NIST Limits CVE Enrichment After 263% Surge in Vulnerability Submissions

The National Institute of Standards and Technology NIST has announced changes to the way it handles cybersecurity vulnerabilities and exposures CVEs listed in its National Vulnerability Database NVD, stating it will only enrich those that fulfil certain conditions owing to an explosion in CVE...

CVE-2025-54369

Node-SAML vulnerable in versions 5.0.1 and earlier because it loads the assertion from the unsigned original response document, which differs from the parts verified during signature validation. This allows an attacker to modify authentication details within a valid SAML assertion (e.g., removing...

EUVD-2022-35435

Malicious code in bioql PyPI...

EUVD-2025-7210

Malicious code in bioql PyPI...

EUVD-2025-1654

Malicious code in bioql PyPI...

Advisory ROSA-SA-2025-2943

Software: openh264 2.1.1 OS: ROSA-CHROME unaffected versions = openh264-2.1.1-3 affected versions openh264-2.1.1-3 CVE-ID: CVE-2025-27091 BDU-ID: 2025-02022 CVE-Crit: CRITICAL CVE-DESC.: A vulnerability in the decoding functions of the OpenH264 library is related to a buffer overflow in dynamic...

CVE-2025-50095

CVE-2025-50095 affects Oracle MySQL Server (Server: Optimizer) with affected 9.0.0–9.3.0. The vulnerability enables a high-privileged attacker with network access via multiple protocols to cause a hang or complete denial of service of MySQL Server. The NVD entry lists CVSS v3.1 base score 4.9 (Av...

CVE-2025-50060

...

China-linked Salt Typhoon Exploits Critical Cisco Vulnerability to Target Canadian Telecom

The Canadian Centre for Cyber Security and the U.S. Federal Bureau of Investigation FBI have issued an advisory warning of cyber attacks mounted by the China-linked Salt Typhoon actors to breach major global telecommunications providers as part of a cyber espionage campaign. The attackers exploit...

CVE-2025-4538

A vulnerability was found in kkFileView 4.4.0. It has been classified as critical. This affects an unknown part of the file /fileUpload. The manipulation of the argument File leads to unrestricted upload. It is possible to initiate the attack remotely. The exploit has been disclosed to the public...

CVE-2025-30724

CVE-2025-30724 is a confirmed vulnerability affecting Oracle BI Publisher (Oracle Analytics, XML Services). Affected versions are 7.6.0.0.0 and 12.2.1.4.0. The issue allows an unauthenticated attacker, over HTTP, to compromise Oracle BI Publisher and potentially obtain unauthorized access to crit...

CVE-2025-21583

Oracle MySQL Server vulnerability CVE-2025-21583 affects the Server: DDL component in MySQL. Affected versions are 8.4.0 and 9.0.0. The issue can be triggered by a high-privileged attacker with network access via multiple protocols, leading to a hang or a frequently repeatable crash (complete DoS...

InternLM LMDeploy code injection vulnerability

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has...

CVE-2025-3163

A vulnerability was found in InternLM LMDeploy up to 0.7.1. It has been declared as critical. Affected by this vulnerability is the function Open of the file lmdeploy/docs/en/conf.py. The manipulation leads to code injection. It is possible to launch the attack on the local host. The exploit has...

CVE-2025-2218

A vulnerability has been found in LoveCards LoveCardsV2 up to 2.3.2 and classified as critical. This vulnerability affects unknown code of the file /api/system/other of the component Setting Handler. The manipulation leads to improper access controls. The attack can be initiated remotely. The...

GHSA-W6FP-3665-FQ2R vulnerabilities

Vulnerabilities for packages: openjdk-21-openj9, openjdk-8-openj9, openjdk-17-openj9, openjdk-11-openj9...

GHSA-RFXC-FRQH-V8X9 vulnerabilities

Vulnerabilities for packages: mysql...

CVE-2025-1364

A vulnerability has been found in MicroWord eScan Antivirus 7.0.32 on Linux and classified as critical. Affected by this vulnerability is the function passPrompt of the component USB Protection Service. The manipulation leads to stack-based buffer overflow. It is possible to launch the attack on...

Photon OS 4.0: Gstreamer PHSA-2025-4.0-0744

An update of the gstreamer package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-4.0-0744. The text itself is copyright C VMware, Inc. include'compat.inc'; if description...

CVE-2024-12942

A vulnerability was found in 1000 Projects Portfolio Management System MCA 1.0. It has been classified as critical. Affected is an unknown function of the file /admin/adminlogin.php. The manipulation of the argument username/password leads to sql injection. It is possible to launch the attack...