esm.sh 代码注入漏洞

esm.sh is a content delivery network of esm.sh open source. A code injection vulnerability exists in versions prior to esm.sh 136, which stems from a template literal injection vulnerability in the CSS to JavaScript module functionality that could lead to a cross-site scripting attack or remote...

CVE-2025-41737

Due to webserver misconfiguration an unauthenticated remote attacker is able to read the source of php modules...

CVE-2025-41737

CVE-2025-41737 involves METZ CONNECT devices (EWIO2 family and related controllers) where a webserver misconfiguration allows an unauthenticated remote attacker to read the source of PHP modules. The entry is corroborated by multiple sources (Red Hat, ENISA EUVD, CISA ICS advisory, CVE lists) des...

PT-2025-47294

Name of the Vulnerable Software and Affected Versions versions affected versions not specified Description A webserver misconfiguration allows an unauthenticated remote attacker to read the source code of PHP modules. Recommendations At the moment, there is no information about a newer version th...

GO-2025-4122 Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost

Mattermost Incorrect Authorization vulnerability in github.com/mattermost/mattermost...

GO-2025-4124 ZITADEL is vulnerable to Account Takeover with deactivated Instance IdP in github.com/zitadel/zitadel

ZITADEL is vulnerable to Account Takeover with deactivated Instance IdP in github.com/zitadel/zitadel. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

org.keycloak.testframework:keycloak-test-framework-clustering (>=26.3.0 <=26.4.2), org.keycloak.testframework:keycloak-test-framework-core (>=26.1.0 <=26.4.2) +16 more potentially affected by CVE-2025-11538 via org.keycloak:keycloak-quarkus-dist (>=26.0.0 <=26.4.2)

org.keycloak:keycloak-quarkus-dist MAVEN version =26.0.0, =26.3.0, =26.1.0, =26.4.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.1.0, =26.4.0, =26.1.0, =26.2.0, =26.2.0, =26.1.0, =26.1.0, =26.1.0, =26.4.2...

CVE-2025-12998

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5...

Mageia: Security Advisory (MGASA-2025-0276)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2025-172636 Malicious code in @mipta1/r2seads (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 4065dd1a960c3fb93d4e52b6d8eedf94014df0020f347fc1804019456563da0e This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

MAL-2025-164519 Malicious code in prayoga-poke22 (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 7c54bf352d67bbdc1244586375c82be3aecdf0e2aa507ac2aff018f96241041d This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

Moderate: Red Hat Security Advisory: kernel-rt security update

An update for kernel-rt is now available for Red Hat Enterprise Linux 9.2 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

TYPO3 Modules Extension has Improper Authentication vulnerability

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules. This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5...

GHSA-49QV-H8PM-73PF TYPO3 Modules Extension has Improper Authentication vulnerability

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules. This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5...

CVE-2025-12998

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5...

Incorrect Authorization

Overview codingms/modules is a Frontend-User-Registration, Profile, Invitations, Listing with detailview, Addressmanagement, Frontend-Recordmanagement. User friendly Backendmodule for managing Frontend- and Backend-Users and other Records. Toolbox for frontend and backend modules in TYPO3...

EUVD-2025-124903

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5...

CVE-2025-12998 Broken Authentication in extension “Modules” (modules)

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5...

CVE-2025-12998

The CVE-2025-12998 entry describes an Improper Authentication vulnerability in the TYPO3 Extension "Modules" (codingms/modules). Affected versions are: before 4.3.11; 5.0.0–5.7.4; 6.0.0–6.4.2; 7.0.0–7.5.5. The root cause is insufficient verification of user credentials within the modules extensio...

CVE-2025-12998 Broken Authentication in extension “Modules” (modules)

Improper Authentication vulnerability in TYPO3 Extension "Modules" codingms/modules.This issue affects Extension "Modules": before 4.3.11, from 5.0.0 before 5.7.4, from 6.0.0 before 6.4.2, from 7.0.0 before 7.5.5...