195 matches found
algeb (>=3.0.0 <=5.4.0), anys (>=0.0.1 <=9.0.0) +32 more potentially affected by CVE-2025-57351 via ts-fns (>=0.0.11 <=13.1.3)
ts-fns NPM version =0.0.11, =3.0.0, =0.0.1, =0.0.1, =1.1.0, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.1, =1.0.2, =9.0.0 and more Source cves: CVE-2025-57351 Source advisory: OSV:GHSA-G7WQ-WGGW-VMHG...
@remirror/core (>=0.2.0 <=0.11.0), @remirror/core-extensions (>=0.2.0 <=0.13.1) +42 more potentially affected by CVE-2025-57352 via min-document (>=2.17.0 <=2.19.0)
min-document NPM version =2.17.0, =0.2.0, =0.2.0, =0.4.2-ci.1569229282.9, =0.4.2-canary.2, =0.4.2-ci.1569229282.9, =0.4.2-ci.1569229282.9, =0.2.0, =0.2.0, =0.2.0, =0.4.0, =0.4.2-ci.1569229282.9, =0.2.0, =0.2.0, =0.2.0, =0.4.2-ci.1569229282.9, =0.13.1 and more Source cves: CVE-2025-57352 Source...
amlr (>=0.3.6 <=0.4.1), arsa-ml (>=0.1.0 <=0.1.13) +29 more potentially affected by CVE-2025-6544 via h2o (>=3.18.0.8 <=3.46.0.7)
h2o PYPI version =3.18.0.8, =0.3.6, =0.1.0, =0.0.92, =1.0.81, =2019.9.10.14.39.5, =1.0.1, =0.1.20, =0.1.0, =0.1.2, =0.3.2, =0.3.0, =1.0.1.1.4, =0.4.0.dev3, =0.1.0, =3.0.1, =5.4.1 and more Source cves: CVE-2025-6544 Source advisory: OSV:GHSA-5W3J-GWGH-4RFV...
CVE-2024-12367
Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Vegagrup Software Vega Master allows Directory Indexing. This issue affects Vega Master: from v.1.12.35 through 20250916. NOTE: The vendor did not inform about the completion of the fixing process within...
CVE-2025-36035
CVE-2025-36035 affects IBM PowerVM Hypervisor versions FW950.00–FW950.E0, FW1050.00–FW1050.50, and FW1060.00–FW1060.40. A local privileged user can issue a crafted IBM i hypervisor call to cause a denial of service by disclosing memory contents or consuming memory resources. IBM’s advisory and Re...
CVE-2025-43786
Enumeration of ERC from object entry in Liferay Portal 7.4.0 through 7.4.3.128, and Liferay DXP 2024.Q3.0 through 2024.Q3.1, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12, 2023.Q4.0 and 7.4 GA through update 92 allow attackers to determine existent ERC in the application by exploit t...
@adhd/react-hooks (=2.2.1), @aklesky/vite-config (>=0.7.9 <=0.9.0) +431 more potentially affected by CVE-2025-58752 via vite (>=5.0.0-beta.0 <=5.4.2)
vite NPM version =5.0.0-beta.0, =0.7.9, =17.1.0, =18.0.0, =1.0.25-beta.0, =0.5.0, =2.0.0-beta.0, =0.22.0, =1.0.1, =1.0.0, =1.0.0, =0.9.0, =0.9.8 and more Source cves: CVE-2025-58752 Source advisory: SNYK:JS-VITE-12558116...
CVE-2025-58362 Hono contains a flaw in URL path parsing, potentially leading to path confusion
Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...
CVE-2025-55748
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 4.2-milestone-2 through 16.10.6, configuration files are accessible through jsx and sx endpoints. It's possible to access and read configuration files by using URLs such as...
Linux Distros Unpatched Vulnerability : CVE-2024-9367
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in GitLab CE/EE affecting all versions starting from 13.9 before 17.4.6, 17.5 before 17.5.4, and 17.6 before 17.6.2, that allows an...
CVE-2025-49410
CVE-2025-49410- WordPress Portfolio Manager Pro Plugin <= 3.8 – Unauthenticated Arbitrary File Upload vulnerability. According to Patchstack and CVE records, it allows uploading a dangerous file (e.g., web shell) due to improper file handling, enabling potential remote code execution on affect...
Linux Distros Unpatched Vulnerability : CVE-2023-52969
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - MariaDB Server 10.4 through 10.5., 10.6 through 10.6., 10.7 through 10.11., and 11.0 through 11.0. can sometimes crash with an empty backtrace log. This may be...
PT-2025-33258 · WordPress · Magical Posts Display
Name of the Vulnerable Software and Affected Versions: Magical Posts Display versions 1.0.0 through 1.2.52 Description: The software contains a DOM-Based Cross-site Scripting issue due to improper neutralization of input during web page generation. Recommendations: Update Magical Posts Display to...
Buffer overread in the ngx_mail_smtp_module
Buffer overread in the ngxmailsmtpmodule Severity: low CVE-2025-53859 Not vulnerable: 1.29.1+ Vulnerable: 0.7.22-1.29.0...
windmill-cli (>=0.0.1 <=0.0.13) potentially affected by CVE-2025-55152 via @oakserver/oak (>=12.6.2 <=14.1.0)
@oakserver/oak NPM version =12.6.2, =0.0.1, =0.0.13 Source cves: CVE-2025-55152 Source advisory: OSV:GHSA-R3V7-PC4G-7XP9...
WordPress plugin WPLMS 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...
3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1736 more potentially affected by CVE-2025-3263 via transformers (>=2.10.0 <=4.50.3)
transformers PYPI version =2.10.0, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-3263 Source advisory: OSV:GHSA-Q2WP-RJMX-X6X9...
CVE-2025-3046 Path Traversal via Symbolic Links in run-llama/llama_index
A vulnerability in the ObsidianReader class of the run-llama/llamaindex repository, versions 0.12.23 to 0.12.28, allows for arbitrary file read through symbolic links. The ObsidianReader fails to resolve symlinks to their real paths and does not validate whether the resolved paths lie within the...
SOGo 代码问题漏洞
SOGo is a very fast and extensible modern collaboration suite from Alinto Open Source. It provides calendaring, address book management and a full-featured webmail client as well as resource sharing and permission handling. A code issue vulnerability exists in SOGo versions 2.0.2 through 5.12.2,...
Mozilla neqo 安全漏洞
Mozilla neqo is a Rust protocol library from the Mozilla Foundation in the United States. A security vulnerability exists in Mozilla neqo versions 0.4.24 through 0.13.2, which stems from improper input validation and may cause a crash...