PT-2025-53605

Name of the Vulnerable Software and Affected Versions n8n versions 1.0.0 through less than 2.0.0 Description n8n is an open source workflow automation platform. A sandbox bypass vulnerability exists in the Python Code Node that uses Pyodide, affecting versions from 1.0.0 up to, but not including,...

Hitachi Ops Center Analyzer和Hitachi Infrastructure Analytics Advisor 安全漏洞

Hitachi Ops Center Analyzer and Hitachi Infrastructure Analytics Advisor are both products of Hitachi, Ltd. of Japan.Hitachi Ops Center Analyzer is a data center management software. It monitors, reports, and correlates end-to-end performance from servers to storage.Hitachi Infrastructure Analyti...

01os (=0.0.14), 3-04-2025-ttm (=0.1.0) +11304 more potentially affected by CVE-2025-14924 via transformers (>=2.10.0 <=5.9.0)

transformers PYPI version =2.10.0, =0.1.0, =0.1.3, =0.1.0, =0.1.0, =0.0.1, =0.1.0.dev1, =0.1.0, =0.10.11, =0.5.5, =0.0.4.80, =4.0.2 - aait-store-cut-part-001 =0.0.1 and more Source cves: CVE-2025-14924 Source advisory: SNYK:PYTHON-TRANSFORMERS-14564363...

0pflow (>=0.1.0-dev.0de2bc6 <=0.1.0-dev.f5622ac), @0xgasless/agent-sdk (>=0.1.1 <=0.1.2) +1343 more potentially affected by CVE-2025-68665 via @langchain/core (>=1.0.1 <=1.1.8-dev-1766775128110)

@langchain/core NPM version =1.0.1, =0.1.0-dev.0de2bc6, =0.1.1, =1.0.0, =0.1.0, =0.0.1, =1.0.0, =0.0.1, =0.0.1, =1.0.0, =1.0.0, =1.48.0 - @adminforth/completion-adapter-open-ai-chat-gpt =2.0.21 and more Source cves: CVE-2025-68665 Source advisory: OSV:GHSA-R399-636X-V7F6...

ai-utilities (>=1.0.0 <=1.0.0b3), auto-pr (=1.2.0) +23 more potentially affected by CVE-2025-68480 via marshmallow (>=4.0.0 <=4.1.1)

marshmallow PYPI version =4.0.0, =1.0.0, =3.0.0, =2.3.1, =3.31.0, =1.8.0, =2.0.3, =0.0.1, =1.115.1, =0.0.1, =1.4.5, =6.0.0, =6.25.7 - nvidia-tao-core =6.0.0 and more Source cves: CVE-2025-68480 Source advisory: SNYK:PYTHON-MARSHMALLOW-14550833...

CVE-2025-15033

A vulnerability in WooCommerce 8.1 to 10.4.2 can allow logged-in customers to access order data of guest customers on sites with a certain configuration. This has been fixed in WooCommerce 10.4.3, as well as all the previously affected versions through point releases, starting from 8.1, where it...

com.github.vzakharchenko:chillispot-radius-plugin (>=1.4.10 <=1.4.11), com.github.vzakharchenko:cisco-radius-plugin (>=1.4.10 <=1.4.11) +41 more potentially affected by CVE-2025-13467 via org.keycloak:keycloak-ldap-federation (>=1.0-beta-4 <=26.2.1)

org.keycloak:keycloak-ldap-federation MAVEN version =1.0-beta-4, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =2.5.6-24.0, =0.1.0, =0.2, =6.19, =7.1 and more Source cves: CVE-2025-13467 Source advisory: OSV:GHSA-4HX9-48XH-5MXR...

CVE-2025-68430

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...

CVE-2025-58052 Galette has groups managers access control bypass on Members

Galette is a membership management web application for non profit organizations. Starting in version 0.9.6 and prior to version 1.2.0, attackers with group manager role can bypass intended restrictions allowing unauthorized access and changes despite role-based controls. Since it requires...

com.aconex.scrutineer:scrutineer (>=6.8.13-1 <=7.9.3), com.bbossgroups.plugins:bboss-elasticsearch (>=5.0.3.7.4 <=6.2.0) +21 more potentially affected by CVE-2025-68390 via org.elasticsearch.plugin:x-pack-core (>=6.8.11 <=7.9.3)

org.elasticsearch.plugin:x-pack-core MAVEN version =6.8.11, =6.8.13-1, =5.0.3.7.4, =5.0.3.6, =5.1.1, =5.1.1, =0.3.11, =0.3.11, =2.0.0, =3.3.0, =6.2.2.0, =1.0, =1.2.0, =1.6.1 and more Source cves: CVE-2025-68390 Source advisory: OSV:GHSA-GPHJ-4H6P-37XQ...

PT-2025-52499

CVAT is an open source interactive video and image annotation tool for computer vision. In versions 2.8.1 through 2.52.0, an attacker with an account on a CVAT instance is able to retrieve the contents of any file system directory accessible to the CVAT server. The exposed information is names of...

Dell PowerScale OneFS 9.8.0.0 <= 9.10.1.0 TOCTOU

The version of Dell PowerScale OneFS running on the remote host is 9.8.0.0 through 9.10.1.0. It is, therefore, contain a time-of-check time-of-use TOCTOU race condition vulnerability. An unauthenticated attacker with local access could potentially exploit this vulnerability, leading to denial of...

CVE-2025-68161 Apache Log4j Core: Missing TLS hostname verification in Socket appender

The Socket Appender in Apache Log4j Core versions 2.0-beta9 through 2.25.2 does not perform TLS hostname verification of the peer certificate, even when the verifyHostName https://logging.apache.org/log4j/2.x/manual/appenders/network.htmlSslConfiguration-attr-verifyHostName configuration attribut...

@asherng/storybook (>=0.0.18 <=0.1.14), @bluefin-exchange/starship-v2 (>=1.1.1 <=1.1.16) +32 more potentially affected by CVE-2025-68429 via storybook (>=7.0.12 <=7.6.20)

storybook NPM version =7.0.12, =0.0.18, =1.1.1, =0.0.1, =0.0.4, =1.2.108, =3.50.0-next.2, =9.0.0-next.4, =1.0.967, =0.0.1, =1.0.0, =1.2.2, =0.0.1, =0.0.1, =7.6.4-next.32, =6.0.0-canary.234, =6.0.0-canary.318 and more Source cves: CVE-2025-68429 Source advisory: OSV:GHSA-8452-54WP-RMV6...

CVE-2025-1030

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.This issue affects SoliClub: from 5.2.4 before 5.3.7...

CVE-2025-1031

Authorization Bypass Through User-Controlled Key vulnerability in Utarit Informatics Services Inc. SoliClub allows Functionality Misuse. This issue affects SoliClub: from 5.2.4 before 5.3.7...

CVE-2025-66104

Missing Authorization vulnerability in Anton Vanyukov Offload, AI & Optimize with Cloudflare Images cf-images allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Offload, AI & Optimize with Cloudflare Images: from n/a through = 1.9.5...

PT-2025-52224

Exposure of Private Personal Information to an Unauthorized Actor vulnerability in Utarit Informatics Services Inc. SoliClub allows Query System for Information.This issue affects SoliClub: from 5.2.4 before 5.3.7...

PT-2025-52349

Name of the Vulnerable Software and Affected Versions Apache Log4j Core versions 2.0-beta9 through 2.25.2 Description The Socket Appender in Apache Log4j Core does not verify the hostname of the peer certificate during TLS connections, even when configured to do so. This could allow a...

@storybook/angular (>=9.0.0 <=9.1.16), @storybook/ember (>=9.0.0 <=9.1.16) +49 more potentially affected by CVE-2025-68429 via @storybook/builder-webpack5 (>=9.0.0-alpha.0 <=9.1.16)

@storybook/builder-webpack5 NPM version =9.0.0-alpha.0, =9.0.0, =9.0.0, =9.0.0-alpha.0, =9.0.0, =9.0.0-alpha.0, =9.0.0, =9.0.0, =9.0.0-alpha.0, =9.0.0-alpha.0, =9.0.0-alpha.0, =1.7.54, =1.7.48, =1.7.56, =1.11.1, =1.8.58, =1.14.15 and more Source cves: CVE-2025-68429 Source advisory:...