Linux Distros Unpatched Vulnerability : CVE-2021-23566

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The package nanoid from 3.0.0 and before 3.1.31 are vulnerable to Information Exposure via the valueOf function which allows to reproduce the last id generated...

Linux Distros Unpatched Vulnerability : CVE-2021-32803

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The npm package tar aka node-tar before versions 6.1.2, 5.0.7, 4.4.15, and 3.2.3 has an arbitrary File Creation/Overwrite vulnerability via insufficient symlink...

Linux Distros Unpatched Vulnerability : CVE-2024-12801

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Server-Side Request Forgery SSRF in SaxEventRecorder by QOS.CH logback version 0.1 to 1.3.14 and 1.4.0 to 1.5.12 on the Java platform, allows an attacker to for...

CVE-2025-54475

A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands...

CVE-2025-55708

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in ExpressTech Systems Quiz And Survey Master quiz-master-next allows SQL Injection.This issue affects Quiz And Survey Master: from n/a through = 10.2.4...

CVE-2025-54475 Extension - joomsky.com - SQL injection in JS jobs component version 1.3.2 - 1.4.4 for Joomla

A SQL injection vulnerability in the JS Jobs plugin versions 1.3.2-1.4.4 for Joomla allows low-privilege users to execute arbitrary SQL commands...

CVE-2025-54474 Extension - dj-extensions.com - SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla

A SQLi vulnerability in DJ-Classifieds component 3.9.2-3.10.1 for Joomla was discovered. The issue allows privileged users to execute arbitrary SQL commands...

CVE-2025-54473

CVE-2025-54473 is an authenticated remote code execution flaw in Phoca Commander for Joomla, affecting versions 1.0.0–4.0.0 and 5.0.0–5.0.1. The issue arises from the unzip feature, enabling code execution after authentication. The CVSSv4 base score is 9.2 (CRITICAL) with high impact to confident...

Joomla! 代码问题漏洞

Joomla! is a free, open source content management system from Joomla! A code issue vulnerability exists in Joomla! versions 1.0.0-4.0.0 and 5.0.0-5.0.1, which stems from a flaw in the decompression feature that could lead to remote code execution...

IBM WebSphere Application Server Liberty Resource Management Error Vulnerability

IBM WebSphere Application Server Liberty is a lightweight Java application server from IBM for rapid development and deployment of cloud-native applications. A denial of service vulnerability exists in IBM WebSphere Application Server Liberty versions 18.0.0.2 through 25.0.0.8, which stems from t...

OpenBao suffers from an unspecified vulnerability (CNVD-2025-18607)

OpenBao is OpenBao open source a sensitive data management software . A security vulnerability exists in OpenBao versions 0.1.0 through 2.3.1, which stems from the TOTP key engine being able to accept valid code multiple times, and no details of the vulnerability are provided at this time...

OpenBao has an unspecified vulnerability (CNVD-2025-18600)

OpenBao is OpenBao open source a sensitive data management software . A security vulnerability exists in OpenBao versions 0.1.0 through 2.3.1, which can be exploited by attackers to cause information leakage...

Linux Distros Unpatched Vulnerability : CVE-2020-10030

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been found in PowerDNS Recursor 4.1.0 up to and including 4.3.0. It allows an attacker with enough privileges to change the system's hostname to...

radio-paradise-api (=0.0.1), turkish-synonyms-api (=0.0.0) potentially affected by unknown CVE via memoize-with-leveldb (>=0.0.1 <=2.0.0)

memoize-with-leveldb NPM version =0.0.1, =2.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on memoize-with-leveldb and may be impacted: - radio-paradise-api =0.0.1 - turkish-synonyms-api =0.0.0 Source cves: unknown CVE Source advisory:...

dm-ide (>=0.0.1 <=1.2.8) potentially affected by unknown CVE via electrin (=0.0.1-security)

electrin NPM version =0.0.1-security is affected by a known vulnerability. The following packages have a transitive dependency on electrin and may be impacted: - dm-ide =0.0.1, =1.2.8 Source cves: unknown CVE Source advisory: OSV:MAL-2025-19424...

CVE-2025-53221

CVE-2025-53221 affects WordPress plugin CodeablePress (

CVE-2025-53241

CVE-2025-53241 is a Server-Side Request Forgery (SSRF) affecting the WordPress Simplified plugin, with vulnerable versions listed as n/a through 1.0.9 (and related notes indicating up to 1.0.11 in advisories). The underlying issue is an SSRF vulnerability in Simplified that permits the server to ...

CVE-2025-54409 AIDE null pointer dereference when reading incorrectly encoded xattr attributes from database (local DoS)

AIDE is an advanced intrusion detection environment. From versions 0.13 to 0.19.1, there is a null pointer dereference vulnerability in AIDE. An attacker can crash the program during report printing or database listing after setting extended file attributes with an empty attribute value or with a...

CVE-2025-36047 IBM WebSphere Application Server Liberty denial of service

IBM WebSphere Application Server Liberty 18.0.0.2 through 25.0.0.8 is vulnerable to a denial of service, caused by sending a specially-crafted request. A remote attacker could exploit this vulnerability to cause the server to consume memory resources...

CVE-2025-28987

Server-Side Request Forgery SSRF vulnerability in PressForward PressForward pressforward allows Server Side Request Forgery.This issue affects PressForward: from n/a through = 5.9.5...