EUVD-2025-59594

Malicious code in forthcomingferretz3n npm...

EUVD-2025-59593

Malicious code in forthcomingmulez3n npm...

MAL-2025-56384 Malicious code in forthcoming_rabbit_z3n (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71bbaea5558410c10b3e0951c2388b2dd16447531c19f7566793d03942aa2558 This package appears to be part of the tea.xyz token reward campaign that flooded npm. These packages typically contain autopublish scripts auto.js,...

PT-2025-44589

Netwrix Endpoint Protector formerly known as CoSoSys Endpoint Protector Details on CVE-2025-59796 will be released soon. The vendor has released an announcement and security patch; please update promptly: https://t.co/XNvjTaLOdD https://t.co/LVO6Y32UT1...

EUVD-2025-31369

Malicious code in bioql PyPI...

Amazon Linux 2023 : libnvidia, libnvidia-container, libnvidia-container1 (ALAS2023NVIDIA-2025-126)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023NVIDIA-2025-126 advisory. Placeholder CVE. Details forthcoming CVE-2025-23266 Placeholder CVE. Details forthcoming CVE-2025-23267 Tenable has extracted the preceding description block directly from the tested...

CVE-2023-26512

CWE-502 Deserialization of Untrusted Data at the rabbitmq-connector plugin module in Apache EventMesh incubating V1.7.0\V1.8.0 on windows\linux\mac os e.g. platforms allows attackers to send controlled message and remote code execute via rabbitmq messages. Users can use the code under the master...

CVE-2023-34102

Avo is an open source ruby on rails admin panel creation framework. The polymorphic field type stores the classes to operate on when updating a record with user input, and does not validate them in the back end. This can lead to unexpected behavior, remote code execution, or application crashes...

PT-2025-15283 · Libbpf +1 · Libbpf +1

Name of the Vulnerable Software and Affected Versions: libbpf version 1.5.0 Description: The issue is a buffer overflow vulnerability that allows a local attacker to execute arbitrary code via the bpf object init prog function of libbpf. Recommendations: For libbpf version 1.5.0, as a temporary...

Amazon Linux 2023 : rsync, rsync-daemon (ALAS2023-2025-800)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2025-800 advisory. Placeholder CVE. Details forthcoming CVE-2024-12085 Placeholder CVE. Details forthcoming CVE-2024-12086 Placeholder CVE. Details forthcoming CVE-2024-12087 Placeholder CVE. Details forthcoming...

PT-2024-17765 · Emlog Pro · Emlog Pro

Name of the Vulnerable Software and Affected Versions: Emlog Pro versions up to 2.4.1 Description: A problematic issue has been found in Emlog Pro, affecting some unknown functionality of the file /admin/link.php. The manipulation of the siteurl/icon argument leads to cross site scripting. The...

PT-2024-28348 · Friendica · Friendica

Name of the Vulnerable Software and Affected Versions: Friendica version 2024.03 Description: The issue is related to Cross Site Scripting XSS in the settings/profile section via the homepage, xmpp, and matrix parameters. This allows for potential malicious script execution. Recommendations: For...

CVE-2024-1464

Elementor Addons by Livemesh (WordPress) has CVE-2024-1464: Stored XSS via the style attribute in the Posts Slider widget, affecting all versions up to 8.3.4 due to insufficient input sanitization/output escaping. Impact: authenticated users with contributor+ privileges can inject scripts that ru...

PT-2024-22513 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A Cross-Site Request Forgery CSRF issue was found in DedeCMS. The issue is related to the "/dede/stepselect main.php" API endpoint. Recommendations: For DedeCMS version 5.7, as a temporary workaround, consider...

PT-2023-31572 · Seacms · Seacms

Name of the Vulnerable Software and Affected Versions: SeaCMS version 12.8 Description: A cross-site scripting XSS vulnerability in the component admin Video.php of SeaCMS allows attackers to execute arbitrary web scripts or HTML via a crafted payload. Recommendations: For SeaCMS version 12.8,...

CVE-2023-4501

User authentication with username and password credentials is ineffective in OpenText Micro Focus Visual COBOL, COBOL Server, Enterprise Developer, and Enterprise Server including product variants such as Enterprise Test Server, versions 7.0 patch updates 19 and 20, 8.0 patch updates 8 and 9, and...

GHSA-R3C9-9J5Q-PWV4 magento-lts Reset Password not protected against well-timed CSRF

Impact Password reset form is vulnerable to CSRF between time reset password link is clicked and user submits new password. Patches PR forthcoming Workarounds None...

Google Pixel 缓冲区错误漏洞

Google Pixel is a smartphone from the American company Google Google. Google Pixel has a security vulnerability. No information about this vulnerability is available at this time, so stay tuned to CNNVD or the manufacturer's announcement...

PT-2022-18204 · Tenda · Tenda M3

Name of the Vulnerable Software and Affected Versions: Tenda M3 version 1.10 V1.0.0.124856 Description: A command injection issue was found in the component "/goform/delAd" of the affected software. Recommendations: For version 1.10 V1.0.0.124856, consider restricting access to the "/goform/delAd...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google Inc. in the United States. A security vulnerability exists in the Pixel Modem in Google Android. There is no information about this vulnerability yet, so stay tuned to CNNVD or the manufacturer's announcement...