09T21:00:00.000Z | 2025-10-21T23:55:50.847Z |
| cve-2016-6366 | N/A | Buffer overflow in Cisco Adaptive Security Applia… |
n/a |
n/a |
2016-08-18T18:00:00.000Z | 2025-10-21T23:55:50.638Z |
| cve-2016-6367 | N/A | Cisco Adaptive Security Appliance (ASA) Software … |
n/a |
n/a |
2016-08-18T18:00:00.000Z | 2025-10-21T23:55:50.466Z |
| cve-2016-4655 | N/A | The kernel in Apple iOS before 9.3.5 allows attac… |
n/a |
n/a |
2016-08-25T21:00:00.000Z | 2025-10-21T23:55:50.320Z |
| cve-2016-4656 | N/A | The kernel in Apple iOS before 9.3.5 allows attac… |
n/a |
n/a |
2016-08-25T21:00:00.000Z | 2025-10-21T23:55:50.185Z |
| cve-2016-4657 | N/A | WebKit in Apple iOS before 9.3.5 allows remote at… |
n/a |
n/a |
2016-08-25T21:00:00.000Z | 2025-10-21T23:55:50.057Z |
| cve-2016-3351 | N/A | Microsoft Internet Explorer 9 through 11 and Micr… |
n/a |
n/a |
2016-09-14T10:00:00.000Z | 2025-10-21T23:55:49.907Z |
| cve-2016-6415 | N/A | The server IKEv1 implementation in Cisco IOS 12.2… |
n/a |
n/a |
2016-09-19T01:00:00.000Z | 2025-10-21T23:55:49.758Z |
| cve-2014-5414 | 9.1 (v3.1) | Beckhoff Embedded PC Images and TwinCAT Components Imp… |
Beckhoff |
Embedded PC Images |
2016-10-05T10:00:00 | 2025-11-04T23:09:34.639Z |
| cve-2014-5415 | 9.1 (v3.1) | Beckhoff Embedded PC Images and TwinCAT Components Exp… |
Beckhoff |
Embedded PC Images |
2016-10-05T10:00:00 | 2025-11-04T23:12:23.266Z |
| cve-2016-3298 | N/A | Microsoft Internet Explorer 9 through 11 and the … |
n/a |
n/a |
2016-10-14T01:00:00.000Z | 2025-10-21T23:55:49.581Z |
| cve-2016-3393 | N/A | Graphics Device Interface (aka GDI or GDI+) in Mi… |
n/a |
n/a |
2016-10-14T01:00:00.000Z | 2025-10-21T23:55:49.334Z |
| cve-2016-7193 | N/A | Microsoft Word 2007 SP2, Office 2010 SP2, Word 20… |
n/a |
n/a |
2016-10-14T01:00:00.000Z | 2025-10-21T23:55:49.146Z |
| cve-2016-5597 | N/A | Unspecified vulnerability in Oracle Java SE 6u121… |
n/a |
n/a |
2016-10-25T14:00:00.000Z | 2025-11-04T21:08:07.929Z |
| cve-2016-7855 | N/A | Use-after-free vulnerability in Adobe Flash Playe… |
n/a |
n/a |
2016-11-01T22:46:00.000Z | 2025-10-21T23:55:49.007Z |
| cve-2016-7200 | N/A | The Chakra JavaScript scripting engine in Microso… |
n/a |
n/a |
2016-11-10T06:16:00.000Z | 2025-10-21T23:55:48.860Z |
| cve-2016-7201 | N/A | The Chakra JavaScript scripting engine in Microso… |
n/a |
n/a |
2016-11-10T06:16:00.000Z | 2025-10-21T23:55:48.707Z |
| cve-2016-7255 | N/A | The kernel-mode drivers in Microsoft Windows Vist… |
n/a |
n/a |
2016-11-10T06:16:00.000Z | 2025-10-21T23:55:48.547Z |
| cve-2016-7256 | N/A | atmfd.dll in the Windows font library in Microsof… |
n/a |
n/a |
2016-11-10T06:16:00.000Z | 2025-10-21T23:55:48.377Z |
| cve-2016-5195 | N/A | Race condition in mm/gup.c in the Linux kernel 2.… |
n/a |
n/a |
2016-11-10T21:00:00.000Z | 2025-11-04T16:09:08.278Z |
| cve-2016-8562 | N/A | A vulnerability has been identified in SIMATIC CP… |
n/a |
n/a |
2016-11-18T21:00:00.000Z | 2025-10-21T23:55:48.030Z |
| cve-2016-9563 | N/A | BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allow… |
n/a |
n/a |
2016-11-23T02:00:00.000Z | 2025-10-21T23:55:47.851Z |
| cve-2016-6277 | N/A | NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1… |
n/a |
n/a |
2016-12-14T16:00:00.000Z | 2025-10-21T23:55:47.695Z |
| cve-2016-7892 | N/A | Adobe Flash Player versions 23.0.0.207 and earlie… |
n/a |
Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier |
2016-12-15T06:31:00.000Z | 2025-10-21T23:55:47.528Z |
| cve-2016-7262 | N/A | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2… |
n/a |
n/a |
2016-12-20T05:54:00.000Z | 2025-10-21T23:55:47.352Z |
| cve-2016-10033 | N/A | The mailSend function in the isMail transport in … |
n/a |
n/a |
2016-12-30T19:00:00.000Z | 2025-10-21T23:55:47.202Z |
| cve-2017-5521 | N/A | An issue was discovered on NETGEAR R8500, R8300, … |
n/a |
n/a |
2017-01-17T09:22:00.000Z | 2025-10-21T23:55:47.051Z |
| cve-2016-5198 | N/A | V8 in Google Chrome prior to 54.0.2840.90 for Lin… |
n/a |
Google Chrome prior to 54.0.2840.90 for Linux, and 54.0.2840.85 for Android, and 54.0.2840.87 for Windows and Mac |
2017-01-19T05:43:00.000Z | 2025-10-21T23:55:46.892Z |
| cve-2016-10174 | N/A | The NETGEAR WNR2000v5 router contains a buffer ov… |
n/a |
n/a |
2017-01-30T04:24:00.000Z | 2025-10-21T23:55:46.735Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| cve-2016-4437 | N/A | Apache Shiro before 1.2.5, when a cipher key has … |
n/a |
n/a |
2016-06-07T14:00:00.000Z | 2025-10-21T23:55:51.717Z |
| cve-2016-4523 | N/A | The WAP interface in Trihedral VTScada (formerly … |
n/a |
n/a |
2016-06-09T10:00:00.000Z | 2025-10-21T23:55:51.558Z |
| cve-2016-3235 | N/A | Microsoft Visio 2007 SP3, Visio 2010 SP2, Visio 2… |
n/a |
n/a |
2016-06-16T01:00:00.000Z | 2025-10-21T23:55:51.339Z |
| cve-2016-4171 | N/A | Unspecified vulnerability in Adobe Flash Player 2… |
n/a |
n/a |
2016-06-16T14:00:00.000Z | 2025-10-21T23:55:51.186Z |
| cve-2016-3643 | N/A | SolarWinds Virtualization Manager 6.3.1 and earli… |
n/a |
n/a |
2016-06-17T15:00:00.000Z | 2025-10-21T23:55:51.005Z |
| cve-2016-3309 | N/A | The kernel-mode drivers in Microsoft Windows Vist… |
n/a |
n/a |
2016-08-09T21:00:00.000Z | 2025-10-21T23:55:50.847Z |
| cve-2016-6366 | N/A | Buffer overflow in Cisco Adaptive Security Applia… |
n/a |
n/a |
2016-08-18T18:00:00.000Z | 2025-10-21T23:55:50.638Z |
| cve-2016-6367 | N/A | Cisco Adaptive Security Appliance (ASA) Software … |
n/a |
n/a |
2016-08-18T18:00:00.000Z | 2025-10-21T23:55:50.466Z |
| cve-2016-4655 | N/A | The kernel in Apple iOS before 9.3.5 allows attac… |
n/a |
n/a |
2016-08-25T21:00:00.000Z | 2025-10-21T23:55:50.320Z |
| cve-2016-4656 | N/A | The kernel in Apple iOS before 9.3.5 allows attac… |
n/a |
n/a |
2016-08-25T21:00:00.000Z | 2025-10-21T23:55:50.185Z |
| cve-2016-4657 | N/A | WebKit in Apple iOS before 9.3.5 allows remote at… |
n/a |
n/a |
2016-08-25T21:00:00.000Z | 2025-10-21T23:55:50.057Z |
| cve-2016-3351 | N/A | Microsoft Internet Explorer 9 through 11 and Micr… |
n/a |
n/a |
2016-09-14T10:00:00.000Z | 2025-10-21T23:55:49.907Z |
| cve-2016-6415 | N/A | The server IKEv1 implementation in Cisco IOS 12.2… |
n/a |
n/a |
2016-09-19T01:00:00.000Z | 2025-10-21T23:55:49.758Z |
| cve-2014-5414 | 9.1 (v3.1) | Beckhoff Embedded PC Images and TwinCAT Components Imp… |
Beckhoff |
Embedded PC Images |
2016-10-05T10:00:00 | 2025-11-04T23:09:34.639Z |
| cve-2014-5415 | 9.1 (v3.1) | Beckhoff Embedded PC Images and TwinCAT Components Exp… |
Beckhoff |
Embedded PC Images |
2016-10-05T10:00:00 | 2025-11-04T23:12:23.266Z |
| cve-2016-3298 | N/A | Microsoft Internet Explorer 9 through 11 and the … |
n/a |
n/a |
2016-10-14T01:00:00.000Z | 2025-10-21T23:55:49.581Z |
| cve-2016-3393 | N/A | Graphics Device Interface (aka GDI or GDI+) in Mi… |
n/a |
n/a |
2016-10-14T01:00:00.000Z | 2025-10-21T23:55:49.334Z |
| cve-2016-7193 | N/A | Microsoft Word 2007 SP2, Office 2010 SP2, Word 20… |
n/a |
n/a |
2016-10-14T01:00:00.000Z | 2025-10-21T23:55:49.146Z |
| cve-2016-5597 | N/A | Unspecified vulnerability in Oracle Java SE 6u121… |
n/a |
n/a |
2016-10-25T14:00:00.000Z | 2025-11-04T21:08:07.929Z |
| cve-2016-7855 | N/A | Use-after-free vulnerability in Adobe Flash Playe… |
n/a |
n/a |
2016-11-01T22:46:00.000Z | 2025-10-21T23:55:49.007Z |
| cve-2016-7200 | N/A | The Chakra JavaScript scripting engine in Microso… |
n/a |
n/a |
2016-11-10T06:16:00.000Z | 2025-10-21T23:55:48.860Z |
| cve-2016-7201 | N/A | The Chakra JavaScript scripting engine in Microso… |
n/a |
n/a |
2016-11-10T06:16:00.000Z | 2025-10-21T23:55:48.707Z |
| cve-2016-7255 | N/A | The kernel-mode drivers in Microsoft Windows Vist… |
n/a |
n/a |
2016-11-10T06:16:00.000Z | 2025-10-21T23:55:48.547Z |
| cve-2016-7256 | N/A | atmfd.dll in the Windows font library in Microsof… |
n/a |
n/a |
2016-11-10T06:16:00.000Z | 2025-10-21T23:55:48.377Z |
| cve-2016-5195 | N/A | Race condition in mm/gup.c in the Linux kernel 2.… |
n/a |
n/a |
2016-11-10T21:00:00.000Z | 2025-11-04T16:09:08.278Z |
| cve-2016-8562 | N/A | A vulnerability has been identified in SIMATIC CP… |
n/a |
n/a |
2016-11-18T21:00:00.000Z | 2025-10-21T23:55:48.030Z |
| cve-2016-9563 | N/A | BC-BMT-BPM-DSK in SAP NetWeaver AS JAVA 7.5 allow… |
n/a |
n/a |
2016-11-23T02:00:00.000Z | 2025-10-21T23:55:47.851Z |
| cve-2016-6277 | N/A | NETGEAR R6250 before 1.0.4.6.Beta, R6400 before 1… |
n/a |
n/a |
2016-12-14T16:00:00.000Z | 2025-10-21T23:55:47.695Z |
| cve-2016-7892 | N/A | Adobe Flash Player versions 23.0.0.207 and earlie… |
n/a |
Adobe Flash Player 23.0.0.207 and earlier, 11.2.202.644 and earlier |
2016-12-15T06:31:00.000Z | 2025-10-21T23:55:47.528Z |
| cve-2016-7262 | N/A | Microsoft Excel 2007 SP3, Excel 2010 SP2, Excel 2… |
n/a |
n/a |
2016-12-20T05:54:00.000Z | 2025-10-21T23:55:47.352Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2024-9688 | Malicious code in lido-council-daemon (npm) | 2024-10-16T13:01:38Z | 2025-06-18T15:07:35Z |
| mal-2024-9809 | Malicious code in rustc_codegen_cranelift-github-release (npm) | 2024-10-16T13:16:52Z | 2024-12-09T14:39:22Z |
| mal-2024-9832 | Malicious code in securedrop (npm) | 2024-10-16T13:18:11Z | 2025-03-03T15:08:01Z |
| mal-2024-9861 | Malicious code in spectrum-css-monorepo (npm) | 2024-10-16T13:20:11Z | 2025-03-31T07:07:49Z |
| mal-2024-9875 | Malicious code in symphony-scatterplot (npm) | 2024-10-16T13:21:55Z | 2025-08-01T10:42:05Z |
| mal-2024-9946 | Malicious code in atomicdecoderss (PyPI) | 2024-10-16T14:36:35Z | 2025-03-03T15:08:01Z |
| mal-2024-9952 | Malicious code in browser-cookies3 (PyPI) | 2024-10-16T14:37:09Z | 2025-03-03T15:08:01Z |
| mal-2024-9953 | Malicious code in bughunter9 (PyPI) | 2024-10-16T14:37:13Z | 2024-12-09T14:39:22Z |
| mal-2024-9960 | Malicious code in cipherbcryptors (PyPI) | 2024-10-16T14:37:51Z | 2025-03-03T15:08:01Z |
| mal-2024-9964 | Malicious code in cryptoaitools (PyPI) | 2024-10-16T14:39:03Z | 2024-12-09T14:39:23Z |
| mal-2024-10026 | Malicious code in exodusdecoderss (PyPI) | 2024-10-16T14:41:00Z | 2025-03-03T15:08:01Z |
| mal-2024-10029 | Malicious code in formatter-test-package (PyPI) | 2024-10-16T14:41:23Z | 2024-12-09T14:39:23Z |
| mal-2024-10040 | Malicious code in manojmacpy (PyPI) | 2024-10-16T14:43:28Z | 2024-12-09T14:39:23Z |
| mal-2024-10104 | Malicious code in phantomdecoderss (PyPI) | 2024-10-16T14:45:19Z | 2025-03-03T15:08:01Z |
| mal-2024-10155 | Malicious code in reverse-shell (PyPI) | 2024-10-16T14:50:40Z | 2024-12-09T14:39:23Z |
| mal-2024-10163 | Malicious code in solana-token (PyPI) | 2024-10-16T14:51:34Z | 2025-05-22T14:07:47Z |
| mal-2024-10176 | Malicious code in trondecoderss (PyPI) | 2024-10-16T14:53:12Z | 2025-03-03T15:08:01Z |
| mal-2024-10178 | Malicious code in trustdecoderss (PyPI) | 2024-10-16T14:53:13Z | 2025-03-03T15:08:01Z |
| mal-2024-10183 | Malicious code in urlcon- (PyPI) | 2024-10-16T14:53:26Z | 2024-12-12T11:22:57Z |
| mal-2024-10191 | Malicious code in walletdecoderss (PyPI) | 2024-10-16T14:53:38Z | 2025-03-03T15:08:01Z |
| mal-2024-10221 | Malicious code in johnny_five (RubyGems) | 2024-10-16T15:03:54Z | 2024-12-09T14:39:23Z |
| mal-2024-10222 | Malicious code in zbt_element_definer (RubyGems) | 2024-10-16T15:05:08Z | 2024-12-09T14:39:23Z |
| mal-2024-10223 | Malicious code in zen-ruby-linter (RubyGems) | 2024-10-16T15:05:09Z | 2024-12-09T14:39:23Z |
| mal-2024-10224 | Malicious code in znowflake_client (RubyGems) | 2024-10-16T15:05:10Z | 2024-12-09T14:39:23Z |
| mal-2024-9426 | Malicious code in jifa-frontend (npm) | 2024-10-17T00:36:47Z | 2024-12-09T14:39:22Z |
| mal-2024-9427 | Malicious code in omise-example (npm) | 2024-10-17T00:36:47Z | 2024-12-09T14:39:22Z |
| mal-2024-9444 | Malicious code in google-drive-integration (npm) | 2024-10-21T01:09:11Z | 2024-12-09T14:39:22Z |
| mal-2024-9454 | Malicious code in ohcm-polymerase (npm) | 2024-10-22T23:54:20Z | 2024-12-09T14:39:22Z |
| mal-2024-9460 | Malicious code in sling-sdk (npm) | 2024-10-23T05:09:43Z | 2024-12-17T07:07:44Z |
| mal-2024-10227 | Malicious code in @woody-mrs-potato/utils-banking (npm) | 2024-10-24T12:11:04Z | 2024-12-12T16:40:44Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2010:0330 | Red Hat Security Advisory: GFS security and bug fix update | 2010-03-30T16:48:00+00:00 | 2025-11-08T03:27:16+00:00 |
| rhsa-2010:0331 | Red Hat Security Advisory: GFS-kernel security and bug fix update | 2010-03-30T16:52:00+00:00 | 2025-11-08T03:27:16+00:00 |
| rhsa-2010:0339 | Red Hat Security Advisory: java-1.6.0-openjdk security update | 2010-04-01T00:14:00+00:00 | 2025-11-08T03:27:17+00:00 |
| rhsa-2010:0337 | Red Hat Security Advisory: java-1.6.0-sun security update | 2010-04-01T00:21:00+00:00 | 2025-11-08T03:27:16+00:00 |
| rhsa-2010:0338 | Red Hat Security Advisory: java-1.5.0-sun security update | 2010-04-01T02:56:00+00:00 | 2025-11-08T03:27:16+00:00 |
| rhsa-2010:0342 | Red Hat Security Advisory: kernel security and bug fix update | 2010-04-06T22:54:00+00:00 | 2025-11-08T03:27:17+00:00 |
| rhsa-2010:0349 | Red Hat Security Advisory: acroread security update | 2010-04-14T09:36:00+00:00 | 2025-11-08T03:27:17+00:00 |
| rhsa-2010:0356 | Red Hat Security Advisory: java-1.6.0-sun security update | 2010-04-19T21:20:00+00:00 | 2025-11-08T03:27:17+00:00 |
| rhsa-2010:0362 | Red Hat Security Advisory: scsi-target-utils security update | 2010-04-20T15:54:00+00:00 | 2025-11-08T03:27:17+00:00 |
| rhsa-2010:0380 | Red Hat Security Advisory: kernel security and bug fix update | 2010-04-27T12:46:00+00:00 | 2025-11-08T03:27:18+00:00 |
| rhsa-2010:0383 | Red Hat Security Advisory: java-1.6.0-ibm security update | 2010-04-29T17:49:00+00:00 | 2025-11-08T03:27:18+00:00 |
| rhsa-2010:0408 | Red Hat Security Advisory: java-1.4.2-ibm security update | 2010-05-12T16:21:00+00:00 | 2025-11-08T03:27:23+00:00 |
| rhsa-2010:0423 | Red Hat Security Advisory: krb5 security update | 2010-05-18T19:45:00+00:00 | 2025-11-08T03:27:19+00:00 |
| rhsa-2010:0440 | Red Hat Security Advisory: rhev-hypervisor security and bug fix update | 2010-05-25T20:41:00+00:00 | 2025-11-08T03:27:19+00:00 |
| rhsa-2010:0464 | Red Hat Security Advisory: flash-plugin security update | 2010-06-11T16:32:00+00:00 | 2025-11-08T03:24:20+00:00 |
| rhsa-2010:0470 | Red Hat Security Advisory: flash-plugin security update | 2010-06-14T22:28:00+00:00 | 2025-11-08T03:24:21+00:00 |
| rhsa-2010:0471 | Red Hat Security Advisory: Red Hat Network Satellite Server IBM Java Runtime security update | 2010-06-14T23:19:00+00:00 | 2025-11-08T03:27:19+00:00 |
| rhsa-2010:0489 | Red Hat Security Advisory: java-1.5.0-ibm security update | 2010-06-17T21:02:00+00:00 | 2025-11-08T03:27:19+00:00 |
| rhsa-2010:0473 | Red Hat Security Advisory: vdsm security, bug fix, and enhancement update | 2010-06-22T12:44:00+00:00 | 2025-11-08T03:27:19+00:00 |
| rhsa-2010:0476 | Red Hat Security Advisory: rhev-hypervisor security, bug fix, and enhancement update | 2010-06-22T13:54:00+00:00 | 2025-11-08T03:27:21+00:00 |
| rhsa-2010:0503 | Red Hat Security Advisory: acroread security update | 2010-06-30T17:47:00+00:00 | 2025-11-08T03:27:20+00:00 |
| rhsa-2010:0518 | Red Hat Security Advisory: scsi-target-utils security update | 2010-07-08T15:07:00+00:00 | 2025-11-08T03:27:20+00:00 |
| rhsa-2010:0521 | Red Hat Security Advisory: gfs-kmod security update | 2010-07-08T19:59:00+00:00 | 2025-11-08T03:27:20+00:00 |
| rhsa-2010:0549 | Red Hat Security Advisory: java-1.6.0-ibm security update | 2010-07-21T14:24:00+00:00 | 2025-11-08T03:27:21+00:00 |
| rhsa-2010:0567 | Red Hat Security Advisory: lvm2-cluster security update | 2010-07-28T13:28:00+00:00 | 2025-11-08T03:27:21+00:00 |
| rhsa-2010:0568 | Red Hat Security Advisory: lvm2-cluster security update | 2010-07-28T13:45:00+00:00 | 2025-11-08T03:27:21+00:00 |
| rhsa-2010:0574 | Red Hat Security Advisory: java-1.4.2-ibm security update | 2010-07-29T16:39:00+00:00 | 2025-11-08T03:27:22+00:00 |
| rhsa-2010:0586 | Red Hat Security Advisory: java-1.4.2-ibm-sap security update | 2010-08-02T20:43:00+00:00 | 2025-11-08T03:27:22+00:00 |
| rhsa-2010:0602 | Red Hat Security Advisory: Red Hat Certificate System 7.3 security update | 2010-08-04T21:30:00+00:00 | 2025-11-08T03:24:22+00:00 |
| rhsa-2010:0623 | Red Hat Security Advisory: flash-plugin security update | 2010-08-11T19:44:00+00:00 | 2025-11-08T03:27:22+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2018-1000156 | GNU Patch version 2.7.6 contains an input validation vulnerability when processing patch files, specifically the EDITOR_PROGRAM invocation (using ed) can result in code execution. This attack appear to be exploitable via a patch file processed via the patch utility. This is similar to FreeBSD's CVE-2015-1418 however although they share a common ancestry the code bases have diverged over time. | 2018-04-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2018-10392 | mapping0_forward in mapping0.c in Xiph.Org libvorbis 1.3.6 does not validate the number of channels which allows remote attackers to cause a denial of service (heap-based buffer overflow or over-read) or possibly have unspecified other impact via a crafted file. | 2018-04-02T00:00:00.000Z | 2022-01-19T00:00:00.000Z |
| msrc_cve-2018-10393 | bark_noise_hybridmp in psy.c in Xiph.Org libvorbis 1.3.6 has a stack-based buffer over-read. | 2018-04-02T00:00:00.000Z | 2022-01-19T00:00:00.000Z |
| msrc_cve-2018-1000168 | nghttp2 version >= 1.10.0 and nghttp2 <= v1.31.0 contains an Improper Input Validation CWE-20 vulnerability in ALTSVC frame handling that can result in segmentation fault leading to denial of service. This attack appears to be exploitable via network client. This vulnerability appears to have been fixed in >= 1.31.1. | 2018-05-02T00:00:00.000Z | 2021-06-06T00:00:00.000Z |
| msrc_cve-2018-10689 | blktrace (aka Block IO Tracing) 1.2.0 as used with the Linux kernel and Android has a buffer overflow in the dev_map_read function in btt/devmap.c because the device and devno arrays are too small as demonstrated by an invalid free when using the btt program with a crafted file. | 2018-05-02T00:00:00.000Z | 2021-12-16T00:00:00.000Z |
| msrc_cve-2018-11439 | The TagLib::Ogg::FLAC::File::scan function in oggflacfile.cpp in TagLib 1.11.1 allows remote attackers to cause information disclosure (heap-based buffer over-read) via a crafted audio file. | 2018-05-02T00:00:00.000Z | 2022-01-19T00:00:00.000Z |
| msrc_cve-2018-7159 | The HTTP parser in all current versions of Node.js ignores spaces in the `Content-Length` header, allowing input such as `Content-Length: 1 2` to be interpreted as having a value of `12`. The HTTP specification does not allow for spaces in the `Content-Length` value and the Node.js HTTP parser has been brought into line on this particular difference. The security risk of this flaw to Node.js users is considered to be VERY LOW as it is difficult, and may be impossible, to craft an attack that makes use of this flaw in a way that could not already be achieved by supplying an incorrect value for `Content-Length`. Vulnerabilities may exist in user-code that make incorrect assumptions about the potential accuracy of this value compared to the actual length of the data supplied. Node.js users crafting lower-level HTTP utilities are advised to re-check the length of any input supplied after parsing is complete. | 2018-05-02T00:00:00.000Z | 2025-09-03T23:45:10.000Z |
| msrc_cve-2017-16046 | `mariadb` was a malicious module published with the intent to hijack environment variables. It has been unpublished by npm. | 2018-06-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2018-1000182 | A server-side request forgery vulnerability exists in Jenkins Git Plugin 3.9.0 and older in AssemblaWeb.java, GitBlitRepositoryBrowser.java, Gitiles.java, TFS2013GitRepositoryBrowser.java, ViewGitWeb.java that allows attackers with Overall/Read access to cause Jenkins to send a GET request to a specified URL. | 2018-06-02T00:00:00.000Z | 2020-09-25T00:00:00.000Z |
| msrc_cve-2018-1000500 | Busybox contains a Missing SSL certificate validation vulnerability in The "busybox wget" applet that can result in arbitrary code execution. This attack appear to be exploitable via Simply download any file over HTTPS using "busybox wget https://compromised-domain.com/important-file". | 2018-06-02T00:00:00.000Z | 2020-10-25T00:00:00.000Z |
| msrc_cve-2018-11694 | An issue was discovered in LibSass through 3.5.4. A NULL pointer dereference was found in the function Sass::Functions::selector_append which could be leveraged by an attacker to cause a denial of service (application crash) or possibly have unspecified other impact. | 2018-06-02T00:00:00.000Z | 2023-08-01T00:00:00.000Z |
| msrc_cve-2018-7161 | All versions of Node.js 8.x 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node server providing an http2 server to crash. This can be accomplished by interacting with the http2 server in a manner that triggers a cleanup bug where objects are used in native code after they are no longer available. This has been addressed by updating the http2 implementation. | 2018-06-02T00:00:00.000Z | 2021-06-06T00:00:00.000Z |
| msrc_cve-2018-7162 | All versions of Node.js 9.x and 10.x are vulnerable and the severity is HIGH. An attacker can cause a denial of service (DoS) by causing a node process which provides an http server supporting TLS server to crash. This can be accomplished by sending duplicate/unexpected messages during the handshake. This vulnerability has been addressed by updating the TLS implementation. | 2018-06-02T00:00:00.000Z | 2021-06-06T00:00:00.000Z |
| msrc_cve-2018-7164 | Node.js versions 9.7.0 and later and 10.x are vulnerable and the severity is MEDIUM. A bug introduced in 9.7.0 increases the memory consumed when reading from the network into JavaScript using the net.Socket object directly as a stream. An attacker could use this cause a denial of service by sending tiny chunks of data in short succession. This vulnerability was restored by reverting to the prior behaviour. | 2018-06-02T00:00:00.000Z | 2021-06-06T00:00:00.000Z |
| msrc_cve-2018-7167 | Calling Buffer.fill() or Buffer.alloc() with some parameters can lead to a hang which could result in a Denial of Service. In order to address this vulnerability the implementations of Buffer.alloc() and Buffer.fill() were updated so that they zero fill instead of hanging in these cases. All versions of Node.js 6.x (LTS "Boron") 8.x (LTS "Carbon") and 9.x are vulnerable. All versions of Node.js 10.x (Current) are NOT vulnerable. | 2018-06-02T00:00:00.000Z | 2021-06-06T00:00:00.000Z |
| msrc_cve-2017-12150 | It was found that samba before 4.4.16 4.5.x before 4.5.14 and 4.6.x before 4.6.8 did not enforce "SMB signing" when certain configuration options were enabled. A remote attacker could launch a man-in-the-middle attack and retrieve information in plain-text. | 2018-07-02T00:00:00.000Z | 2024-10-15T00:00:00.000Z |
| msrc_cve-2018-10906 | In fuse before versions 2.9.8 and 3.x before 3.2.5 fusermount is vulnerable to a restriction bypass when SELinux is active. This allows non-root users to mount a FUSE file system with the 'allow_other' mount option regardless of whether 'user_allow_other' is set in the fuse configuration. An attacker may use this flaw to mount a FUSE file system accessible by other users and trick them into accessing files on that file system possibly causing Denial of Service or other unspecified effects. | 2018-07-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2018-1129 | A flaw was found in the way signature calculation was handled by cephx authentication protocol. An attacker having access to ceph cluster network who is able to alter the message payload was able to bypass signature checks done by cephx protocol. Ceph branches master mimic luminous and jewel are believed to be vulnerable. | 2018-07-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2018-13139 | A stack-based buffer overflow in psf_memset in common.c in libsndfile 1.0.28 allows remote attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a crafted audio file. The vulnerability can be triggered by the executable sndfile-deinterleave. | 2018-07-02T00:00:00.000Z | 2021-01-28T00:00:00.000Z |
| msrc_cve-2018-13410 | Info-ZIP Zip 3.0 when the -T and -TT command-line options are used allows attackers to cause a denial of service (invalid free and application crash) or possibly have unspecified other impact because of an off-by-one error. NOTE: it is unclear whether there are realistic scenarios in which an untrusted party controls the -TT value given that the entire purpose of -TT is execution of arbitrary commands | 2018-07-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2018-13419 | An issue has been found in libsndfile 1.0.28. There is a memory leak in psf_allocate in common.c as demonstrated by sndfile-convert. NOTE: The maintainer and third parties were unable to reproduce and closed the issue | 2018-07-02T00:00:00.000Z | 2021-01-28T00:00:00.000Z |
| msrc_cve-2018-13420 | Google gperftools 2.7 has a memory leak in malloc_extension.cc related to MallocExtension::Register and InitModule. NOTE: the software maintainer indicates that this is not a bug; it is only a false-positive report from the LeakSanitizer program | 2018-07-02T00:00:00.000Z | 2021-12-16T00:00:00.000Z |
| msrc_cve-2018-14040 | In Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attributeIn Bootstrap before 4.1.2, XSS is possible in the collapse data-parent attribute | 2018-07-02T00:00:00.000Z | 2025-09-03T22:09:33.000Z |
| msrc_cve-2018-14042 | In Bootstrap before 4.1.2, XSS is possible in the data-container property of tooltip. | 2018-07-02T00:00:00.000Z | 2025-09-03T23:08:20.000Z |
| msrc_cve-2018-1999023 | The Battle for Wesnoth Project contains a Code Injection that can result in code execution outside the sandbox | 2018-07-02T00:00:00.000Z | 2024-06-30T07:00:00.000Z |
| msrc_cve-2018-1999024 | MathJax version prior to version 2.7.4 contains a Cross Site Scripting (XSS) vulnerability | 2018-07-02T00:00:00.000Z | 2025-09-03T22:22:20.000Z |
| msrc_cve-2017-9118 | PHP 7.1.5 has an Out of bounds access in php_pcre_replace_impl via a crafted preg_replace call. | 2018-08-02T00:00:00.000Z | 2025-10-01T23:11:00.000Z |
| msrc_cve-2017-9120 | PHP 7.x through 7.1.5 allows remote attackers to cause a denial of service (buffer overflow and application crash) or possibly have unspecified other impact via a long string because of an Integer overflow in mysqli_real_escape_string. | 2018-08-02T00:00:00.000Z | 2025-10-01T23:11:00.000Z |
| msrc_cve-2018-1000215 | Dave Gamble cJSON version 1.7.6 and earlier contains a CWE-772 vulnerability in cJSON library that can result in Denial of Service | 2018-08-02T00:00:00.000Z | 2025-09-04T01:12:38.000Z |
| msrc_cve-2018-1000216 | Dave Gamble cJSON version 1.7.2 and earlier contains a CWE-415: Double Free vulnerability in cJSON library that can result in Possible crash or RCE. This attack appear to be exploitable via Attacker must be able to force victim to print JSON data, depending on how cJSON library is used this could be either local or over a network. This vulnerability appears to have been fixed in 1.7.3. | 2018-08-02T00:00:00.000Z | 2025-09-03T20:53:58.000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2007-000625 | Tuigwaa cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000626 | Mayaa cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000639 | Shopping Basket Pro directory traversal vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000640 | Fulltext search CGI from futomi's CGI Cafe vulnerable to cross-site scripting | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000645 | 7-ZIP32.DLL buffer overflow vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000646 | Fuktommy.com httpd.pl including HTML preprocessor vulnerable to directory traversal | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000647 | Fuktommy.com httpd.pl included in its HTML preprocessor vulnerable in allowing an attacker to view arbitrary CGI source code | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000678 | Fingerprint Authentication Software for Sony Pocket Bit installs hidden folders and files | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000697 | Lhaplus buffer overflow vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000699 | JP1/NETM/DM Manager SQL Injection Vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000700 | Cosminexus javadoc Cross-Site Scripting Vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000701 | Cosminexus, Processing Kit for XML and Hitachi Developer's Kit for Java Buffer Overflow Vulnerabilities | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000702 | Cosminexus Developer's Kit for Java Buffer Overflow and Denial of Service Vulnerabilities | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000710 | Cosminexus Denial of Service Vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000711 | TPBroker Denial of Service Vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000712 | Cosminexus Agent Process Crash Vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000727 | Safari allows access from HTTP to HTTPS | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000729 | Aipo session fixation vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000730 | Webmin OS command injection vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000745 | PowerArchiver buffer overflow vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000772 | Hitachi Web Server SSL Client Authentication Vulnerability | 2008-05-21T00:00+09:00 | 2014-05-23T18:32+09:00 |
| jvndb-2007-000773 | Hitachi Web Server Cross-Site Scripting Vulnerability with Server-Status Page | 2008-05-21T00:00+09:00 | 2014-05-21T18:27+09:00 |
| jvndb-2007-000779 | MouseoverDictionary vulnerable to arbitrary script execution | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000801 | NetCommons cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000802 | Lotus Domino cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000803 | Cross-site scripting vulnerability in updir.php in UPDIR.NET | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000804 | Sleipnir and Grani Bookmark Search vulnerable to arbitrary script execution | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000805 | RoundCube Webmail cross-site request forgery vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000806 | Feed2JS cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| jvndb-2007-000807 | FileMaker cross-site scripting vulnerability | 2008-05-21T00:00+09:00 | 2008-05-21T00:00+09:00 |
| ID | Description | Updated |
|---|