5124 matches found
Malicious code in pure_silkworm_z3n (npm)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 1b88a7fb2163702e962a2b76738a5db869703cbe644d27220da8647a32658925 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...
PT-2025-46538
Name of the Vulnerable Software and Affected Versions Solid Edge SE2025 versions prior to V225.0 Update 11 Description The application does not properly validate client certificates when connecting to the License Service endpoint. This could allow a remote attacker to perform man-in-the-middle...
PT-2025-46388
Name of the Vulnerable Software and Affected Versions IntelR KillerTM Performance Suite versions prior to 4.0 40.25.509.1465 Description An uncontrolled search path exists in some IntelR KillerTM Performance Suite software. This issue, occurring within Ring 3 User Applications, may allow an...
PT-2025-46286
Name of the Vulnerable Software and Affected Versions Preload Current Images plugin for WordPress versions prior to 1.4 Description The Preload Current Images plugin for WordPress is susceptible to Stored Cross-Site Scripting through the complete parameter within the 'preload progress bar'...
PT-2025-46257
Name of the Vulnerable Software and Affected Versions Twitter Feed plugin for WordPress versions up to and including 1.3.1 Description The Twitter Feed plugin for WordPress is susceptible to Stored Cross-Site Scripting through the 'ottwitter feed' shortcode. This occurs because the plugin does no...
SUSE-SU-2025:4025-1 Security update for govulncheck-vulndb
This update for govulncheck-vulndb fixes the following issues: - Update to version 0.0.20251105T184115 2025-11-05T18:41:15Z. jscPED-11136: Go CVE Numbering Authority IDs added or updated with aliases: GO-2025-3987 GHSA-fmjh-f678-cv3x GO-2025-3988 GHSA-wpwj-69cm-q9c5 GO-2025-3999 GHSA-3g72-chj4-22...
PT-2025-45548
Name of the Vulnerable Software and Affected Versions HTML Forms – Simple WordPress Forms Plugin versions up to and including 1.5.5 Description The software contains a flaw that allows an attacker with administrator-level permissions to inject malicious web scripts into pages. This is due to...
EUVD-2025-38282
An allocation of resources without limits or throttling vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to prevent other systems, applications, or processes from accessing the same type of resource. We ha...
SUSE SLED15 / SLES15 / openSUSE 15 Security Update : runc (SUSE-SU-2025:3950-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 / openSUSE 15 host has a package installed that is affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3950-1 advisory. - CVE-2025-31133: Fixed container escape via 'masked path' abuse due to mount race conditions...
PT-2025-45440
Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.5.3 KubeVirt versions prior to 1.6.1 Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw where the virt-handler does not validate if the launcher-sock is a symbolic link or a...
PT-2026-22403
Name of the Vulnerable Software and Affected Versions Docker Model Runner versions prior to 1.0.16 Docker Desktop versions prior to 4.61.0 when Model Runner is enabled Description Docker Model Runner is software used to manage, run, and deploy AI models using Docker. Versions prior to 1.0.16 expo...
Fedora 44 : docker-buildkit (2025-c1b04cbaba)
The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-c1b04cbaba advisory. Automatic update for docker-buildkit-0.25.2-1.fc44. Changelog Wed Nov 5 2025 Bradley G Smith - 0.25.2-1 - Update to v0.25.2 - CVE-2025-58183;...
Security update for govulncheck-vulndb
This update for govulncheck-vulndb fixes the following issues: Update to version 0.0.20251029T215107 2025-10-29T21:51:07Z. jscPED-11136: GO-2025-4006 GO-2025-4007 GO-2025-4008 GO-2025-4009 GO-2025-4010 GO-2025-4011 GO-2025-4012 GO-2025-4013 GO-2025-4014 GO-2025-4015 Patch Instructions: To install...
SUSE SLED15: himmelblau / himmelblau-sshd-config / libnss_himmelblau2 / etc (SUSE-SU-2025:3869-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:3869-1 advisory. Update to version 0.7.18+git.0.8485a75. - CVE-2025-58160: tracing-subscriber: untrusted user input containing ANSI esca...
SUSE-SU-2025:3869-1 Security update for himmelblau
This update for himmelblau fixes the following issues: Update to version 0.7.18+git.0.8485a75. - CVE-2025-58160: tracing-subscriber: untrusted user input containing ANSI escape sequences could be injected into terminal output when logged bsc1249013...
PT-2025-44400
Name of the Vulnerable Software and Affected Versions CSZ-CMS versions prior to 1.3.1 Description A SQL injection issue exists in the Form Builder view functionality. The vulnerability is located in the field parameter of the form viewing feature, allowing authenticated administrators to execute...
PT-2025-44275
Name of the Vulnerable Software and Affected Versions Call Now Button versions prior to 1.5.5 Description The Call Now Button plugin for WordPress is susceptible to unauthorized data access because of a missing capability check in multiple functions. Attackers with Subscriber-level access or high...
PT-2025-44260
Name of the Vulnerable Software and Affected Versions Rometheme RTMKit versions through 1.6.7 Description An authorization bypass exists in Rometheme RTMKit rometheme-for-elementor due to incorrectly configured access control security levels. This allows exploitation through a user-controlled key...
CVE-2025-62794
CVE-2025-62794 affects the GitHub Workflow Updater VS Code extension. Before version 0.0.7, the extension stored provided GitHub tokens in plaintext JSON in editor configuration on disk instead of using securestorage. This allowed a local attacker with read access to the user’s home directory to ...
PT-2025-44151
Name of the Vulnerable Software and Affected Versions Asseco mMedica versions prior to 11.9.5 Description An unauthenticated user can connect to a publicly accessible database using arbitrary credentials. The system grants full access to the database by leveraging a previously authenticated...