408 matches found
EUVD-2022-26945
Malicious code in bioql PyPI...
EUVD-2022-51646
Malicious code in bioql PyPI...
EUVD-2023-0363
Malicious code in bioql PyPI...
PT-2025-38360
Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A reference count leak exists in the nfsd4 ssc umount item component within the kernel's NFS daemon NFSD. Specifically, the reference count is not decremented under error conditions,...
PT-2025-44689
Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 142.0.7444.59 Chromium versions prior to 142.0.7444.59 Chromium versions 142.0.7444.59-1deb12u1 and 142.0.7444.59-1deb13u1 Chromium versions prior to 142.0.7444.162-alt0.p11.1 Description An out-of-bounds read...
vulnerabilitydb
This is a public vulnerability database repository for Snyk, a tool that helps find and fix known vulnerabilities in Node.js dependencies. The repository contains a list of folders for vulnerable npm packages, each with a subfolder for a specific date YYYYMMDD containing data files. The data is...
PT-2025-34488 · Dootask · Dootask
Name of the Vulnerable Software and Affected Versions: DooTask version 1.0.51 Description: An authenticated arbitrary file upload issue exists in the /msg/sendfiles component of DooTask version 1.0.51. This allows attackers to execute arbitrary code by uploading a crafted file. Recommendations: A...
PT-2025-34422 · Unknown +1 · Alienware Wmi Wmax +1
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The Linux kernel contains an issue in the platform/x86/alienware-wmi-wmax component. A fix was implemented to address a missing empty member in the awcc dmi table array, specifically...
PT-2025-34293 · Microsoft · Pcmanager
Name of the Vulnerable Software and Affected Versions: Microsoft PC Manager affected versions not specified Description: Improper authorization in Microsoft PC Manager can allow an unauthorized attacker to elevate privileges over a network. Recommendations: At the moment, there is no information...
PT-2025-33425 · Itsourcecode · Itsourcecode Online Tour/Travel Management System
Name of the Vulnerable Software and Affected Versions: itsourcecode Online Tour and Travel Management System version 1.0 Description: A SQL injection issue exists in itsourcecode Online Tour and Travel Management System 1.0, specifically within the /admin/expense report.php file. Manipulation of...
PT-2025-33113 · Unknown · 1000 Projects Sales Management System
Name of the Vulnerable Software and Affected Versions: 1000 Projects Sales Management System version 1.0 Description: A cross site scripting issue exists due to the manipulation of the ssalescat argument in the processing of the /superstore/admin/sales.php file. The attack can be initiated remote...
Security Bulletin: IBM App Connect Enterprise Certified Container UBI updates
Summary IBM App Connect Enterprise Certified Container ACEcc is built on the Red Hat Universal Base Images. ACEcc operator versions 12.0.14 LTS and 12.14.0 addresses the listed CVEs found in the base images. This bulletin provides patch information to address the reported vulnerabilities...
GHSA-M9X4-W7P9-MXHX XWiki allows Reflected XSS in two templates
Impact Reflected XSS vulnerabilities in two templates allow an attacker to execute malicious JavaScript code in the context of the victim's session by getting the victim to visit an attacker-controlled URL. PoC URLs are /xwiki/bin/view/Main/?xpage=jobstatusjson&jobId=asdf&translationPrefix= and...
CVE-2025-8534 libtiff tiff2ps tiff2ps.c PS_Lvl2page null pointer dereference
A vulnerability classified as problematic was found in libtiff 4.6.0. This vulnerability affects the function PSLvl2page of the file tools/tiff2ps.c of the component tiff2ps. The manipulation leads to null pointer dereference. It is possible to launch the attack on the local host. The complexity ...
Debian: Security Advisory (DLA-4264-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-38409
In the Linux kernel, the following vulnerability has been resolved: drm/msm: Fix another leak in the submit error path putunusedfd doesn't free the installed file, if we've already done fdinstall. So we need to also free the syncfile. Patchwork: https://patchwork.freedesktop.org/patch/653583/...
SUSE: Security Advisory (SUSE-SU-2025:02229-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM App Connect Enterprise Certified Container operands are vulnerable to denial of service and path traversal [CVE-2025-47935] [CVE-2025-47944] [CVE-2025-48997] [CVE-2025-48387]
Summary Node.js is used by IBM App Connect Enterprise Certified Container when developing flows and running those flows. IBM App Connect Enterprise Certified Container DesignerAuthoring, IntegrationRuntime and IntegrationServer operands are vulnerable to denial of service and path traversal. This...
Security Bulletin: IBM App Connect Enterprise Certified Container Dashboard operands are vulnerable to loss of confidentiality [CVE-2025-6545] [CVE-2025-6547]
Summary Node.js module pbkdf2 is used by IBM App Connect Enterprise Certified Container when accessing BAR files stored in COS S3 storage. IBM App Connect Enterprise Certified Container Dashboard operands that access BAR files stored in COS S3 storage are vulnerable to loss of confidentiality. Th...
CVE-2025-48059
PowSyBl Power System Blocks is a framework to build power system oriented software. In com.powsybl:powsybl-iidm-criteria versions 6.3.0 to before 6.7.2 and com.powsybl:powsybl-contingency-api versions 5.0.0 to before 6.3.0, there is a a potential polynomial Regular Expression Denial of Service...