CVE-2025-36158

IBM Concert 1.0.0–2.0.0 is affected by CVE-2025-36158, a local-information-disclosure vulnerability caused by uncontrolled recursive directory copying. A local user with specific permissions could obtain sensitive information from files. Affected products include IBM Concert Software (versions 1....

CVE-2025-36160 IBM Concert Information Disclosure

IBM Concert 1.0.0 through 2.0.0 could disclose sensitive server information from HTTP response headers that could aid in further attacks against the system...

@bitacode/apispecmd-ts (>=0.0.1 <=0.1.2), @bpa-solutions/assistant (>=13.5.0 <=13.5.0-dev) +15 more potentially affected by CVE-2025-65108 via md-to-pdf (>=2.8.2 <=5.2.4)

md-to-pdf NPM version =2.8.2, =0.0.1, =13.5.0, =0.0.0, =0.0.2, =0.0.2, =0.7.2, =1.0.1, =0.2.0, =0.1.0, =1.1.0, =0.2.0, =1.5.0, =1.10.0, =2.0.0 and more Source cves: CVE-2025-65108 Source advisory: OSV:GHSA-547R-QMJM-8HVW...

Siemens Mendix Rich Text Component Cross-Site Scripting Vulnerability

The Mendix Rich Text component is a powerful rich text editor. Create richly formatted text with HTML output. A cross-site scripting vulnerability exists in the Siemens Mendix RichText component, version V4.0.0 through versions prior to V4.6.1, which can be exploited to implant cross-site scripti...

PT-2025-47655

Name of the Vulnerable Software and Affected Versions OpenFGA versions 1.4.0 through 1.11.0 Description OpenFGA is an authorization/permission engine. Versions 1.4.0 through 1.11.0 are subject to improper policy enforcement during specific Check and ListObject calls. Recommendations Update to...

OpenVPN HMAC Verification Vulnerability Bypass (Nov 2025) - Windows

OpenVPN is prone to a hmac bypass verification vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:openvpn:openvpn";...

1shot (>=0.0.3 <=0.0.9), @4xian/ccapi (=1.0.6) +208 more potentially affected by CVE-2025-65099 via @anthropic-ai/claude-code (>=1.0.108 <=1.0.24)

@anthropic-ai/claude-code NPM version =1.0.108, =0.0.3, =0.1.18, =1.0.0, =0.4.0, =0.2.3, =0.0.1, =0.6.0-rc34, =1.0.0, =1.3.2-canary.5af7e49 - @chittycorp/chittychat =3.0.0 and more Source cves: CVE-2025-65099 Source advisory: SNYK:JS-ANTHROPICAICLAUDECODE-14073012...

@ampt/astro (=0.0.1-beta.1), @antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1) +383 more potentially affected by CVE-2025-64765 +1 more via astro (>=0.20.12 <=5.15.6)

astro NPM version =0.20.12, =1.0.0, =0.5.0, =1.0.0, =0.0.17, =0.0.2, =0.0.1, =0.2.0, =0.0.0-experimental-7c2f356, =0.0.0-experimental-7c2f356, =0.5.1 - @astro-sanctuary/toolbar-drupal =0.1.1 - @astrojs/og =0.0.1 and more Source cves: CVE-2025-64765, CVE-2025-66202 Source advisory:...

@antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1), @anyauth/design-system (>=0.5.0 <=0.5.1) +18 more potentially affected by CVE-2025-64765 via astro (>=5.0.0-beta.5 <=5.15.6)

astro NPM version =5.0.0-beta.5, =1.0.0, =0.5.0, =0.0.1, =0.1.0, =0.0.1, =2.18.7, =0.1.2-alpha.1, =0.0.28, =0.0.28, =1.13.2, =0.1.8, =1.0.21, =1.0.22 and more Source cves: CVE-2025-64765 Source advisory: SNYK:JS-ASTRO-14059661...

@antonyfaris/prefix-node-builtins (>=1.0.0 <=1.0.1), @awesome-myst/myst-awesome (>=0.0.1 <=0.0.7) +10 more potentially affected by CVE-2025-64757 via astro (>=5.0.0-beta.5 <=5.14.1)

astro NPM version =5.0.0-beta.5, =1.0.0, =0.0.1, =0.0.1, =2.18.7, =0.1.2-alpha.1, =1.13.2, =0.1.8, =1.0.21, =0.0.1, =0.0.1, =1.249.8, =1.271.1 Source cves: CVE-2025-64757 Source advisory: SNYK:JS-ASTRO-14059139...

CVE-2025-63211

Stored cross-site scripting vulnerability in bridgetech VBC Server & Element Manager, firmware versions 6.5.0-9 thru 6.5.0-10, allows attackers to execute arbitrary code via the addName parameter to the /vbc/core/userSetupDoc/userSetupDoc endpoint...

Axel StreamerMAX MK II 安全漏洞

Axel StreamerMAX MK II is an audio codec device from Axel Italy. A security vulnerability exists in the Axel StreamerMAX MK II versions 0.8.5 through 1.0.3, which stems from a lack of authentication in the /cgi-bin/gstFcgi.fcgi endpoint, and could lead to a full crack of the device...

CVE-2025-59669

A use of hard-coded credentials vulnerability in Fortinet FortiWeb 7.6.0, FortiWeb 7.4 all versions, FortiWeb 7.2 all versions, FortiWeb 7.0 all versions may allow an authenticated attacker with shell access to the device to connect to redis service and access its data...

CVE-2025-46775

A debug messages revealing unnecessary information vulnerability in Fortinet FortiExtender 7.6.0 through 7.6.1, FortiExtender 7.4.0 through 7.4.6, FortiExtender 7.2 all versions, FortiExtender 7.0 all versions may allow an authenticated user to obtain administrator credentials via debug log...

CVE-2025-13083

Use of Web Browser Cache Containing Sensitive Information vulnerability in Drupal Drupal core allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Drupal core: from 8.0.0 before 10.4.9, from 10.5.0 before 10.5.6, from 11.0.0 before 11.1.9, from 11.2.0 before...

CVE-2025-36299 IBM Planning Analytics Information Disclosure

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system...

CVE-2025-36299 IBM Planning Analytics Information Disclosure

IBM Planning Analytics Local 2.1.0 through 2.1.14 stores sensitive information in source code could be used in further attacks against the system...

CVE-2025-40834

A vulnerability has been identified in Mendix RichText All versions = V4.0.0 V4.6.1. Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks...

CVE-2025-40834

A vulnerability has been identified in Mendix RichText All versions = V4.0.0 V4.6.1. Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks...

CVE-2025-40834

A vulnerability has been identified in Mendix RichText All versions = V4.0.0 V4.6.1. Affected widget does not properly neutralize the input. This could allow an attacker to execute cross-site scripting attacks...