org.apache.syncope.core.am:syncope-core-am-logic (>=3.0.0 <=3.0.13), org.apache.syncope.core.am:syncope-core-am-rest-cxf (>=3.0.0 <=3.0.13) +30 more potentially affected by CVE-2025-57738 via org.apache.syncope.core:syncope-core-spring (>=3.0.0-M0 <=3.0.13)

org.apache.syncope.core:syncope-core-spring MAVEN version =3.0.0-M0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.0, =3.0.13 and more Source cves: CVE-2025-57738https://vulners.com/c...

CVE-2025-6338

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2...

Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

CVE-2025-47410

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

CVE-2025-47410 Apache Geode: CSRF attacks through GET requests to the Management and Monitoring REST API that can execute gfsh commands on the target system

Apache Geode is vulnerable to CSRF attacks through GET requests to the Management and Monitoring REST API that could allow an attacker who has tricked a user into giving up their Geode session credentials to submit malicious commands on the target system on behalf of the authenticated user. This...

CVE-2025-47410

Apache Geode CVE-2025-47410: CSRF via GET requests to the Management and Monitoring REST API can allow an attacker to trick a logged-in user into submitting commands on behalf of that user. Affected versions are 1.10–1.15.1; remediation is to upgrade to 1.15.2. Public references corroborate the i...

rev-up-your-harley (>=0.1.0 <=1.0.1), rustpython-vm (>=0.1.0 <=0.1.1) +1 more potentially affected by unknown CVE via unic (>=0.7.0 <=0.9.0)

unic CARGO version =0.7.0, =0.1.0, =0.1.0, =0.7.0, =0.9.0 Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0095...

CVE-2025-49655

Deserialization of untrusted data can occur in versions of the Keras framework running versions 3.11.0 up to but not including 3.11.3, enabling a maliciously uploaded Keras file containing a TorchModuleWrapper class to run arbitrary code on an end user’s system when loaded despite safe mode being...

Keras 安全漏洞

Keras is a multi-backend deep learning framework open-sourced by Keras. A security vulnerability exists in Keras versions 3.11.0 up to and including 3.11.3, which stems from deserialization of untrustworthy data and could lead to the execution of arbitrary code...

Git Lfs 后置链接漏洞

Git Lfs is a command line tool from the Git Lfs team for working with large files in git projects. A backlink vulnerability exists in Git Lfs versions 0.5.2 through 3.7.0, which stems from an unchecked symbolic link that could result in writing to an arbitrary file system location...

CVE-2025-9559

Pega Platform versions 8.7.5 to Infinity 24.2.2 are affected by a Insecure Direct Object Reference issue in a user interface component that can only be used to read data...

CVE-2024-56143

Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator provided by the document service does not properly sanitize query parameters for private fields. An attacker can access private fields, including admin passwords and reset...

CVE-2024-56143 Strapi Allows Unauthorized Access to Private Fields via parms.lookup

Strapi is an open-source headless content management system. In versions from 5.0.0 to before 5.5.2, the lookup operator provided by the document service does not properly sanitize query parameters for private fields. An attacker can access private fields, including admin passwords and reset...

CVE-2025-6338

There is an incomplete cleanup vulnerability in Qt Network's Schannel support on Windows which can lead to a Denial of Service over a long period.This issue affects Qt from 5.15.0 through 6.8.3, from 6.9.0 before 6.9.2...

CVE-2025-24833

Stored cross-site scripting XSS vulnerability in desknet's NEO versions V4.0R1.0–V9.0R2.0 allow execution of arbitrary JavaScript in a user’s web browser...

CVE-2025-58426

desknet's NEO V4.0R1.0 to V9.0R2.0 contains a hard-coded cryptographic key, which allows an attacker to create malicious AppSuite applications...

Matrix Authentication Service 安全漏洞

Matrix Authentication Service is a user management and authentication system from Element Open Source. A security vulnerability exists in Matrix Authentication Service versions 0.20.0 through 1.4.0, which stems from a logic flaw that could allow an attacker to perform sensitive operations without...

ai.catboost:catboost-spark_3.0_2.12 (>=0.25 <=1.2.8), ai.catboost:catboost-spark_3.1_2.12 (>=1.0.1 <=1.2.8) +1267 more potentially affected by CVE-2025-55039 via org.apache.spark:spark-network-common_2.12 (>=3.0.0-preview <=3.4.3)

org.apache.spark:spark-network-common2.12 MAVEN version =3.0.0-preview, =0.25, =1.0.1, =1.0.6, =1.1, =1.2, =0.0.25, =0.0.25, =0.0.62, =0.0.25, =0.0.86, =thread-pool-0.0.24-dev, =0.0.6, =0.20.0, =0.22.0, =0.0.1, =0.1.14 and more Source cves: CVE-2025-55039 Source advisory:...

CVE-2025-60536

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...

CVE-2025-60540

karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery SSRF...