@1771technologies/oneplay (>=0.0.1 <=0.0.6), @cedarjs/cli-storybook-vite (>=1.0.0-canary.12742 <=1.0.0-canary.12784) +14 more potentially affected by CVE-2025-68429 via storybook (>=9.0.0-alpha.0 <=9.1.16)

storybook NPM version =9.0.0-alpha.0, =0.0.1, =1.0.0-canary.12742, =0.0.2-alpha.0, =1.0.0, =0.1.80, =9.0.0-alpha.0, =9.0.0, =9.0.0, =9.0.0-alpha.0, =1.2.1, =0.0.75-beta.11, =0.2.7, =0.2.8 and more Source cves: CVE-2025-68429 Source advisory: SNYK:JS-STORYBOOK-14534871...

CVE-2025-68129

Auth0-PHP is a PHP SDK for Auth0 Authentication and Management APIs. In applications built with the Auth0-PHP SDK, the audience validation in access tokens is performed improperly. Without proper validation, affected applications may accept ID tokens as Access tokens. Projects are affected if the...

Security Bulletin: IBM watsonx Orchestrate Developer Edition is vulnerable to Denial of Service (DoS) due to tar

Summary tar is used by IBM watsonx Orchestrate Developer Edition as part of image: tools-runtime Vulnerability Details CVEID:CVE-2024-28863 DESCRIPTION: node-tar is a Tar for Node.js. node-tar prior to version 6.2.1 has no limit on the number of sub-folders created in the folder creation process...

CVE-2025-14101

Authorization Bypass Through User-Controlled Key vulnerability in GG Soft Software Services Inc. PaperWork allows Exploitation of Trusted Identifiers. This issue affects PaperWork: from 5.2.0.9427 before 6.0...

CVE-2025-65581

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

Auth0-PHP 安全漏洞

Auth0-PHP is an Auth0 open source PHP SDK for Auth0 authentication and management APIs. A security vulnerability exists in Auth0-PHP versions 8.0.0 through 8.17.0 that stems from improper audience validation in access tokens, which could result in accepting ID tokens as access tokens...

PT-2025-51935

Name of the Vulnerable Software and Affected Versions Auth0-PHP versions 8.0.0 through 8.17.0 Auth0/symfony versions 5.0.0 through 5.5.0 Auth0/laravel-auth0 versions 7.0.0 through 7.19.0 Auth0/wordpress plugin versions 5.0.0-BETA0 through 5.4.0 Description The Auth0-PHP SDK contains a flaw in how...

@c0va23/react-router-dev (=7.8.3-alpha.2), @catmint/cli (>=0.0.0-prealpha.1 <=0.0.0-prealpha.26) +38 more potentially affected by CVE-2025-68155 via @vitejs/plugin-rsc (>=0.4.11 <=0.5.26)

@vitejs/plugin-rsc NPM version =0.4.11, =0.0.0-prealpha.1, =0.0.0-prealpha.1, =0.2.0, =0.2.3, =0.2.4, =0.0.1-alpha.0, =16.2.6, =0.0.9, =0.6.0, =0.5.0, =0.0.0-experimental.1, =0.1.0, =0.0.1, =0.0.0-1ae0b37, =0.0.0-fff5d2d and more Source cves: CVE-2025-68155 Source advisory: OSV:GHSA-G239-Q96Q-X4Q...

CVE-2025-68274 SIPGO library has response DoS vulnerability via nil pointer dereference

SIPGO is a library for writing SIP services in the GO language. Starting in version 0.3.0 and prior to version 1.0.0-alpha-1, a nil pointer dereference vulnerability is in the SIPGO library's NewResponseFromRequest function that affects all normal SIP operations. The vulnerability allows remote...

0x20bf (=0.0.1), 31 (=2.3.0) +4287 more potentially affected by CVE-2025-68146 via filelock (>=3.0.10 <=3.20.0)

filelock PYPI version =3.0.10, =0.0.3, =0.1.0, =1.0.5, =0.0.1b1, =0.2.3, =0.2.7 - ac-solver =0.1.0 - acceldata-o2a =1.0.0 and more Source cves: CVE-2025-68146 Source advisory: SNYK:PYTHON-FILELOCK-14458335...

GHSA-VFM5-CR22-JG3M ABP Account Module has an Open Redirect through Improper validation in its register function

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

CVE-2025-65581

An open redirect vulnerability exists in the Account module in Volosoft ABP Framework = 5.1.0 and 10.0.0-rc.2. Improper validation of the returnUrl parameter in the register function allows an attacker to redirect users to arbitrary external domains...

PT-2025-51767

Name of the Vulnerable Software and Affected Versions Volosoft ABP Framework versions 5.1.0 through 9.9.9-rc.2 Description An open redirect issue exists within the Account module. Insufficient validation of the returnUrl parameter in the register function enables an attacker to redirect users to...

CVE-2025-58173 FreshRSS vulnerable to authenticated RCE via path traversal inside include()

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

CVE-2025-58173 FreshRSS vulnerable to authenticated RCE via path traversal inside include()

FreshRSS is a self-hosted RSS feed aggregator. In versions 1.23.0 through 1.27.0, using a path traversal inside the language user configuration parameter, it's possible to call install.php and perform various administrative actions as an unprivileged user. These actions include logging in as the...

CVE-2025-14019

LINE client for Android versions from 13.8 to 15.5 is vulnerable to UI spoofing in the in-app browser where a specific layout could obscure the full-screen warning prompt, potentially allowing attackers to conduct phishing attacks...

PT-2025-51321

Name of the Vulnerable Software and Affected Versions FreshRSS versions 1.23.0 through 1.27.0 Description FreshRSS is a self-hosted RSS feed aggregator. Versions 1.23.0 through 1.27.0 contain a path traversal issue within the language user configuration parameter. This allows an unprivileged user...

CVE-2025-9218

The rtMedia for WordPress, BuddyPress and bbPress plugin for WordPress is vulnerable to to Information Disclosure due to missing authorization in the handlerestpredispatch function when the Godam plugin is active, in versions 4.7.0 to 4.7.3. This makes it possible for unauthenticated attackers to...

WordPress plugin rtMedia for WordPress、BuddyPress和bbPress 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a suite of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security...

@4kda/vuetify-cifrum-components (>=0.0.5 <=0.0.51), @4kda/vuetify-cifrum-demo-app (>=0.0.11 <=0.0.55) +1215 more potentially affected by CVE-2025-8083 via vuetify (>=2.2.0 <=2.7.2)

vuetify NPM version =2.2.0, =0.0.5, =0.0.11, =0.0.13, =0.0.13, =0.0.13, =1.1.10, =1.0.8, =0.1.0, =0.0.1, =0.3.0, =2.0.5, =0.0.5, =0.1.0, =0.1.29 and more Source cves: CVE-2025-8083 Source advisory: OSV:GHSA-3JP5-5F8R-Q2WG...