adpred (=1.3.2), bacpipe (>=1.2.0 <=1.3.2.dev0) +14 more potentially affected by CVE-2025-12060 +1 more via keras (>=3.0.0 <=3.11.3)

keras PYPI version =3.0.0, =1.2.0, =0.1.0, =0.0.4, =0.4.7, =1.0.3, =0.0.28, =0.2.0, =2.4.0, =0.1.0, =0.1.1, =1.1.0, =1.10.0 and more Source cves: CVE-2025-12060, CVE-2025-4517 Source advisory: SNYK:PYTHON-KERAS-13786416...

CVE-2025-9954

Missing Authorization vulnerability in Drupal Acquia DAM allows Forceful Browsing.This issue affects Acquia DAM: from 0.0.0 before 1.1.5...

CVE-2025-64103 Zitadel Bypass Second Authentication Factor

Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as...

@142vip/midway (>=0.1.6-alpha.9 <=0.1.6-alpha.12), @142vip/nest-starter (>=0.0.1-alpha.1 <=0.0.1-alpha.13) +2698 more potentially affected by CVE-2025-60542 via typeorm (>=0.0.10 <=0.3.25)

typeorm NPM version =0.0.10, =0.1.6-alpha.9, =0.0.1-alpha.1, =0.0.1-alpha.1, =1.0.1, =3.3.4, =1.0.1, =0.0.1, =0.9.3, =1.0.0, =1.1.126, =1.0.0, =1.0.0, =1.0.14 - @actonate/mirkwood =0.10.1 and more Source cves: CVE-2025-60542 Source advisory: SNYK:JS-TYPEORM-13746469...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in torch

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in torch Vulnerability Details CVEID:CVE-2025-3730 DESCRIPTION: A vulnerability, which was classified as problematic, was found in PyTorch 2.6.0. Affected is the function torch.nn.functional.ctcloss of...

Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in formidable

Summary Security Bulletin: IBM watsonx Orchestrate Developer Edition affected by vulnerability in formidable Vulnerability Details CVEID:CVE-2025-46653 DESCRIPTION: Formidable aka node-formidable 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted...

Dyson App 安全漏洞

Dyson App is a mobile application for remote control of smart devices from Dyson Singapore. A security vulnerability exists in Dyson App versions v6.1.23041 through 23595, which originates from an unauthenticated attacker being able to remotely control another user's Dyson IoT device via MQTT...

AZL-69443 CVE-2025-61106 affecting package frr for versions less than 8.5.5-5

FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextprefprefsid function at ospfext.c. This vulnerability allows attackers to cause a Denial of Service DoS via a crafted OSPF packet...

CVE-2025-36081

IBM Concert Software 1.0.0 through 2.0.0 could allow a user to modify system logs due to improper neutralization of log input...

CVE-2025-36085

IBM Concert Software (versions 1.0.0–2.0.0) is affected by a server-side request forgery (SSRF) vulnerability. The issue arises from insufficient authentication to validate request origins, enabling an authenticated attacker to issue unauthorized requests from the affected system, potentially ena...

CVE-2025-36085 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert 1.0.0 through 2.0.0 Software is vulnerable to server-side request forgery SSRF. This may allow an authenticated attacker to send unauthorized requests from the system, potentially leading to network enumeration or facilitating other attacks...

CVE-2025-36083 Multiple Vulnerabilities in IBM Concert Software.

IBM Concert Software 1.0.0 through 2.0.0 could allow a local user to obtain sensitive information from buffers due to improper clearing of heap memory before release...

CVE-2025-55758

The CVE-2025-55758 entry describes multiple CSRF vectors in the JDownloads Joomla extension, affecting versions 1.0.0 through 4.0.47. The root cause is CSRF design flaws that could allow an attacker to perform actions on behalf of an authenticated user without consent. Impact is consistent with C...

EUVD-2025-36371

CSRF vulnerability in Headless API in Liferay Portal 7.4.0 through 7.4.3.107, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows remote attackers to execute any Headless API via the endpoint parameter...

PT-2025-44096

Name of the Vulnerable Software and Affected Versions JDownloads versions 1.0.0 through 4.0.47 Description The JDownloads component for Joomla is susceptible to multiple Cross-Site Request Forgery CSRF attacks. These attacks could allow an attacker to perform actions on behalf of an authenticated...

PrivateBin 安全漏洞

PrivateBin is a minimalist open source online pastebin from the PrivateBin project. A security vulnerability exists in PrivateBin versions 1.7.7 through 2.0.1, which stems from an uncleaned attachment filename and could lead to an HTML injection attack...

Apache Tomcat DoS Vulnerability (Oct 2025) - Windows

Apache Tomcat is prone to a denial of service DoS vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; ...

Linux Distros Unpatched Vulnerability : CVE-2025-61106

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - FRRouting/frr from v4.0 through v10.4.1 was discovered to contain a NULL pointer dereference via the showvtyextprefprefsid function at ospfext.c. This...

org.keycloak.testframework:keycloak-test-framework-clustering (>=26.3.0 <=26.4.0), org.keycloak.testframework:keycloak-test-framework-core (>=26.3.0 <=26.4.0) +14 more potentially affected by CVE-2025-11419 via org.keycloak:keycloak-quarkus-dist (>=26.3.0 <=26.4.0)

org.keycloak:keycloak-quarkus-dist MAVEN version =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.3.0, =26.4.0 and more Source cves: CVE-2025-11419https://...

CVE-2025-50055

Cross-site scripting XSS vulnerability in the SAML Authentication module in OpenVPN Access Server version 2.14.0 through 2.14.3 allows configured remote SAML Assertion Consumer Service ACS endpoint servers to inject arbitrary web script or HTML via the RelayState parameter...