io.github.wwwlike:vlife-boot-starter-web (>=1.0.4 <=1.0.7), io.github.wwwlike:vlife-core (>=1.0.4 <=1.0.7) +2 more potentially affected by CVE-2025-13266 via io.github.wwwlike:vlife-base (>=1.0.4 <=1.0.7)

io.github.wwwlike:vlife-base MAVEN version =1.0.4, =1.0.4, =1.0.4, =1.0.4, =1.0.2, =1.0.7 Source cves: CVE-2025-13266 Source advisory: SNYK:JAVA-IOGITHUBWWWLIKE-14038399...

PT-2025-47205

Name of the Vulnerable Software and Affected Versions IBM Planning Analytics Local versions 2.1.0 through 2.1.14 Description IBM Planning Analytics Local versions 2.1.0 through 2.1.14 stores sensitive information within its source code. This could potentially be leveraged in subsequent attacks...

Glob 操作系统命令注入漏洞

Glob is a file matching software by isaacs individual developers. An operating system command injection vulnerability exists in Glob versions 10.3.7 through 11.0.3, which stems from command injection and could lead to arbitrary code execution...

curl: Double-free vulnerability in libcurl with rustls via NoServerCertVerifier condition leads to application crash

Summary: There is a double-free in libcurl with rustls. The root cause is reported and it is fixed in https://github.com/curl/curl/pull/19425, while I did not try to evaluate the actual triggering at that time. No AI was used to find the issue or generate the report. Affected version It was...

CVE-2025-54346

A Reflected Cross Site Scripting XSS vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information...

EUVD-2025-197626

An Incorrect Access Control vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote access to content despite lack of the correct permission through a Broken Authorization Schema...

CVE-2025-54559

An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content...

Desktop Alert PingAlert 安全漏洞

Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from an Improper Access Control vulnerability that stems from improper access...

CVE-2025-54560

Desktop Alert PingAlert has a Server-Side Request Forgery in its Application Server, affecting versions 6.1.0.11 through 6.1.1.2. The issue stems from insufficient authentication to verify request origin and can be used to probe internal infrastructure. Impact details from CVE notes indicate limi...

CVE-2025-54346

A Reflected Cross Site Scripting XSS vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows an attacker to hijack user’s browser, capturing sensitive information...

CVE-2025-54342

Desktop Alert PingAlert has a vulnerability in its Application Server affecting versions 6.1.0.11–6.1.1.2, caused by policy incompatibility that leads to exposure of sensitive information. The CVE description and connected sources confirm an information disclosure issue with local access, low com...

CVE-2025-54346

CVE-2025-54346 pertains to Desktop Alert PingAlert. The connected PT-2025-46983 entry confirms a Reflected Cross-Site Scripting (XSS) vulnerability in the Application Server affecting PingAlert versions 6.1.0.11 through 6.1.1.2 . The flaw enables injection of malicious scripts via crafted request...

CVE-2025-54562

CVE-2025-54562 affects Desktop Alert PingAlert, specifically the Application Server in versions 6.1.0.11–6.1.1.2, where a stack trace can disclose technical information, impacting confidentiality. Multiple connected sources corroborate this, including Red Hat and PT-Research entries that specify ...

CVE-2025-54342

A vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. There is Exposure of Sensitive Information because of Incompatible Policies...

CVE-2025-54559

An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows remote Path Traversal for loading arbitrary external content...

CVE-2025-54345

An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Sensitive Information is exposed to an Unauthorized Actor...

CVE-2025-54345

An issue was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2. Sensitive Information is exposed to an Unauthorized Actor...

CVE-2025-64745

Astro is a web framework. Starting in version 5.2.0 and prior to version 5.15.6, a Reflected Cross-Site Scripting XSS vulnerability exists in Astro's development server error pages when the trailingSlash configuration option is used. An attacker can inject arbitrary JavaScript code that executes ...

@0xgg/echomd (>=1.0.2 <=1.0.4), @ajuhos/malloy-tests (>=0.0.332 <=0.0.334) +169 more potentially affected by CVE-2025-59840 via vega-expression (>=5.0.1 <=5.1.2)

vega-expression NPM version =5.0.1, =1.0.2, =0.0.332, =0.0.332, =1.1.5, =0.4.1-canary.195, =0.1.0, =3.0.0, =0.0.2, =0.0.1, =0.0.5, =0.0.1, =0.0.8 and more Source cves: CVE-2025-59840 Source advisory: SNYK:JS-VEGAEXPRESSION-13961124...

@bigegg/parse-server-schema-config (>=1.0.5 <=1.0.10), @kontaa/subgraph (>=1.0.1 <=1.2.3) +27 more potentially affected by CVE-2025-64502 via parse-server (>=2.0.8 <=7.5.4)

parse-server NPM version =2.0.8, =1.0.5, =1.0.1, =1.2.1, =2.4.46, =2.4.8, =1.0.0, =1.0.0, =1.0.1, =0.1.1, =0.0.2, =1.0.0, =0.1.0, =0.1.7, =0.0.1, =0.0.29 - parse-cli-server2 =0.0.30 and more Source cves: CVE-2025-64502 Source advisory: OSV:GHSA-7CX5-254X-CGRQ...