CVE-2025-60540

karakeep v0.26.0 to v0.7.0 was discovered to contain a Server-Side Request Forgery SSRF...

@cognigy/cognigy-cli (>=1.9.1 <=1.9.4), @iharkharytanovich/found (>=0.1.1 <=0.1.2) +2 more potentially affected by CVE-2025-11849 via mammoth (>=0.3.33 <=1.10.0)

mammoth NPM version =0.3.33, =1.9.1, =0.1.1, =1.0.0, =1.0.4 - youseeu =1.0.0 Source cves: CVE-2025-11849 Source advisory: SNYK:JS-MAMMOTH-13554470...

EUVD-2025-34447

Improper input validation in the component /kafka/ui/serdes/CustomSerdeLoader.java of kafka-ui v0.6.0 to v0.7.2 allows attackers to execute arbitrary code via supplying crafted data...

EUVD-2025-34448

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...

CVE-2025-60536

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...

PT-2025-42164

An issue in the Configure New Cluster interface of kafka-ui v0.6.0 to v0.7.2 allows attackers to cause a Denial of Service DoS via uploading a crafted configuration file...

UI for Apache Kafka 安全漏洞

UI for Apache Kafka is an open source front-end interface for Kafka by Provectus. A security vulnerability exists in UI for Apache Kafka versions v0.6.0 through v0.7.2, which originates from the upload of a specially crafted configuration file and could lead to a denial of service attack...

CVE-2025-62243

Insecure direct object reference IDOR vulnerability in Publications in Liferay Portal 7.4.1 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated attackers to view publication comments via the...

Vulnerability fixed in Oracle E-Business Suite

Oracle has fixed a vulnerability in the Oracle Configurator component of Oracle E-Business Suite Specific to versions 12.2.3 through 12.2.14. The vulnerability is located in the Oracle Configurator component of Oracle E-Business Suite, specifically in versions 12.2.3 through 12.2.14. This...

Dassault Systèmes ENOVIA Specification Manager 安全漏洞

Dassault Systèmes ENOVIA Specification Manager is an application module for creating, managing and collaborating on product specifications from Dassault Systèmes France. A security vulnerability exists in Dassault Systèmes ENOVIA Specification Manager versions R2022x through 3DEXPERIENCE R2025x,...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite is a set of fully integrated global business management software from Oracle USA. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle Configurator versions 12.2.3...

OESA-2025-2375 cjson security update

cJSON aims to be the dumbest possible parser that you can get your job done with. It's a single file of C, and a single header file. %package devel Summary: Development files for cJSON Requires: = - %description devel The cjson-devel package contains libraries and header files for developing...

CVE-2025-36225

IBM Aspera 5.0.0 through 5.0.13.1 could disclose sensitive user information from the system to an authenticated user due to an observable discrepancy of returned data...

@better-auth/cli (>=0.0.1 <=1.3.25), @bgord/bun (>=0.18.0 <=0.29.10) +21 more potentially affected by CVE-2025-61928 via better-auth (>=0.4.10-beta.10 <=1.3.25)

better-auth NPM version =0.4.10-beta.10, =0.0.1, =0.18.0, =0.5.11, =0.0.0, =0.1.174, =1.0.2, =1.0.5, =1.0.0, =0.0.5, =0.0.5, =1.1.368, =1.2.13, =1.2.106 and more Source cves: CVE-2025-61928 Source advisory: OSV:GHSA-99H5-PJCV-GR6V...

CVE-2025-36171 IBM Aspera Faspex denial of service

IBM Aspera Faspex 5.0.0 through 5.0.13.1 could allow a privileged user to cause a denial of service from improperly validated API input due to excessive resource consumption...

EUVD-2023-41302

IBM Aspera Faspex 5.0.0 through 5.0.13.1 uses a cross-domain policy file that includes domains that should not be trusted...

CVE-2025-43821

Cross-site scripting XSS vulnerability in the Commerce Product Comparison Table widget in Liferay Portal 7.4.0 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote attackers to inject arbitrary web script or HTML v...

CVE-2025-10004

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...

CVE-2025-10004 Allocation of Resources Without Limits or Throttling in GitLab

GitLab has remediated an issue in GitLab CE/EE affecting all versions from 13.12 to 18.2.8, 18.3 to 18.3.4, and 18.4 to 18.4.2 that could make the GitLab instance unresponsive or severely degraded by sending crafted GraphQL queries requesting large repository blobs...

CVE-2025-11539

Grafana Image Renderer is vulnerable to remote code execution due to an arbitrary file write vulnerability. This is due to the fact that the /render/csv endpoint lacked validation of the filePath parameter that allowed an attacker to save a shared object to an arbitrary location that is then load...