metasploit-framework

This is the Metasploit Framework repository, a comprehensive collection of tools and resources for penetration testing and vulnerability assessment. The repository contains a wide range of modules, including exploits, payloads, and auxiliary tools, which can be used to test and exploit...

org.apache.syncope.core.am:syncope-core-am-logic (>=3.0.0 <=3.0.14), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=3.0.0 <=3.0.14) +18 more potentially affected by CVE-2025-65998 via org.apache.syncope.core:syncope-core-provisioning-java (>=3.0.0-M0 <=3.0.14)

org.apache.syncope.core:syncope-core-provisioning-java MAVEN version =3.0.0-M0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0...

org.apache.syncope.core.am:syncope-core-am-logic (>=4.0.0 <=4.0.2), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=4.0.0 <=4.0.2) +13 more potentially affected by CVE-2025-65998 via org.apache.syncope.core.idrepo:syncope-core-idrepo-logic (>=4.0.0-M0 <=4.0.2)

org.apache.syncope.core.idrepo:syncope-core-idrepo-logic MAVEN version =4.0.0-M0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.2 Source cves: CVE-2025-65998https://vulners.com/cve/CVE...

org.apache.syncope.core.am:syncope-core-am-logic (>=4.0.0 <=4.0.2), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=4.0.0 <=4.0.2) +33 more potentially affected by CVE-2025-65998 via org.apache.syncope.core:syncope-core-spring (>=4.0.0-M0 <=4.0.2)

org.apache.syncope.core:syncope-core-spring MAVEN version =4.0.0-M0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.0, =4.0.2 and more Source cves: CVE-2025-65998 Source advisory: SNYK:JA...

zx Uses Incorrectly-Resolved Name or Reference

When zx is invoked with --prefer-local=, the CLI creates a symlink named ./nodemodules pointing to /nodemodules. Due to a logic error in src/cli.ts linkNodeModules / cleanup, the function returns the target path instead of the alias symlink path. The later cleanup routine removes what it received...

@avalabs/avalanche-module (>=0.0.0-CP-8940-20240801175729 <=3.8.1), @avalabs/bitcoin-module (>=0.0.0-CP-8940-20240801175729 <=3.8.1) +19 more potentially affected by CVE-2025-64767 via @hpke/core (>=1.2.5 <=1.7.4)

@hpke/core NPM version =1.2.5, =0.0.0-CP-8940-20240801175729, =0.0.0-CP-8940-20240801175729, =2.8.0-canary.a436aaa.0, =2.8.0-alpha.197, =2.8.0-alpha.197, =2.8.0-alpha.197, =2.8.0-alpha.197, =2.8.0-canary.a436aaa.0, =2.8.0-alpha.197, =2.8.0-alpha.197, =2.8.0-alpha.197, =2.8.0-canary.a436aaa.0,...

CVE-2025-13437

When zx is invoked with --prefer-local=, the CLI creates a symlink named ./nodemodules pointing to /nodemodules. Due to a logic error in src/cli.ts linkNodeModules / cleanup, the function returns the target path instead of the alias symlink path. The later cleanup routine removes what it received...

EUVD-2025-198297

When zx is invoked with --prefer-local=, the CLI creates a symlink named ./nodemodules pointing to /nodemodules. Due to a logic error in src/cli.ts linkNodeModules / cleanup, the function returns the target path instead of the alias symlink path. The later cleanup routine removes what it received...

Use of Incorrectly-Resolved Name or Reference

Overview zx is an A tool for writing better scripts Affected versions of this package are vulnerable to Use of Incorrectly-Resolved Name or Reference via the linkNodeModules function. An attacker can cause deletion of arbitrary directories by supplying a crafted path to the --prefer-local...

CVE-2025-13437 Arbitrary node_modules Directory Deletion in Google zx

When zx is invoked with --prefer-local=, the CLI creates a symlink named ./nodemodules pointing to /nodemodules. Due to a logic error in src/cli.ts linkNodeModules / cleanup, the function returns the target path instead of the alias symlink path. The later cleanup routine removes what it received...

PT-2025-47601

Name of the Vulnerable Software and Affected Versions zx affected versions not specified Description A flaw exists in zx where, when invoked with the --prefer-local option pointing to a specific path, the command-line interface creates a symbolic link named ./node modules to the specified path’s...

zx 安全漏洞

zx is a Google open source tool for writing scripts. A security vulnerability exists in zx that stems from a logic error that could lead to the deletion of the external nodemodules directory...

TencentOS Server 3: python39:3.9 and python39-devel:3.9 (TSSA-2024:0768)

The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0768 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...

dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:common-types-module (=3.4.0) +156 more potentially affected by CVE-2025-64408 via org.apache.causeway.commons:causeway-commons (>=2.0.0-RC1 <=3.4.0)

org.apache.causeway.commons:causeway-commons MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.commons:causeway-commons and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...

dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:flow-module (=3.4.0) +129 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-metamodel (>=2.0.0-RC1 <=3.4.0)

org.apache.causeway.core:causeway-core-metamodel MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-metamodel and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...

dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:common-types-module (=3.4.0) +152 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-applib (>=2.0.0-RC1 <=3.4.0)

org.apache.causeway.core:causeway-applib MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-applib and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...

dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:common-types-module (=3.4.0) +156 more potentially affected by CVE-2025-64408 via org.apache.causeway.commons:causeway-commons (>=2.0.0-RC1 <=3.4.0)

org.apache.causeway.commons:causeway-commons MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.commons:causeway-commons and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...

dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:flow-module (=3.4.0) +43 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-runtimeservices (>=2.0.0-RC1 <=3.4.0)

org.apache.causeway.core:causeway-core-runtimeservices MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-runtimeservices and may be impacted: - dev.savantly.nexus:agents-module =3.4....

dev.savantly.nexus:agents-module (=3.4.0), dev.savantly.nexus:flow-module (=3.4.0) +135 more potentially affected by CVE-2025-64408 via org.apache.causeway.core:causeway-core-config (>=2.0.0-RC1 <=3.4.0)

org.apache.causeway.core:causeway-core-config MAVEN version =2.0.0-RC1, =3.4.0 is affected by a known vulnerability. The following packages have a transitive dependency on org.apache.causeway.core:causeway-core-config and may be impacted: - dev.savantly.nexus:agents-module =3.4.0 -...

OPENSUSE-SU-2025:20074-1 Security update for certbot

This update for certbot fixes the following issues: This update adds the certbot stack. python modules: ConfigArgParse, acme, certbot, certbot-nginx, josepy, pyRFC3339...