182 matches found
CVE-2025-58748 Dataease H2 data source JDBC URL validation bypass leads to remote code execution
Dataease is an open source data analytics and visualization platform. In Dataease versions up to 2.10.12 the H2 data source implementation H2.java does not verify that a provided JDBC URL starts with jdbc:h2. This lack of validation allows a crafted JDBC configuration that substitutes the Amazon...
CVE-2025-42911
creationtimestamp| type| source ---|---|--- 2025-09-11 13:37:23+00:00| seen| https://vulnerability.circl.lu/bundle/43ff9e04-da8f-45fe-a06a-e8f9b84a2d14...
CVE-2025-24188
creationtimestamp| type| source ---|---|--- 2025-08-26 08:16:53+00:00| seen| https://vulnerability.circl.lu/bundle/c1aa3b44-ae54-436b-b3c3-a88194ecb70e...
CVE-2025-43216
creationtimestamp| type| source ---|---|--- 2025-08-26 08:16:53+00:00| seen| https://vulnerability.circl.lu/bundle/c1aa3b44-ae54-436b-b3c3-a88194ecb70e...
CVE-2025-54812
creationtimestamp| type| source ---|---|--- 2025-08-22 16:22:58+00:00| seen| https://seclists.org/oss-sec/2025/q3/134 2025-08-22 18:48:58+00:00| seen| https://bsky.app/profile/infosec.skyfleet.blue/post/3lwz4ocotud2y 2025-08-22 19:01:44+00:00| seen|...
OSV-2025-631 Null-dereference READ in [email protected]
OSS-Fuzz report: https://bugs.chromium.org/p/oss-fuzz/issues/detail?id=438264629 Crash type: Null-dereference READ Crash state: [email protected]...
04-as-contact-numbers-menu-cli (=1.0.0), 10xanswers (>=1.0.11 <=1.0.36) +424 more potentially affected by unknown CVE via save-dev (=0.0.1-security)
save-dev NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on save-dev and may be impacted: - 04-as-contact-numbers-menu-cli =1.0.0 - 10xanswers =1.0.11, =3.0.2, =1.6.5, =1.9.1, =1.2.0, =1.1.6, =0.2.1, =1.0.0 - @andes/plex =8.0.1...
go-api-starter (>=0.0.0 <=1.3.0), redux-starter (>=0.0.0 <=1.1.0) potentially affected by unknown CVE via kik-starter (>=0.0.1 <=2.2.1)
kik-starter NPM version =0.0.1, =0.0.0, =0.0.0, =1.1.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-24454...
@alu0101350158/constant-folding (>=1.0.0 <=1.3.9), @mp-next/build (>=0.0.1-alpha.27 <=0.0.1-alpha.34) +9 more potentially affected by unknown CVE via commmander (=0.0.1-security)
commmander NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on commmander and may be impacted: - @alu0101350158/constant-folding =1.0.0, =0.0.1-alpha.27, =1.0.0, =0.0.1, =1.0.0, =1.0.0, =1.0.0, =1.0.3 - zhoukang-cli =1.0.0 Sourc...
CVE-2025-8524
creationtimestamp| type| source ---|---|--- 2025-08-05 00:12:54+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lvmgeyptll2d...
CVE-2025-22431
creationtimestamp| type| source ---|---|--- 2025-07-30 07:59:24+00:00| seen| https://vulnerability.circl.lu/bundle/9d7fef5d-952d-4ecc-880d-94d02304e7a3...
CVE-2025-26429
creationtimestamp| type| source ---|---|--- 2025-07-30 07:59:24+00:00| seen| https://vulnerability.circl.lu/bundle/9d7fef5d-952d-4ecc-880d-94d02304e7a3...
CVE-2025-29757
creationtimestamp| type| source ---|---|--- 2025-07-19 08:51:06+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3luclftybu22i...
CVE-2025-53938
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Authentication Bypass vulnerability was identified in the /dao/verificarrecursoscargo.php endpoint of the WeGIA application prior to version 3.4.5. This vulnerability allows unauthenticated...
CVE-2025-53821 WeGIA vulnerable to Open Redirect in endpoint 'control.php' parameter 'nextPage'
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. An Open Redirect vulnerability exists in the web application prior to version 3.4.5. The control.php endpoint allows to specify an arbitrary URL via the nextPage parameter, leading to an...
CVE-2025-38217
In the Linux kernel, the following vulnerability has been resolved: hwmon: ftsteutates Fix TOCTOU race in ftsread In the ftsread function, when handling hwmonpwmautochannelstemp, the code accesses the shared variable data-fansourcechannel twice without holding any locks. It is first checked again...
Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer < 2.3.67 - DOM-Based Reflected Cross-Site Scripting via 'pdf-source'
Description The Dear Flipbook – PDF Flipbook, 3D Flipbook, PDF embed, PDF viewer plugin for WordPress is vulnerable to DOM-Based Reflected Cross-Site Scripting via the ‘pdf-source’ parameter in all versions up to, and including, 2.3.65 due to insufficient input sanitization and output escaping...
goodpkgmamamamamamam (=1.0.0) potentially affected by unknown CVE via mtrtestinglalalal (=0.0.1-security)
mtrtestinglalalal NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on mtrtestinglalalal and may be impacted: - goodpkgmamamamamamam =1.0.0 Source cves: unknown CVE Source advisory: OSV:MAL-2025-5040...
CVE-2025-3054
creationtimestamp| type| source ---|---|--- 2025-06-05 06:01:27+00:00| published-proof-of-concept| Telegram/uHWvAuvUwozE9xqR-TnjEBub-qWhHMqFHErXUgC3HaO00ME 2025-06-05 06:49:03+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqtq34qno7v2...
CVE-2025-48962
creationtimestamp| type| source ---|---|--- 2025-06-04 14:21:02+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lqrytbvuol42 2025-06-04 16:53:24+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lqsbewobi72s...