CVE-2025-57789 Vulnerability in Initial Administrator Login Process

During the brief window between installation and the first administrator login, remote attackers may exploit the default credential to gain admin control. This is limited to the setup phase, before any jobs have been configured...

Commvault 安全漏洞

Commvault is a data backup and recovery software from Commvault, Inc. A security vulnerability exists in versions of Commvault prior to 11.36.60 that originates after installation and before the first administrator login and could be exploited to gain administrator control using default credentia...

CVE-2025-43737

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via comliferayjournalwebportletJournalPortletbackURL parameter...

CVE-2025-38595

In the Linux kernel, the following vulnerability has been resolved: xen: fix UAF in dmabufexpfrompages dmabuffd fixes; no preferences regarding the tree it goes through - up to xen folks As soon as we'd inserted a file reference into descriptor table, another thread could close it. That's fine fo...

CVE-2025-38560

In the Linux kernel, the following vulnerability has been resolved: x86/sev: Evict cache lines during SNP memory validation An SNP cache coherency vulnerability requires a cache line eviction mitigation when validating memory after a page state change to private. The specific mitigation is to tou...

Linux Distros Unpatched Vulnerability : CVE-2020-14002

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - PuTTY 0.68 through 0.73 has an Observable Discrepancy leading to an information leak in the algorithm negotiation. This allows man-in-the-middle attackers to...

Linux Distros Unpatched Vulnerability : CVE-2025-38475

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: smc: Fix various oops due to inetsock type confusion. syzbot reported weird splats 01 in...

Linux Distros Unpatched Vulnerability : CVE-2025-38413

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: virtio-net: xsk: rx: fix the frame's length check When calling buftoxdp, the len argument is...

Linux Distros Unpatched Vulnerability : CVE-2025-22080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: fs/ntfs3: Prevent integer overflow in hdrfirstde The deoff and used variables come from the...

Linux Distros Unpatched Vulnerability : CVE-2024-35882

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: SUNRPC: Fix a slow server-side memory leak with RPC-over-TCP Jan Schunk reports that his sma...

CVE-2025-43734

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q1.0 through 2025.Q1.10, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.1 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.16 and 7.4 GA through update 92 allows...

Malicious code in tailwindcss-first-line (npm)

The package tailwindcss-first-line was found to contain malicious code...

my-first-vue-project (=0.1.0), react-responsive-data-table (>=1.0.0 <=1.0.5) potentially affected by unknown CVE via bootstrap4 (=0.0.1-security)

bootstrap4 NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on bootstrap4 and may be impacted: - my-first-vue-project =0.1.0 - react-responsive-data-table =1.0.0, =1.0.5 Source cves: unknown CVE Source advisory: OSV:MAL-2025-159...

brick (=0.0.0), bud (>=0.0.0 <=0.1.2) +16 more potentially affected by unknown CVE via first-val (=0.0.0)

first-val NPM version =0.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on first-val and may be impacted: - brick =0.0.0 - bud =0.0.0, =0.0.5, =0.0.0, =0.0.0, =0.0.7, =0.0.9, =0.1.0, =0.0.0, =3.1.1, =0.0.0, =0.0.4, =0.0.0, =0.0.2 and more Source cves...

Malicious code in 21st-angular (npm)

The package 21st-angular was found to contain malicious code...

Malicious code in socket-first-level-dep (npm)

The package socket-first-level-dep was found to contain malicious code...

Malicious code in socket-first-level-dep-1 (npm)

The package socket-first-level-dep-1 was found to contain malicious code...

Malicious code in test-mlw1-first-leady (npm)

The package test-mlw1-first-leady was found to contain malicious code...

Malicious code in @malware-test-first-leady/test-mlw3-first-leady (npm)

The package @malware-test-first-leady/test-mlw3-first-leady was found to contain malicious code...

Malicious code in my-first-addon (npm)

The package my-first-addon was found to contain malicious code...