Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview org.webjars.npm:axios is a promise-based HTTP client for the browser and Node.js. Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes through the transformResponse and request serialization paths in the defaul...

Azure Linux 3.0 Security Update: doxygen (CVE-2025-6140)

The version of doxygen installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-6140 advisory. - A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the...

CVE-2025-47410

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

CVE-2025-47410

Apache Geode CVE-2025-47410: CSRF via GET requests to the Management and Monitoring REST API can allow an attacker to trick a logged-in user into submitting commands on behalf of that user. Affected versions are 1.10–1.15.1; remediation is to upgrade to 1.15.2. Public references corroborate the i...

GHSA-W595-4975-GM3H Apache Geode web-api is vulnerable to Cross-site Scripting

Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...

CVE-2024-44088 Apache Geode: Reflected XSS

Malicious script injection 'Cross-site Scripting' vulnerability in Apache Geode web-api REST. This vulnerability allows an attacker that tricks a logged-in user into clicking a specially-crafted link to execute code on the returned page, which could lead to theft of the user's session information...

CVE-2024-44088

Apache Geode web-api (REST) is affected by a Cross-site Scripting (XSS) vulnerability that can be exploited when a logged-in user is tricked into clicking a crafted link, potentially enabling code execution on the victim page and leading to session information theft or account takeover. All Geode...

PT-2025-41925

Name of the Vulnerable Software and Affected Versions Apache Geode versions prior to 1.15.2 Description A malicious script injection issue exists in the Apache Geode web-api REST. An attacker can trick a logged-in user into clicking a specially-crafted link, leading to code execution on the...

Arbitrary Command Injection

Overview screenshot-desktop is a Capture a screenshot of your local machine Affected versions of this package are vulnerable to Arbitrary Command Injection via the format option in the Snapshot functions. An attacker can execute arbitrary commands with the privileges of the calling process by...

CVE-2025-6140

A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scopedpadder in the library include/spdlog/patternformatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit h...

AZL-64070 CVE-2025-6140 affecting package doxygen for versions less than 1.9.8-2

A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scopedpadder in the library include/spdlog/patternformatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit h...

CVE-2025-6140 spdlog pattern_formatter-inl.h scoped_padder resource consumption

A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scopedpadder in the library include/spdlog/patternformatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit h...

Astra Linux - уязвимость в spdlog

A vulnerability, which was classified as problematic, was found in spdlog up to 1.15.1. This affects the function scopedpadder in the library include/spdlog/patternformatter-inl.h. The manipulation leads to resource consumption. It is possible to launch the attack on the local host. The exploit h...

GHSA-53WX-PR6Q-M3J5 Apache Parquet Java: Potential malicious code execution from trusted packages in the parquet-avro module when reading an Avro schema from a Parquet file metadata

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...

CVE-2025-46762

Schema parsing in the parquet-avro module of Apache Parquet 1.15.0 and previous versions allows bad actors to execute arbitrary code. While 1.15.1 introduced a fix to restrict untrusted packages, the default setting of trusted packages still allows malicious classes from these packages to be...