EUVD-2025-203124

Vuetify has a Cross-site Scripting XSS vulnerability in the VDatePicker component...

EUVD-2025-203121

Vuetify has a Prototype Pollution vulnerability...

Vuetify has a Prototype Pollution vulnerability

The Preset configuration feature of Vuetify is vulnerable to Prototype Pollution due to the internal 'mergeDeep' utility function used to merge options with defaults. Using a specially-crafted, malicious preset can result in polluting all JavaScript objects with arbitrary properties, which can...

CVE-2025-8083

The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/PrototypePollutionPreventionCheatSheet.html due to the internal 'mergeDeep' utility function used to merge options with...

CVE-2025-13211

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to cause a denial of service in the email service due to improper control of interaction frequency...

CVE-2025-8083 Vuetify Prototype Pollution via Preset options

The Preset configuration https://v2.vuetifyjs.com/en/features/presets feature of Vuetify is vulnerable to Prototype Pollution https://cheatsheetseries.owasp.org/cheatsheets/PrototypePollutionPreventionCheatSheet.html due to the internal 'mergeDeep' utility function used to merge options with...

CVE-2025-8083

Vuetify CVE-2025-8083 is a Prototype Pollution flaw in the Preset configuration feature via internal mergeDeep when merging malicious presets. Affected: Vuetify >=2.2.0-beta.2 and

CVE-2025-13506 Improper Authorization in Nebim Neyir's Nebim V3 ERP

Execution with Unnecessary Privileges vulnerability in Nebim Neyir Computer Industry and Services Inc. Nebim V3 ERP allows Expanding Control over the Operating System from the Database. This issue affects Nebim V3 ERP: from 2.0.59 before 3.0.1...

Nebim V3 ERP 安全漏洞

Nebim V3 ERP is an enterprise resource planning system from Nebim Turkey. A security vulnerability exists in Nebim V3 ERP version 2.0.59 up to and including version 3.0.1, which originates from performing an unnecessarily privileged operation that could result in an extension of operating system...

PT-2025-50927

Name of the Vulnerable Software and Affected Versions Nebim V3 ERP versions 2.0.59 through 3.0.0 Description An issue exists in Nebim V3 ERP that allows expanding control over the operating system from the database due to unnecessary privileges. Recommendations Update to a version later than 3.0....

PT-2025-50969

Name of the Vulnerable Software and Affected Versions Vuetify versions 2.2.0-beta.2 through 3.0.0-alpha.10 Description The Preset configuration feature of Vuetify is susceptible to Prototype Pollution due to the 'mergeDeep' utility function used for merging options with defaults. A malicious pres...

CVE-2025-67505

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...

EUVD-2025-202871

IBM Aspera Orchestrator 4.0.0 through 4.1.0 could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input...

CVE-2025-13003

CVE-2025-13003 describes an Authorization Bypass Through User-Controlled Key in AxOnboard (Aksis Computer Services and Consulting Inc.), affecting version 3.2.0 up to 3.3.0. The root cause is not detailed beyond the user-controlled key enabling exploitation of trusted identifiers. Documented impa...

CVE-2025-67719 Ibexa User Bundle is missing password change validation

Ibexa is a composable end-to-end DXP Digital Experience Platform. Versions 5.0.0-beta1 through 5.0.3 do not have password validation. During the transition from v4 to v5 an error was introduced into validation code which causes the validation of the previous password not to run as expected. This...

ZITADEL 安全漏洞

ZITADEL is a modern open source alternative to Auth0, Firebase Auth, AWS Cognito, and Keycloak built for the container and serverless era from the Swiss ZITADEL open source. A security vulnerability exists in ZITADEL versions 2.44.0 through 3.4.4 and 4.0.0-rc.1 through 4.7.1, which stems from the...

PT-2025-50687

Name of the Vulnerable Software and Affected Versions Ruijie RG-EW1200G PRO versions 1.00 through 4.00 Description An OS Command Injection issue exists in Ruijie RG-EW1200G PRO. Attackers can execute arbitrary commands by sending a specially crafted POST request to the module get function within...

Aksis AxOnboard 安全漏洞

Aksis AxOnboard is a human resource management software from the Turkish company Aksis. A security vulnerability exists in Aksis AxOnboard version 3.2.0 up to and including version 3.3.0, which originates from a user-controllable key leading to an authorization bypass that could exploit trusted...

GitLab Enterprise Edition（EE）和GitLab Community Edition（CE） 安全漏洞

GitLab Enterprise Edition EE and GitLab Community Edition CE are both products of GitLab, Inc. GitLab Enterprise Edition is a content management system. GitLab Enterprise Edition is a content management system. A security vulnerability exists in GitLab Enterprise Edition EE and GitLab Community...

CVE-2025-67505

Okta Java Management SDK facilitates interactions with the Okta management API. In versions 11.0.0 through 20.0.0, race conditions may arise from concurrent requests using the ApiClient class. This could cause a status code or response header from one request’s response to influence another...