Embedded Malicious Code

Overview Affected versions of this package are vulnerable to Embedded Malicious Code. This package contains malicious code associated with the Sha1-hulud supply chain attack, and its content was removed from the official package manager. The malware functions as a self-replicating worm capable of...

Use of Hard-coded Cryptographic Key

Overview org.apache.syncope.core.idrepo:syncope-core-idrepo-logic is an Apache Syncope Core IdRepo Logic Affected versions of this package are vulnerable to Use of Hard-coded Cryptographic Key in the password encryption process. An attacker can recover original cleartext password values by...

CVE-2019-19823

creationtimestamp| type| source ---|---|--- 2025-11-20 11:50:03+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2019/CVE-2019-19823.yaml 2025-11-21 21:02:49+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m666lbfleu2w...

Denial-of-service (DoS)

github.com/argoproj/argo-cd is vulnerable to a Denial-of-service DoS. The vulnerability is due to Argo CD’s /api/webhook endpoint crashing when it receives a malformed Gogs push event with a missing or null commits.repo field, which allows an attacker to send crafted API requests that crash the A...

Race Condition

Argo CD is vulnerable to a race condition. The vulnerability is due to a flaw in the repository credentials handler that triggers a server panic during concurrent operations on the same repository URL, which allows an attacker to crash the Argo CD server...

minecraft-server-exploit-finder

minecraft-server-exp...

CVE-2017-17092

creationtimestamp| type| source ---|---|--- 2025-11-20 02:12:04+00:00| confirmed| https://github.com/projectdiscovery/nuclei-templates/tree/main/http/cves/2017/CVE-2017-17092.yaml 2025-11-21 21:02:45+00:00| seen| https://bsky.app/profile/beikokucyber.bsky.social/post/3m666lb5cds25...

GO-2025-4121 LXD vulnerable to a local privilege escalation through custom storage volumes in lxd in github.com/canonical/lxd

LXD vulnerable to a local privilege escalation through custom storage volumes in lxd in github.com/canonical/lxd...

VulnCheck KEV: CVE-2025-55190

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. In versions 2.13.0 through 2.13.8, 2.14.0 through 2.14.15, 3.0.0 through 3.0.12 and 3.1.0-rc1 through 3.1.1, API tokens with project-level permissions are able to retrieve sensitive repository credentials usernames, passwor...

GO-2025-4114 Milvus Proxy has a Critical Authentication Bypass Vulnerability in github.com/milvus-io/milvus

Milvus Proxy has a Critical Authentication Bypass Vulnerability in github.com/milvus-io/milvus. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerabilit...

GO-2025-4095 Kgateway transformation policy template can emit files from the container in github.com/kgateway-dev/kgateway

Kgateway transformation policy template can emit files from the container in github.com/kgateway-dev/kgateway...

CVE-2025-6171

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...

CVE-2025-11990

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...

AWS VDP: Command Injection on Amazon Q Developer CLI via malicious .amazonq/mcp.json leads to arbitrary code execution

Asset URL: https://github.com/aws/amazon-q-developer-cli/ Summary: Running Q chat from Amazon Q Developer CLI from an attacker-controlled repository/directory that contains a crafted .amazonq/mcp.json enables arbitrary command injection/execution. Amazon Q Developer CLI automatically loads and...

EUVD-2025-197696

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...

EUVD-2025-197692

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...

CVE-2025-6171

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...

CVE-2025-11990

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...

UBUNTU-CVE-2025-11990

GitLab has remediated an issue in GitLab EE affecting all versions from 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated user to gain CSRF tokens by exploiting improper input validation in repository references combined with redirect handling weaknesses...

CVE-2025-6171 Missing Authorization in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.2 before 18.3.6, 18.4 before 18.4.4, and 18.5 before 18.5.2 that could have allowed an authenticated attacker with reporter access to view branch names and pipeline details by accessing the packages API endpoint even wh...