CVE-2025-69264

pnpm is a package manager. Versions 10.0.0 through 10.25 allow git-hosted dependencies to execute arbitrary code during pnpm install, circumventing the v10 security feature "Dependency lifecycle scripts execution disabled by default". While pnpm v10 blocks postinstall scripts via the...

CVE-2025-1721

IBM Concert 1.0.0 through 2.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...

CVE-2025-1031

Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse.This issue affects SoliClub: from 5.2.4 before 5.3.7...

EUVD-2025-206255

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1...

Altera Quartus Prime Pro 安全漏洞

Altera Quartus Prime Pro is an FPGA design software from Altera Corporation, USA. A security vulnerability exists in Altera Quartus Prime Pro versions 24.1 through 25.1.1, which stems from the Windows installer's use of predictable filenames that could lead to an insecure temporary file...

CVE-2025-14596 Quartus Prime Pro Edition Installer Advisory

Uncontrolled Search Path Element vulnerability in Altera Quartus Prime Pro Installer SFX on Windows allows Search Order Hijacking.This issue affects Quartus Prime Pro: from 24.1 through 24.3.1...

SUSE CVE-2024-41260

A static initialization vector IV in the encrypt function of netbird management's service from v0.23.2 to v0.29.1 allows attackers to obtain sensitive information email addresses when in possession of the audit events database...

a-mailx (=0.1.0), aba-cli-scrapper (>=0.1.1 <=0.1.6) +1120 more potentially affected by CVE-2025-69223 via aiohttp (>=3.0.0b0 <=3.13.2)

aiohttp PYPI version =3.0.0b0, =0.1.1, =0.1.0b0, =1.1.0, =1.0.1, =0.0.0, =0.0.2, =4.8.2, =0.0.3, =0.1.3, =0.4.0, =56.0.0, =0.1.0, =0.1.31, =0.1.37 and more Source cves: CVE-2025-69223 Source advisory: SNYK:PYTHON-AIOHTTP-14871876...

@datatitian/vega (=5.17.0), @lumere/vega (=5.17.0) +4 more potentially affected by CVE-2025-66648 via vega-functions (>=5.8.0 <=6.0.0)

vega-functions NPM version =5.8.0, =2.5.0, =5.16.0, =5.16.0, =6.1.2 Source cves: CVE-2025-66648 Source advisory: SNYK:JS-VEGAFUNCTIONS-14872001...

ai.mantik:ds_2.12 (>=0.3.0 <=0.3.1-rc2), ai.mantik:ds_2.13 (>=0.4.0 <=0.4.0-rc1) +1285 more potentially affected by CVE-2026-21452 via org.msgpack:msgpack-core (>=0.7.0-M1 <=0.9.10)

org.msgpack:msgpack-core MAVEN version =0.7.0-M1, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.3.0, =0.4.0, =0.4.0-rc1 and more Source cves: CVE-2026-21452 Source advisory: OSV:GHSA-CW39-R4H6-8J3X...

Frappe Technologies Frappe 路径遍历漏洞

Frappe Technologies Frappe is a Python, Mariadb-based web development framework with integrated front-end pages from Frappe Technologies, India. A path traversal vulnerability exists in Frappe Technologies Frappe versions 14.99.5 and earlier and versions 15.0.0 through 15.80.1, which stems from a...

CVE-2025-64120 Nuvation Energy Multi-Stack Controller OS Command Injection

Improper Neutralization of Special Elements used in an OS Command 'OS Command Injection' vulnerability in Nuvation Energy Multi-Stack Controller MSC allows OS Command Injection.This issue affects Multi-Stack Controller MSC: from 2.3.8 before 2.5.1...

PT-2026-1136

Name of the Vulnerable Software and Affected Versions Nuvation Energy Multi-Stack Controller MSC versions 2.3.8 through 2.5.0 Description An authentication bypass issue exists in Nuvation Energy Multi-Stack Controller MSC. This allows unauthenticated attackers to gain full control. The issue...

CVE-2025-49355

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ikaes Accessibility Press ilogic-accessibility allows Stored XSS.This issue affects Accessibility Press: from n/a through = 1.0.2...

PT-2026-26671

Name of the Vulnerable Software and Affected Versions GNU C library versions 2.34 through 2.43 Description The GNU C library’s gethostbyaddr and gethostbyaddr r functions, when used with a configured nsswitch.conf file specifying the library’s DNS backend, may return invalid DNS hostnames. This...

EUVD-2025-206027

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in nicashmu Post Video Players allows Retrieve Embedded Sensitive Data.This issue affects Post Video Players: from n/a through 1.163...

EUVD-2025-205960

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in ViitorCloud Technologies Pvt Ltd Add Featured Image Custom Link allows DOM-Based XSS.This issue affects Add Featured Image Custom Link: from n/a through 2.0.0...

PT-2025-54350

Name of the Vulnerable Software and Affected Versions QuadLayers TikTok Feed versions through 4.6.4 Description A missing authorization issue exists in Quadlayers QuadLayers TikTok Feed due to incorrectly configured access control security levels. The issue allows exploitation of the access contr...

cbor2 安全漏洞

cbor2 is a library with extensive tag support for encoding and decoding binary object representations in serialized format from the individual developer Alex Grönholm. A security vulnerability exists in cbor2 version 3.0.0 up to and including version 5.8.0, which stems from the fact that when the...

PT-2025-54434

Missing Authorization vulnerability in merkulove Criptopayer for Elementor allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Criptopayer for Elementor: from n/a through 1.0.1...