CVE-2025-68906

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in jegtheme JNews - Video jnews-video allows Reflected XSS.This issue affects JNews - Video: from n/a through = 11.0.2...

CVE-2025-66417

GLPI is a free asset and IT management software package. From 11.0.0, 11.0.3, an unauthenticated user can perform a SQL injection through the inventory endpoint. This vulnerability is fixed in 11.0.3...

CVE-2025-66417

GLPI (from version 11.0.0 up to, but not including, 11.0.3) is affected by an unauthenticated SQL injection via the inventory endpoint. The root cause is improper handling of input in the inventory API, enabling arbitrary SQL execution. The issue is fixed in version 11.0.3. The vulnerability is d...

Mattermost fails to sanitize team email addresses

Mattermost versions 11.0.x = 11.0.2, 10.12.x = 10.12.1, 10.11.x = 10.11.4, 10.5.x = 10.5.12 fail to sanitize team email addresses to be visible only to Team Admins, which allows any authenticated user to view team email addresses via the GET /api/v4/channels/channelid/commonteams endpoint...

EUVD-2025-24506

Malicious code in bioql PyPI...

EUVD-2025-24512

Malicious code in bioql PyPI...

EUVD-2023-52342

Malicious code in bioql PyPI...

EUVD-2025-24513

Malicious code in bioql PyPI...

EUVD-2025-24505

Malicious code in bioql PyPI...

EUVD-2025-8323

Malicious code in bioql PyPI...

EUVD-2025-24510

Malicious code in bioql PyPI...

CVE-2025-59936 get-jwks poisoned JWKS cache allows post-fetch issuer validation bypass

get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss issuer claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an...

CVE-2025-59936 get-jwks poisoned JWKS cache allows post-fetch issuer validation bypass

get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss issuer claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an...

CVE-2025-59936

The CVE-2025-59936 issue affects get-jwks prior to 11.0.2, where a design flaw allows cache poisoning of the JWKS cache to bypass issuer validation. If iss is validated after keys are retrieved from the cache, an attacker can craft JWTs to place a chosen public key in the shared cache and then re...

CVE-2025-59936 get-jwks poisoned JWKS cache allows post-fetch issuer validation bypass

get-jwks contains fetch utils for JWKS keys. In versions prior to 11.0.2, a vulnerability in get-jwks can lead to cache poisoning in the JWKS key-fetching mechanism. When the iss issuer claim is validated only after keys are retrieved from the cache, it is possible for cached keys from an...

PT-2025-39697

Name of the Vulnerable Software and Affected Versions get-jwks versions prior to 11.0.2 Description A flaw exists in the get-jwks library related to its JWKS key-fetching mechanism. When the issuer iss claim is validated after keys are retrieved from the cache, cached keys from an unexpected issu...

CVE-2025-54195

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-54187

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-54193

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2025-54194

Substance3D - Painter versions 11.0.2 and earlier are affected by an out-of-bounds read vulnerability that could lead to disclosure of sensitive memory. Exploitation of this issue requires user interaction in that a victim must open a malicious file...