194 matches found
CVE-2026-23624
GLPI is a free asset and IT management software package. In versions starting from 0.71 to before 10.0.23 and before 11.0.5, when remote authentication is used, based on SSO variables, a user can steal a GLPI session previously opened by another user on the same machine. This issue has been patch...
PT-2026-6102
Name of the Vulnerable Software and Affected Versions GLPI versions 0.85 through 10.0.22 Description GLPI is an asset and IT management software package. An authenticated user can perform a SQL injection. This allows for potential unauthorized access or modification of data within the system...
CVE-2025-7760
CVE-2025-7760 affects Ofisimo Web-Based Software Technologies Association Web Package Flora (versions 3.0 through 03022026). The issue stems from improper input handling during web page generation, enabling cross-site scripting via HTTP headers. Red Hat and other sources corroborate the same desc...
CVE-2026-21978
Vulnerability in the Oracle FLEXCUBE Universal Banking product of Oracle Financial Services Applications component: Relationship Pricing. Supported versions that are affected are 14.0.0.0.0-14.8.0.0.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...
filecc (>=0.0.1 <=1.0.1), gm-i18n-migrate (>=2.7.0 <=2.9.0) +3 more potentially affected by CVE-2025-15536 via opencc (>=1.0.6 <=1.1.3)
opencc NPM version =1.0.6, =0.0.1, =2.7.0, =2.7.2, =1.0.2, =1.0.5 - wise-paas-notify-utility =1.4.10-s2t1 Source cves: CVE-2025-15536 Source advisory: SNYK:JS-OPENCC-15874418...
CVE-2026-0897
Allocation of Resources Without Limits or Throttling in the HDF5 weight loading component in Google Keras 3.0.0 through 3.13.0 on all platforms allows a remote attacker to cause a Denial of Service DoS through memory exhaustion and a crash of the Python interpreter via a crafted .keras archive...
@cenk1cenk2/renovate-config (>=2.0.0 <=2.3.148), @jamietanna/patch-testing (>=0.1.0 <=0.2.28) +8 more potentially affected by unknown CVE via renovate (>=32.241.11 <=40.21.2)
renovate NPM version =32.241.11, =2.0.0, =0.1.0, =0.1.0, =0.5.0, =0.1.0, =0.1.0, =0.0.1, =0.19.0 - @zotero-chinese/renovate-config =1.0.3 Source cves: unknown CVE Source advisory: OSV:GHSA-36J9-MX87-2CFF...
a2 (>=0.1.0 <=0.3.17), abadpour (>=6.13.1 <=7.24.1) +946 more potentially affected by CVE-2025-14279 via mlflow (>=0.8.2 <=3.4.0)
mlflow PYPI version =0.8.2, =0.1.0, =6.13.1, =9.273.1, =1.1.0, =0.1.0, =0.1.0, =0.4.4, =0.3.0, =0.0.5, =1.0.0, =0.1.0, =1.1.1 - ai-helpers-pytorch-utils =0.1.0a1 - ailine-core =0.5.5 and more Source cves: CVE-2025-14279 Source advisory: OSV:GHSA-PGQP-8H46-6X4J...
aws-greengrass-nucleus (>=0.0.3 <=0.0.7) potentially affected by unknown CVE via aws-sdk-greengrassv2 (>=0.15.0 <=0.18.0)
aws-sdk-greengrassv2 CARGO version =0.15.0, =0.0.3, =0.0.7 Source cves: unknown CVE Source advisory: OSV:GHSA-G59M-GF8J-GJF5...
acherion (>=0.2.0 <=0.9.2), aesp (=2025.9.12) +244 more potentially affected by CVE-2026-21874 via nicegui (>=2.11.0 <=3.3.1)
nicegui PYPI version =2.11.0, =0.2.0, =1.0.0, =0.0.1, =0.1.0, =0.2.0, =0.3.0, =0.3.0, =0.0.0, =0.4.14, =1.0.0, =1.1.3 - autestoy =0.1.0 - auth-web-kit =1.2.2 and more Source cves: CVE-2026-21874 Source advisory: OSV:GHSA-MP55-G7PJ-RVM2...
@ejazullah/playwright-mcp-server (>=1.0.0 <=1.88.0), @grebyn/toolentry-mcp-server (>=1.0.0 <=1.7.1) +20 more potentially affected by CVE-2025-9611 via @playwright/mcp (>=0.0.10 <=0.0.39)
@playwright/mcp NPM version =0.0.10, =1.0.0, =1.0.0, =1.0.8, =1.0.0, =1.0.1, =1.0.1, =1.0.0, =1.0.0, =0.1.11, =0.1.0, =1.0.0 and more Source cves: CVE-2025-9611 Source advisory: OSV:GHSA-6FG3-HVW7-2FWQ...
00ld8nuivn (=2.1.0), 00rqiw31nd (=2.1.0) +42013 more potentially affected by CVE-2025-15284 via qs (>=0.1.0 <=6.14.0)
qs NPM version =0.1.0, =6.14.0 is affected by a known vulnerability. The following packages have a transitive dependency on qs and may be impacted: - 00ld8nuivn =2.1.0 - 00rqiw31nd =2.1.0 - 01dk01majk =2.1.0 - 02rjq8i863 =1.1.0 - 02vx8qsp01 =2.1.0 - 05y6tjgmws =1.1.0 - 066m7q8o0z =2.1.0 -...
01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +3856 more potentially affected by CVE-2025-14920 via transformers (>=2.10.0 <=5.0.0rc0)
transformers PYPI version =2.10.0, =0.10.11, =0.5.5, =0.0.4.80, =0.2.1, =0.1.0, =0.1.1, =1.3.8, =1.5.3 - acace-coherence-checker =0.1.0 - acace-compression-engine =0.1.0 - acace-semantic-analyzer =0.1.0 - acace-sentiment-analyzer =0.1.0 and more Source cves: CVE-2025-14920 Source advisory:...
PT-2025-50368
Name of the Vulnerable Software and Affected Versions 1Panel versions 1.10.33 through 2.0.15 Description The software contains a cross-site request forgery CSRF issue in the web port configuration functionality. The port-change endpoint does not have CSRF protections, such as anti-CSRF tokens or...
EUVD-2025-201830
c-ares is an asynchronous resolver library. Versions 1.32.3 through 1.34.5 terminate a query after maximum attempts when using readanswer and processanswer, which can cause a Denial of Service. This issue is fixed in version 1.34.6...
postman-cli (>=1.16.0-canary.1 <=1.24.2) potentially affected by unknown CVE via @postman/pm-bin-macos-arm64 (>=1.16.0-canary.1 <=1.24.2)
@postman/pm-bin-macos-arm64 NPM version =1.16.0-canary.1, =1.16.0-canary.1, =1.24.2 Source cves: unknown CVE Source advisory: SNYK:JS-POSTMANPMBINMACOSARM64-14103293...
CVE-2025-8489 King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor 24.12.92 - 51.1.14 - Unauthenticated Privilege Escalation
The King Addons for Elementor – Free Elements, Widgets, Templates, and Features for Elementor plugin for WordPress is vulnerable to privilege escalation in versions 24.12.92 to 51.1.14 . This is due to the plugin not properly restricting the roles that users can register with. This makes it...
AZL-68736 CVE-2025-40778 affecting package bind for versions less than 9.20.15-1
Under certain circumstances, BIND is too lenient when accepting records from answers, allowing an attacker to inject forged data into the cache. This issue affects BIND 9 versions 9.11.0 through 9.16.50, 9.18.0 through 9.18.39, 9.20.0 through 9.20.13, 9.21.0 through 9.21.12, 9.11.3-S1 through...
EUVD-2025-25950
Malicious code in bioql PyPI...
algeb (>=3.0.0 <=5.4.0), anys (>=0.0.1 <=9.0.0) +32 more potentially affected by CVE-2025-57351 via ts-fns (>=0.0.11 <=13.1.3)
ts-fns NPM version =0.0.11, =3.0.0, =0.0.1, =0.0.1, =1.1.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.2, =9.0.0 and more Source cves: CVE-2025-57351 Source advisory: OSV:GHSA-G7WQ-WGGW-VMHG...