Lucene search
K

8335 matches found

SUSE CVE
SUSE CVE
added 2025/09/25 11:28 p.m.3 views

SUSE CVE-2025-9079

Mattermost versions 10.8.x = 10.8.3, 10.5.x = 10.5.8, 9.11.x = 9.11.17, 10.10.x = 10.10.1, 10.9.x = 10.9.3 fail to validate import directory path configuration which allows admin users to execute arbitrary code via malicious plugin upload to prepackaged plugins directory...

7.2CVSS8.1AI score0.00599EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2025/09/25 7:47 p.m.4 views

CVE-2025-59828

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...

7.7CVSS6.9AI score0.00341EPSS
Exploits0References1
Wordfence Blog
Wordfence Blog
added 2025/09/25 2:54 p.m.19 views

Wordfence Intelligence Weekly WordPress Vulnerability Report (September 15, 2025 to September 21, 2025)

Calling all Vulnerability Researchers and Bug Bounty Hunters! Operation: Maximum Impact Challenge ! Now through November 10, 2025, earn 2X bounty rewards forall in-scope submissions in software with at least 5,000 active installs and fewer than 5 million active installs. Bounties up to $31,200 pe...

9.8CVSS8.7AI score0.03686EPSS
Exploits11
RedHat Linux
RedHat Linux
added 2025/09/25 11:13 a.m.3 views

Moderate: Red Hat Security Advisory: Red Hat Developer Hub 1.6.5 release.

Red Hat Developer Hub 1.6.5 has been released. Red Hat Developer Hub RHDH is Red Hat's enterprise-grade, self-managed, customizable developer portal based on Backstage.io. RHDH is supported on OpenShift and other major Kubernetes clusters AKS, EKS, GKE. The core features of RHDH include a single...

7.5CVSS6.5AI score0.01099EPSS
Exploits1References8
RedhatCVE
RedhatCVE
added 2025/09/25 2:53 a.m.3 views

CVE-2025-8410

Use After Free vulnerability in RTI Connext Professional Security Plugins allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0...

5.8CVSS7AI score0.00198EPSS
Exploits0References1
Github Security Blog
Github Security Blog
added 2025/09/25 12:30 a.m.11 views

Duplicate Advisory: Malicious versions of Nx were published

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-cxm3-wv7p-598c. This link is maintained to preserve external references. Original Description Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was...

9.6CVSS7.1AI score0.00527EPSS
Exploits0References8Affected Software1
Vulnrichment
Vulnrichment
added 2025/09/24 9:20 p.m.1 views

CVE-2025-10894 Nx: nx/devkit: malicious versions of nx and plugins published to npm

Malicious code was inserted into the Nx build system package and several related plugins. The tampered package was published to the npm software registry, via a supply-chain attack. Affected versions contain code that scans the file system, collects credentials, and posts them to GitHub as a repo...

9.6CVSS6.7AI score0.00527EPSS
Exploits0References6
NVD
NVD
added 2025/09/24 8:15 p.m.7 views

CVE-2025-59828

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...

9.8CVSS0.00341EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/24 7:30 p.m.3 views

CVE-2025-59828 Claude Code Vulnerable to Arbitrary Code Execution via Plugin Autoloading with Specific Yarn Versions

Claude Code is an agentic coding tool. Prior to Claude Code version 1.0.39, when using Claude Code with Yarn versions 2.0+, Yarn plugins are auto-executed when running yarn --version. This could lead to a bypass of the directory trust dialog in Claude Code, as plugins would be executed prior to t...

7.7CVSS6.5AI score0.00341EPSS
Exploits0References1
vulnersOsv
vulnersOsv
added 2025/09/24 6:30 p.m.5 views

@adishare/strapi-plugin-import-export-entries (=1.23.2), @aller/svelte-components (=1.5.17) +62 more potentially affected by CVE-2025-57350 via csvtojson (=2.0.10)

csvtojson NPM version =2.0.10 is affected by a known vulnerability. The following packages have a transitive dependency on csvtojson and may be impacted: - @adishare/strapi-plugin-import-export-entries =1.23.2 - @aller/svelte-components =1.5.17 - @arisonadim/strapi-plugin-import-export-entries...

8.6CVSS5.8AI score0.00294EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2025/09/24 12:0 a.m.6 views

PT-2025-39338

Name of the Vulnerable Software and Affected Versions Claude Code versions prior to 1.0.39 Description Claude Code is an agentic coding tool. When used with Yarn versions 2.0 and higher, Yarn plugins are automatically executed when running yarn --version in versions prior to 1.0.39. This could...

7.7CVSS6.8AI score0.00341EPSS
Exploits0References10
NVD
NVD
added 2025/09/23 6:15 p.m.6 views

CVE-2025-8410

Use After Free vulnerability in RTI Connext Professional Security Plugins allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0...

7.4CVSS0.00198EPSS
Exploits0References1
OSV
OSV
added 2025/09/23 6:15 p.m.2 views

CVE-2025-8410

Use After Free vulnerability in RTI Connext Professional Security Plugins allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0...

7.4CVSS5.8AI score0.00198EPSS
Exploits0References1
CVE
CVE
added 2025/09/23 5:52 p.m.19 views

CVE-2025-8410

This CVE concerns RTI Connext Professional (Security Plugins). A Use After Free vulnerability in the Security Plugins component may allow file manipulation. Affected versions are Connext Professional 7.5.0 up to, but not including, 7.6.0. The issue stems from a post-release reuse/management flaw ...

7.4CVSS6.6AI score0.00198EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2025/09/23 5:52 p.m.7 views

CVE-2025-8410 Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.

Use After Free vulnerability in RTI Connext Professional Security Plugins allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0...

5.8CVSS0.00198EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2025/09/23 5:52 p.m.2 views

CVE-2025-8410 Use After Free vulnerability in RTI Connext Professional (Security Plugins) allows File Manipulation.

Use After Free vulnerability in RTI Connext Professional Security Plugins allows File Manipulation.This issue affects Connext Professional: from 7.5.0 before 7.6.0...

5.8CVSS6.6AI score0.00198EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2025/09/23 12:0 a.m.4 views

PT-2025-39201

Name of the Vulnerable Software and Affected Versions RTI Connext Professional versions 7.5.0 through 7.5.9 Description A Use After Free issue exists in RTI Connext Professional Security Plugins that could allow File Manipulation. The issue is present in the Security Plugins component...

5.8CVSS6.6AI score0.00198EPSS
Exploits0References5
SUSE Linux
SUSE Linux
added 2025/09/22 8:22 a.m.3 views

Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: CVE-2025-47806: Fixed stack buffer overflow in SubRip subtitle parser bsc1244407. CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. CVE-2025-47808: Fixed NULL-pointer dereference in TMPlayer...

5.5CVSS7.6AI score0.00428EPSS
Exploits3References12
OSV
OSV
added 2025/09/22 8:21 a.m.1 views

SUSE-SU-2025:20751-1 Security update for gstreamer-plugins-base

This update for gstreamer-plugins-base fixes the following issues: - CVE-2025-47806: Fixed stack buffer overflow in SubRip subtitle parser bsc1244407. - CVE-2025-47807: Fixed NULL-pointer dereference in SubRip subtitle parser bsc1244403. - CVE-2025-47808: Fixed NULL-pointer dereference in TMPlaye...

5.6CVSS6AI score0.00428EPSS
Exploits3References7
Veeam
Veeam
added 2025/09/22 12:0 a.m.41 views

Build Numbers and Versions of Veeam Plug-in for Scale Computing HyperCore

This KB article lists all versions of the Veeam Plug-in for Scale Computing HyperCore and their respective worker build numbers. Version | Plug-In / Worker Build | Release Date ---|---|--- Veeam Plug-in for Scale Computing HyperCore 3 Releases Veeam Plug-in for Scale Computing HyperCore 3.1...

5.8AI score
Exploits0Affected Software1
Rows per page
Query Builder