134 matches found
PT-2025-48677
Command injection vulnerability in the operating system in Circutor SGE-PLC1000/SGE-PLC50 v9.0.2 through the 'GetDNS', 'CheckPing' and 'TraceRoute' functions...
PT-2025-48670
Name of the Vulnerable Software and Affected Versions Circutor SGE-PLC1000/SGE-PLC50 version 9.0.2 Description A stack-based buffer overflow exists due to insufficient input validation. The GetParametermeter function retrieves user-supplied input, specifically the meter parameter, and copies it...
Linux Distros Unpatched Vulnerability : CVE-2025-64332
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. Prior to versions 7.0.13 an...
UBUNTU-CVE-2025-64335
Suricata is a network IDS, IPS and NSM engine developed by the OISF Open Information Security Foundation and the Suricata community. In versions from 8.0.0 to before 8.0.2, a NULL dereference can occur when the entropy keyword is used in conjunction with base64data. This issue has been patched in...
CVE-2025-63888
The read function in file thinkphp\library\think\template\driver\File.php in ThinkPHP 5.0.24 contains a remote code execution vulnerability...
SUSE CVE-2025-62689
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...
CVE-2025-62689
NULL pointer dereference vulnerability exists in GNU libmicrohttpd v1.0.2 and earlier. The vulnerability was fixed in commit ff13abc on the master branch of the libmicrohttpd Git repository, after the v1.0.2 tag. A specially crafted packet sent by an attacker could cause a denial-of-service DoS...
Open Asset Import Library Assimp 安全漏洞
Open Asset Import Library Assimp is an official Open Asset Import Library repository from Open Asset Import Library open source. It can load more than 40 3D file formats into a unified and clean data structure. A security vulnerability exists in Open Asset Import Library Assimp version 6.0.2, whi...
EUVD-2025-29260
Malicious code in bioql PyPI...
CVE-2025-59936
get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss issuer claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an...
CVE-2025-60139
CVE-2025-60139 is a Cross-Site Request Forgery (CSRF) vulnerability in the WordPress plugin official-sendle-shipping-method (Sendle Shipping). It affects Sendle Shipping versions from n/a up to and including 6.02. The associated CVSS 3.1 metrics indicate a Medium risk (4.3) with network attack ve...
PT-2025-38899
Name of the Vulnerable Software and Affected Versions JoomSky JS Job Manager versions through 2.0.2 Description The software contains a flaw related to improper input handling during web page generation, which can lead to Cross-site Scripting XSS. This specific instance is a Stored XSS issue. The...
CVE-2025-59145
The CVE-2025-59145 affects color-name (npm package) version 2.0.1 where a malware payload was introduced via an attacker‑compromised npm account, targeting browser contexts to redirect cryptocurrency transactions (e.g., MetaMask). Local/server/CLI environments are not affected. npm removed the co...
Linux Distros Unpatched Vulnerability : CVE-2018-9019
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - SQL Injection vulnerability in Dolibarr before version 7.0.2 allows remote attackers to execute arbitrary SQL commands via the sortfield parameter to...
CVE-2025-58815
CVE-2025-58815 is a WordPress plugin vulnerability in the Aitasi Coming Soon plugin (versions
CVE-2025-58815 WordPress Aitasi Coming Soon Plugin <= 2.0.2 - Deserialization of untrusted data Vulnerability
Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon aitasi-coming-soon allows Object Injection.This issue affects Aitasi Coming Soon: from n/a through = 2.0.2...
OpenC3 COSMOS 安全漏洞
OpenC3 COSMOS is an OpenC3 open source application. A security vulnerability exists in OpenC3 COSMOS versions prior to v6.0.2, which stems from the disclosure of service credentials stored in an environment variable, which could lead to an attacker accessing the credentials...
CVE-2025-28954
CVE-2025-28954 (Backwp) is a CSRF vulnerability in the Backwp plugin for WordPress, affecting versions up to 2.0.2. The CVSS 3.1 base score is 7.4 (HIGH) with network access, require user interaction, and impact limited to availability (C) with availability impact HIGH. Root cause and exact explo...
CVE-2025-30938 WordPress Broadly for WordPress plugin <= 3.0.2 - Cross Site Scripting (XSS) Vulnerability
Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in broadly Broadly for WordPress broadly allows Stored XSS.This issue affects Broadly for WordPress: from n/a through = 3.0.2...
CVE-2025-40663
Stored Cross-Site Scripting XSS vulnerability in i2A-Cronos version 23.02.01.17, from i2A. It allows an authenticated attacker to upload a malicious SVG image into the user's personal space in /CronosWeb/Modules/Persons/PersonalDocuments/PersonalDocuments. There is no reported fix at this time...