003-gas-convert (=1.0.1), 0x-hunter-core (>=1.0.0 <=1.0.1-5) +6581 more potentially affected by CVE-2025-57329 via web3-core-method (>=1.0.0-beta.52 <=3.0.0-rc.5)

web3-core-method NPM version =1.0.0-beta.52, =1.0.0, =0.0.3, =0.0.3, =0.0.31, =1.1.0, =0.9.9, =0.1.0, =0.1.1 - 55tools-block =1.0.0 - 55tools-block-ext =1.0.0 - 84447xe5t8 =1.0.0 and more Source cves: CVE-2025-57329 Source advisory: SNYK:JS-WEB3COREMETHOD-13110028...

0wcc9yywcywy (=1.0.0), 0wu8yw8by8cw (=1.0.0) +2814 more potentially affected by CVE-2025-59343 via tar-fs (>=3.0.2 <=3.1.0)

tar-fs NPM version =3.0.2, =0.0.1, =2.0.0, =1.0.0, =1.0.1 and more Source cves: CVE-2025-59343 Source advisory: SNYK:JS-TARFS-13045213...

CVE-2025-36064

IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...

@4geit/rct-data-table-component (>=1.68.0 <=1.103.2), @adishare/strapi-plugin-import-export-entries (=1.23.2) +301 more potentially affected by CVE-2025-57350 via csvtojson (>=0.1.7 <=2.0.10)

csvtojson NPM version =0.1.7, =1.68.0, =0.0.1, =6.1.3, =3.0.1, =3.13.19, =0.0.0, =0.0.2, =5.2.0, =1.0.0, =1.0.6 - @cocopina/table-filter =0.0.1 and more Source cves: CVE-2025-57350 Source advisory: OSV:GHSA-VRW9-G62V-7FMF...

org.apache.iotdb:integration-test (>=1.3.3 <=2.0.1-beta), org.apache.iotdb:iotdb-distribution (>=1.3.3 <=2.0.1-beta) potentially affected by CVE-2025-48459 via org.apache.iotdb:iotdb-confignode (>=1.3.3 <=2.0.1-beta)

org.apache.iotdb:iotdb-confignode MAVEN version =1.3.3, =1.3.3, =1.3.3, =2.0.1-beta Source cves: CVE-2025-48459 Source advisory: OSV:GHSA-776Q-JW43-FHJX...

CVE-2025-9031 Timing-Based Username Enumeration in DivvyDrive Information Technologies' DivvyDrive Web

Observable Timing Discrepancy vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive Web allows Cross-Domain Search Timing. This issue affects DivvyDrive Web: from 4.8.2.2 before 4.8.2.15...

DivvyDrive Web 安全漏洞

DivvyDrive Web is a file management and sharing system from the Turkish company DivvyDrive. A security vulnerability exists in DivvyDrive Web versions 4.8.2.2 through prior to 4.8.2.15, which stems from the presence of an observable timing difference that could lead to a cross-domain search timin...

Flag Forge 信息泄露漏洞

Flag Forge is an easy-to-use CTF platform open-sourced by FlagForge. An information disclosure vulnerability exists in Flag Forge versions 2.1.0 through prior to 2.3.0, which stems from an API endpoint where GET /api/problems/:id returns a challenge prompt in plaintext, which could lead to...

com.avast:sst-bundle-monix-http4s-ember_2.12 (>=0.17.0 <=0.19.3), com.avast:sst-bundle-zio-http4s-ember_2.12 (>=0.17.0 <=0.19.3) +25 more potentially affected by CVE-2025-59822 via org.http4s:http4s-ember-server_2.12 (>=0.22.10 <=0.23.30)

org.http4s:http4s-ember-server2.12 MAVEN version =0.22.10, =0.17.0, =0.17.0, =0.17.0, =0.17.0, =0.0.0-3-cca5341b, =0.12.1, =7.1.0, =0.20.4, =1.6.29, =1.6.29, =1.6.29, =0.8.0-rab.1, =0.1.0, =0.14.0-M2 and more Source cves: CVE-2025-59822 Source advisory: SNYK:JAVA-ORGHTTP4S-13019551...

dev.hnaderi:scala-k8s-http4s-ember_sjs1_2.12 (>=0.11.0 <=0.25.0), dev.hnaderi:scala-k8s-http4s_sjs1_2.12 (>=0.4.0 <=0.10.0) +6 more potentially affected by CVE-2025-59822 via org.http4s:http4s-ember-core_sjs1_2.12 (>=0.23.10 <=0.23.30)

org.http4s:http4s-ember-coresjs12.12 MAVEN version =0.23.10, =0.11.0, =0.4.0, =0.0.10, =0.0.10, =0.23.10, =0.23.10, =0.0.1, =0.0.9 Source cves: CVE-2025-59822 Source advisory: SNYK:JAVA-ORGHTTP4S-13019567...

com.47deg:energy-monitor-persistence-app_3 (=0.2.0), com.avast:sst-bundle-monix-http4s-ember_3 (>=0.17.0 <=0.19.3) +77 more potentially affected by CVE-2025-59822 via org.http4s:http4s-ember-server_3 (>=0.22.14 <=0.23.30)

org.http4s:http4s-ember-server3 MAVEN version =0.22.14, =0.17.0, =0.17.0, =0.17.0, =0.17.0, =0.0.1, =0.12.1, =7.1.0, =0.22.0, =1.9.3, =6.9.0, =1.0.0, =1.0.0, =0.2.1, =v0.2.0-rc2 and more Source cves: CVE-2025-59822 Source advisory: SNYK:JAVA-ORGHTTP4S-13019550...

CVE-2025-9342 IDOR in Anadolu Hayat Emeklilik's AHE Mobile

Authorization Bypass Through User-Controlled Key vulnerability in Anadolu Hayat Emeklilik Inc. AHE Mobile allows Privilege Abuse. This issue affects AHE Mobile: from 1.9.7 before 1.9.9...

CVE-2025-59532 Codex has sandbox bypass due to bug in path configuration logic

Codex CLI is a coding agent from OpenAI that runs locally. In versions 0.2.0 to 0.38.0, due to a bug in the sandbox configuration logic, Codex CLI could treat a model-generated cwd as the sandbox’s writable root, including paths outside of the folder where the user started their session. This log...

CVE-2025-58244

Cross-Site Request Forgery CSRF vulnerability in Anps Constructo constructo allows Object Injection.This issue affects Constructo: from n/a through = 4.3.9...

CVE-2025-36064 IBM Sterling Connect:Express for Microsoft Windows information disclosure

IBM Sterling Connect:Express for Microsoft Windows 3.1.0.0 through 3.1.0.22 uses an inadequate account lockout setting that could allow a remote attacker to brute force account credentials...

CVE-2025-36064

CVE-2025-36064 affects IBM Sterling Connect:Express for Microsoft Windows versions 3.1.0.0–3.1.0.22. The root cause is an inadequate account lockout setting that could permit a remote attacker to brute‑force credentials. IBM’s bulletin (and related sources) list a CVSS v3.1 base score of 5.9 (NEU...

PT-2025-38788

Name of the Vulnerable Software and Affected Versions themewant Easy Hotel Booking versions through 1.6.9 Description An issue exists in themewant Easy Hotel Booking that allows for DOM-Based Cross-site Scripting XSS. This occurs due to improper neutralization of input during web page generation...

PT-2025-38786

Name of the Vulnerable Software and Affected Versions Meitar Subresource Integrity SRI Manager versions through 0.4.0 Description An authorization issue exists in Meitar Subresource Integrity SRI Manager, allowing exploitation due to incorrectly configured access control security levels...

PT-2025-38847

Name of the Vulnerable Software and Affected Versions Trustpilot Trustpilot Reviews versions through 2.5.925 Description A missing authorization issue exists in Trustpilot Trustpilot Reviews, stemming from incorrectly configured access control security levels. This allows for unauthorized access...

PT-2025-38935

Name of the Vulnerable Software and Affected Versions chtombleson Mobi2Go versions through 1.0.0 Description The software contains a flaw related to improper input handling during web page generation, which allows for Stored Cross-site Scripting XSS. This means that malicious scripts can be...