br.com.thiaguten:umbrella-configuration (>=0.1.0 <=1.0.0), br.com.thiaguten:umbrella-core (>=0.1.0 <=1.0.0) +1272 more potentially affected by CVE-2025-35036 via org.hibernate:hibernate-validator (>=6.0.0.Beta2 <=6.1.7.Final)

org.hibernate:hibernate-validator MAVEN version =6.0.0.Beta2, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =2.3.2-beta.6, =2.3.2-beta.5, =1.0.0, =1.1.16 - cn.openjava:openjava-spring-boot-starter =1.0.1 - cn.springcloud.gray:spring-cloud-gray-server =D.0.1.0-Beta-3 -...

Exposed Dangerous Method or Function

Overview org.webjars.npm:webpack-dev-server is an Uses webpack with a development server that provides live reloading. It should be used for development only. Affected versions of this package are vulnerable to Exposed Dangerous Method or Function via the webpackmodules object. An attacker can...

io.lighty.applications.rcgnmi:lighty-rcgnmi-app-module (>=22.0.0 <=22.1.0), io.lighty.applications.rnc:lighty-rnc-module (>=22.0.0 <=22.1.0) +28 more potentially affected by CVE-2025-46548 via org.apache.pekko:pekko-management_2.13 (>=1.0.0 <=1.1.0)

org.apache.pekko:pekko-management2.13 MAVEN version =1.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =1.0.0, =1.1.0-M1 and more Source cves: CVE-2025-46548 Source advisory: OSV:GHSA-9QVJ-RPJ8-V5C8...

SUSE CVE-2025-48938

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...

RHEL 9 : kpatch-patch-5_14_0-284_104_1, kpatch-patch-5_14_0-284_52_1, kpatch-patch-5_14_0-284_79_1, and kpatch-patch-5_14_0-284_92_1 (RHSA-2025:8343)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:8343 advisory. This is a kernel live patch module which can be loaded by the kpatch command line utility to modify the code of a running kernel. This patch...

CVE-2025-48938

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...

CVE-2025-48938 Prevent GitHub CLI and extensions from executing arbitrary commands from compromised GitHub Enterprise Server

go-gh is a collection of Go modules to make authoring GitHub CLI extensions easier. A security vulnerability has been identified in versions prior to 2.12.1 where an attacker-controlled GitHub Enterprise Server could result in executing arbitrary commands on a user's machine by replacing HTTP URL...

org.springframework.cloud:spring-cloud-gateway-docs (>=4.1.3 <=4.1.7), org.springframework.cloud:spring-cloud-starter-gateway-mvc (>=4.1.0 <=4.1.7) potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server-mvc (>=4.1.0 <=4.1.7)

org.springframework.cloud:spring-cloud-gateway-server-mvc MAVEN version =4.1.0, =4.1.3, =4.1.0, =4.1.7 Source cves: CVE-2025-41235 Source advisory: SNYK:JAVA-ORGSPRINGFRAMEWORKCLOUD-10265482...

go-gh 安全漏洞

go-gh is a collection of Go modules open sourced from the GitHub CLI. It is used to interact with gh and GitHub APIs from the command line. A security vulnerability exists in go-gh versions prior to 2.12.1, which stems from an attacker-controlled GitHub Enterprise Server could lead to the executi...

USN-7510-8 linux-aws-5.15 vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Network block device...

PT-2025-23139 · Mitsubishi · Melsec Iq-F Series

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric Corporation MELSEC iQ-F Series CPU modules affected versions not specified Description: The issue allows a remote unauthenticated attacker to read information in the product, cause a Denial-of-Service DoS condition in...

au.com.dius.pact.consumer:groovy (=4.7.0-beta.1), au.com.dius.pact.consumer:junit (=4.7.0-beta.1) +1556 more potentially affected by CVE-2025-48734 via commons-beanutils:commons-beanutils (>=1.0 <=1.10.1)

commons-beanutils:commons-beanutils MAVEN version =1.0, =1.10.1 is affected by a known vulnerability. The following packages have a transitive dependency on commons-beanutils:commons-beanutils and may be impacted: - au.com.dius.pact.consumer:groovy =4.7.0-beta.1 - au.com.dius.pact.consumer:junit...

GO-2025-3704 Grafana Cross-Site-Scripting (XSS) via custom loaded frontend plugin in github.com/grafana/grafana

Grafana Cross-Site-Scripting XSS via custom loaded frontend plugin in github.com/grafana/grafana. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

K000151542: OpenSSL vulnerability CVE-2025-4575

Security Advisory Description Issue summary: Use of -addreject option with the openssl x509 application adds a trusted use instead of a rejected use for a certificate. Impact summary: If a user intends to make a trusted certificate rejected for a particular use it will be instead marked as truste...

USN-7510-6 linux-aws-fips vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - x86 architecture; - Block layer subsystem; - Network block device...

CVE-2025-31636

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SaurabhSharma WP Post Modules for Elementor wp-post-modules-el allows Reflected XSS.This issue affects WP Post Modules for Elementor: from n/a through = 2.5.0...

CVE-2025-31636

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SaurabhSharma WP Post Modules for Elementor wp-post-modules-el allows Reflected XSS.This issue affects WP Post Modules for Elementor: from n/a through = 2.5.0...

CVE-2025-31636 WordPress WP Post Modules for Elementor plugin <= 2.5.0 - Reflected Cross Site Scripting (XSS) vulnerability

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in SaurabhSharma WP Post Modules for Elementor allows Reflected XSS. This issue affects WP Post Modules for Elementor: from n/a through 2.5.0...

CVE-2025-31636

CVE-2025-31636 is a reflected Cross-Site Scripting vulnerability in the WordPress plugin “WP Post Modules for Elementor.” Affected versions are up to and including 2.5.0. The issue arises from improper input neutralization during web page generation. Evidence from multiple sources confirms the vu...

CVE-2024-9054

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection', Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Microchip TimeProvider 4100 Configuration modules allows Command Injection.This issue affects TimeProvider 4100: from 1.0 before...