CVE-2025-31973

HCL BigFix Service Management SM is susceptible to a Configuration – 'Insecure Use of Base Image Version'. Using outdated or insecure base images may introduce known vulnerabilities, potentially increasing the risk of exploitation in the application environment...

CLEANSTART-2026-BS27946 Security fixes for CVE-2025-61726, CVE-2025-61728, CVE-2025-61729, CVE-2025-61730, CVE-2025-68119, CVE-2025-68121, CVE-2026-25679, CVE-2026-27139, CVE-2026-27142, CVE-2026-33186, CVE-2026-33810, CVE-2026-33811, CVE-2026-33814, CVE-2026-35469, CVE-2026-39817, CVE-2026-39819, CVE-2026-39820, CVE-2026-39823, CVE-2026-39825, CVE-2026-39826, CVE-2026-39836, CVE-2026-39883, CVE-2026-42499, CVE-2026-42501, ghsa-78h2-9frx-2jm8, ghsa-f6x5-jh6r-wrfv, ghsa-j5w8-q4qc-rx2x, ghsa-pc3f-x583-g7j2, ghsa-xmrv-pmrh-hhx2 applied in versions: 1.16.2-r2, 1.17.2-r0, 1.17.2-r1, 1.18.0-r0, 1.18.0-r1, 1.18.0-r2, 1.18.0-r3

Multiple security vulnerabilities affect the velero-fips package. These issues are resolved in later releases. See references for individual vulnerability details...

EUVD-2025-209661

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the...

CVE-2025-59851

HCL DFXAnalytics is affected by a Using Components with Known Vulnerabilities flaw where the application utilizes unpatched libraries or sub-components, which could allow an attacker to identify and exploit publicly known security vulnerabilities to gain unauthorized access or compromise the...

com.cognifide.aet:cleaner (>=2.0.0 <=3.2.2), com.cognifide.aet:communication (>=2.0.0 <=3.2.2) +184 more potentially affected by CVE-2025-66168 +1 more via org.apache.activemq:activemq-mqtt (>=5.10.0 <=5.19.1)

org.apache.activemq:activemq-mqtt MAVEN version =5.10.0, =2.0.0, =2.0.0, =2.0.0, =2.0.0, =2.0.3-rc1, =2.0.0, =3.0.0, =3.0.0, =3.0.0, =1.1.0, =1.2.4.5, =1.2.4.6, =1.2.4.5, =1.2.4.5, =1.2.6.7 and more Source cves: CVE-2025-66168, CVE-2026-40046 Source advisory: OSV:GHSA-C825-6PH3-4H84...

@afidos/nestjs-event-notifications (>=2.2.1 <=2.2.2), @mieweb/wikigdrive (>=2.15.0 <=2.17.1) +3 more potentially affected by CVE-2026-25142 +1 more via @nyariv/sandboxjs (>=0.5.3 <=0.8.25)

@nyariv/sandboxjs NPM version =0.5.3, =2.2.1, =2.15.0, =0.2.0, =11.0.0, =12.0.1 Source cves: CVE-2026-25142, CVE-2026-25587 Source advisory: SNYK:JS-NYARIVSANDBOXJS-15248292...

MiracleLinux 9 : skopeo-1.13.3-1.el9 (AXSA:2023-6774:03)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6774:03 advisory. golang: html/template: improper handling of JavaScript whitespace CVE-2023-24540 net/http, golang.org/x/net/http2: avoid quadratic complexity in HPA...

CVE-2026-22645

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...

CVE-2026-22645

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...

CVE-2026-22645

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...

SICK Incoming Goods Suite security vulnerabilities

SICK Incoming Goods Suite is a logistics receipt process software developed by the German company SICK. There is a security vulnerability in SICK Incoming Goods Suite. This vulnerability stems from the application disclosing all component information, version details, and license details to...

PT-2026-3012

The application discloses all used components, versions and license information to unauthenticated actors, giving attackers the opportunity to target known security vulnerabilities of used components...

HackTheBox-Penetration-Testing-Methodology

HackTheBox Penetration Testing Methodology by 9mmpterodacty...

curl: Hash exposed in public repository

An image hash is publicly exposed on Github Steps to reproduce: See at https://github.com/curl/curl/blob/master/Dockerfile Solution: If you want to keep the hash, the repository should be private Use official tags without specific hashes or environment variables Best, @skymander Impact An attacke...

CVE-2025-10561

The device is running an outdated operating system, which may be susceptible to known vulnerabilities...

CVE-2025-10561

Rejected reason: This CVE ID was assigned in error. The End-of-Life status of a component, by itself, does not constitute a vulnerability under the CVE Program’s rules. This condition represents a security weakness CWE-1104: Use of Unmaintained Third-Party Components rather than a specific...

CVE-2025-10561

CVE-2025-10561 entry is rejected/not used and does not represent an active vulnerability.

EUVD-2025-36156

The device is running an outdated operating system, which may be susceptible to known vulnerabilities...

CVE-2025-10561

...

CVE-2025-52616

HCL Unica 12.1.10 can expose sensitive system information. An attacker could use this information to form an attack plan by leveraging known vulnerabilities in the application...