8335 matches found
SUSE CVE-2025-9079
Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...
CVE-2025-59828
Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...
Wordfence Intelligence Weekly WordPress Vulnerability Report (September 15, 2025 to September 21, 2025)
Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...
Moderate: Red Hat Security Advisory: Red Hat Developer Hub 1.6.5 release.
Red Hat Developer Hub 1.6.5 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...
CVE-2025-8410
Use After Free vulnerability in RTI Connext Professional Security Plugins allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0...
Duplicate Advisory: Malicious versions of Nx were published
Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cxm3-wv7p-598c. This link is maintained to preserve external references. Original Description Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was...
CVE-2025-10894 Nx: nx/devkit: malicious versions of nx and plugins published to npm
Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...
CVE-2025-59828
Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...
CVE-2025-59828 Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions
Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...
@adishare/strapi-plugin-import-export-entries (=1.23.2), @aller/svelte-components (=1.5.17) +62 more potentially affected by CVE-2025-57350 via csvtojson (=2.0.10)
csvtojson NPM version =2.0.10 is affected by a known vulnerability. The following packages have a transitive dependency on csvtojson and may be impacted: - @adishare/strapi-plugin-import-export-entries =1.23.2 - @aller/svelte-components =1.5.17 - @arisonadim/strapi-plugin-import-export-entries...
PT-2025-39338
Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.39 Description Claude Code is an agentic coding tool. When used with Yarn versions 2.0 and higher, Yarn plugins are automatically executed when running yarn --version in versions prior to 1.0.39. This could...
CVE-2025-8410
Use After Free vulnerability in RTI Connext Professional Security Plugins allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0...
CVE-2025-8410
Use After Free vulnerability in RTI Connext Professional Security Plugins allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0...
CVE-2025-8410
This CVE concerns RTI Connext Professional (Security Plugins). A Use After Free vulnerability in the Security Plugins component may allow file manipulation. Affected versions are Connext Professional 7.5.0 up to, but not including, 7.6.0. The issue stems from a post-release reuse/management flaw ...
CVE-2025-8410 Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.
Use After Free vulnerability in RTI Connext Professional Security Plugins allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0...
CVE-2025-8410 Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.
Use After Free vulnerability in RTI Connext Professional Security Plugins allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0...
PT-2025-39201
Name of the Vulnerable Software and Affected Versions RTI Connext Professional versions 7.5.0 through 7.5.9 Description A Use After Free issue exists in RTI Connext Professional Security Plugins that could allow File Manipulation. The issue is present in the Security Plugins component...
Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: CVE-2025-47806: Fixed stack buffer overflow in SubRip subtitle parser bsc1244407. CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer...
SUSE-SU-2025:20751-1 Security update for gstreamer-plugins-base
This update for gstreamer-plugins-base fixes the following issues: - CVE-2025-47806: Fixed stack buffer overflow in SubRip subtitle parser bsc1244407. - CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlaye...
Build Numbers and Versions of Veeam Plug-in for Scale Computing HyperCore
This KB article lists all versions of the Veeam Plug-in for Scale Computing HyperCore and their respective worker build numbers. Version | Plug-In / Worker Build | Release Date ---|---|--- Veeam Plug-in for Scale Computing HyperCore 3 Releases Veeam Plug-in for Scale Computing HyperCore 3.1...