CVE-2025-1761 IBM Concert Software information disclosure

IBM Concert Software 1.0.0 through 1.1.0 could allow a remote attacker to obtain sensitive information from allocated memory due to improper clearing of heap memory...

a3m (=0.1.0), aa-charlink (>=0.1.1 <=1.0.0) +2522 more potentially affected by CVE-2025-57833 via django (>=1.10.0 <=4.2.23)

django PYPI version =1.10.0, =0.1.1, =1.0.0, =1.0.0, =0.1.0a0, =0.11.0a0, =0.1.1, =1.1.0, =1.4.0, =1.4.2 - adede =4.1.0 and more Source cves: CVE-2025-57833 Source advisory: OSV:GHSA-6W2R-R2M5-XQ5W...

GO-2025-3919 NeuVector process with sensitive arguments lead to leakage in github.com/neuvector/neuvector

NeuVector process with sensitive arguments lead to leakage in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from vulnerability...

PT-2025-36642

NeuVector has an insecure password storage vulnerable to rainbow attack in github.com/neuvector/neuvector. NOTE: The source advisory for this report contains additional versions that could not be automatically mapped to standard Go module versions. If this is causing false-positive reports from...

CVE-2025-58866

Exposure of Sensitive System Information to an Unauthorized Control Sphere vulnerability in Rami Yushuvaev Site Info site-info-dashboard-widget allows Retrieve Embedded Sensitive Data.This issue affects Site Info: from n/a through = 1.1...

CVE-2025-58815

Deserialization of Untrusted Data vulnerability in Rubel Miah Aitasi Coming Soon aitasi-coming-soon allows Object Injection.This issue affects Aitasi Coming Soon: from n/a through = 2.0.2...

ch.epfl.bluebrain.nexus:delta-app_2.13 (>=1.10.0-M8 <=1.10.0-M13), ch.epfl.bluebrain.nexus:delta-archive-plugin_2.13 (>=1.10.0-M8 <=1.10.0-M13) +649 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.13 (>=3.0.0-M7 <=3.12.1)

co.fs2:fs2-io2.13 MAVEN version =3.0.0-M7, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =3.10-4b5f50b, =0.29.0, =1.0.0, =0.11.0, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-377-020cf9e and more Source cves: CVE-2025-58369 Source advisory...

CVE-2025-58641

Server-Side Request Forgery SSRF vulnerability in kamleshyadav Exit Intent Popup exitintentpopup allows Server Side Request Forgery.This issue affects Exit Intent Popup: from n/a through = 1.0.1...

CVE-2025-8695 Reflected XSS in Netcad Software's NetGIS Server

Improper Neutralization of Input During Web Page Generation XSS or 'Cross-site Scripting' vulnerability in Netcad NetGIS Server allows Reflected XSS. This issue affects NetGIS Server: from 5.2.4 through 22.08.2025...

CVE-2024-13066

Improper Restriction of Rendered UI Layers or Frames vulnerability in Akinsoft LimonDesk allows iFrame Overlay, CAPEC - 103 - Clickjacking.This issue affects LimonDesk: from s1.02.14 before v1.02.17...

CVE-2025-58362

Hono is a Web application framework that provides support for any JavaScript runtime. Versions 4.8.0 through 4.9.5 contain a flaw in the getPath utility function which could allow path confusion and potential bypass of proxy-level ACLs e.g. Nginx location blocks. The original implementation relie...

PT-2025-36331

Name of the Vulnerable Software and Affected Versions: MongoDB Server versions prior to 6.0.25 MongoDB Server versions prior to 7.0.22 MongoDB Server versions prior to 8.0.12 MongoDB Server versions prior to 8.1.2 Description: An authorized user can cause a crash in the MongoDB Server through a...

a-data-processing (=0.0.1), a2a-client-handler (=0.1.0) +627 more potentially affected by CVE-2025-6984 via langchain-community (>=0.0.1 <=0.3.26)

langchain-community PYPI version =0.0.1, =0.1.0, =4.8.2, =0.1.0, =0.1.0, =0.0.2, =0.1.31, =0.0.1, =0.1.0, =0.0.1, =0.0.3.155020 - agentlite-llm =0.1.12 and more Source cves: CVE-2025-6984 Source advisory: OSV:GHSA-PC6W-59FV-RH23...

CVE-2025-2411 OTP Bypass in Akinsoft's TaskPano

Improper Restriction of Excessive Authentication Attempts vulnerability in Akinsoft TaskPano allows Authentication Bypass. This issue affects TaskPano: from s1.06.04 before v1.06.06...

Unspecified Vulnerability in Akinsoft QR Menü

Akinsoft QR Menü is a digitized QR code menu system from Akinsoft Turkey. Akinsoft QR Menü s versions prior to 1.05.05 to v1.05.12 contain a security vulnerability that originates from improper certificate validation, which can be exploited by an attacker to cause HTTP response splitting...

Akinsoft OctoCloud Cross-Site Scripting Vulnerability

Akinsoft OctoCloud is an online platform from Akinsoft Turkey with the ability to manage financial transactions, record receipts and inventory, issue invoices, and generate reports. Cross-site scripting vulnerability exists in Akinsoft OctoCloud versions prior to s1.09.01 through v1.11.01, no...

squashfs filesystem implementation of U-Boot versions from v2020.10-rc2 to v2022.07-rc5 contains a heap-based buffer overflow vulnerability due to a defect in the metadata reading process. Loading a specially crafted squashfs image may lead to a denial-of-service (DoS) condition or arbitrary code execution.

...

CVE-2025-55747

XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. In versions 6.1-milestone-2 through 16.10.6, configuration files are accessible through the webjars API. This is fixed in version 16.10.7...

au.com.versent.jenkins.plugins:ignore-committer-strategy (>=29.v7c3891a_434c3 <=57.v0756db_b_f6926), br.com.ingenieux.jenkins.plugins:codecommit-url-helper (=0.0.1) +148 more potentially affected by CVE-2025-58458 via org.jenkins-ci.plugins:git-client (>=1.0.2 <=6.3.0)

org.jenkins-ci.plugins:git-client MAVEN version =1.0.2, =29.v7c3891a434c3, =1.0.5.0, =1.1.0, =1.9.2-beta, =1.9, =4.0.9, =1.1.0, =1.0.0, =1.0.1, =1.1.3, =1.7.2, =1.1.0, =1.0.0, =1.1.2 and more Source cves: CVE-2025-58458 Source advisory: OSV:GHSA-G2PQ-9JR7-W6GV...

CVE-2025-58600

Missing Authorization vulnerability in Cozmoslabs Paid Member Subscriptions paid-member-subscriptions allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Paid Member Subscriptions: from n/a through = 2.15.9...