RSJoomla! RSFiles! component for Joomla 资源管理错误漏洞

RSJoomla! RSFiles! component for Joomla is an extension component for the Joomla content management system from RSJoomla! A resource management error vulnerability exists in RSJoomla! RSFiles! component for Joomla versions 1.16.3 through 1.17.7, which stems from mishandling of the search function...

melange 安全漏洞

melange is a Chainguard open source for building APKs from source code. A security vulnerability exists in melange versions prior to 0.23.0 through 0.29.5, which stems from improperly set permissions on the SBOM file, which could lead to a tampering attack...

Multer 安全漏洞

Multer is an expressjs open source middleware for Node.js. A security vulnerability exists in Multer versions 1.4.4-lts.1 through prior to 2.0.2, which stems from an unhandled exception in the handling of malformed multipart upload requests, which could lead to a denial of service...

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=6.2.5), org.glassfish.main.admingui:console-common-full-plugin (>=3.1.2 <=6.2.5) +14 more potentially affected by CVE-2024-9408 via org.glassfish.main.admingui:console-common (>=3.1.2 <=6.2.5)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =4.1, =4.1, =6.2.5 and more Source cves: CVE-2024-9408 Source advisory: OSV:GHSA-F7H5-C625-3795...

org.glassfish.main.admingui:console-cluster-plugin (>=3.1.2 <=9.0.0-M2), org.glassfish.main.admingui:console-commandrecorder-plugin (>=7.0.16 <=9.0.0-M2) +16 more potentially affected by CVE-2024-9342 via org.glassfish.main.admingui:console-common (>=3.1.2 <=9.0.0-M2)

org.glassfish.main.admingui:console-common MAVEN version =3.1.2, =3.1.2, =7.0.16, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =3.1.2, =4.0, =3.1.2, =4.0, =3.1.2, =4.0, =4.0, =6.2.5, =9.0.0-M2 and more Source cves: CVE-2024-9342 Source advisory:...

CVE-2025-30936

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Torod Company for Information Technology Torod torod allows SQL Injection.This issue affects Torod: from n/a through = 2.1...

Authen::SASL::Perl::DIGEST_MD5 安全漏洞

Authen::SASL::Perl::DIGESTMD5 is a module in the Perl language from the Perl community. A security vulnerability exists in Authen::SASL::Perl::DIGESTMD5 versions 2.04 through 2.1800 and earlier, which stems from insecure cnonce generation...

AZL-65267 CVE-2025-53023 affecting package mysql for versions less than 8.0.43-1

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Replication. Supported versions that are affected are 8.0.0-8.0.42. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attac...

UBUNTU-CVE-2025-50076

Vulnerability in the MySQL Server product of Oracle MySQL component: Server: DML. Supported versions that are affected are 8.0.0-8.0.25. Easily exploitable vulnerability allows low privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of thi...

@altipla/directus-sdk-utils (=0.7.2), @bicou/directus-extension-imagga (>=1.6.3 <=1.6.6) +9 more potentially affected by CVE-2025-53887 via directus (>=10.10.0 <=11.8.0)

directus NPM version =10.10.0, =1.6.3, =11.16.1-depup.0, =15.0.0, =1.2.2, =1.0.0, =2.0.0 - directus-extension-blog-year-filter =1.0.0 - lease-directus-template =0.0.0 Source cves: CVE-2025-53887 Source advisory: OSV:GHSA-RMJH-CF9Q-PV7Q...

UBUNTU-CVE-2025-5992

When passing values outside of the expected range to QColorTransferGenericFunction it can cause a denial of service, for example, this can happen when passing a specifically crafted ICC profile to QColorSpace::fromICCProfile.This issue affects Qt from 6.6.0 through 6.8.3, from 6.9.0 through 6.9.1...

When the assert() function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and size information, which may lead to a buffer overflow if the message string size aligns to page size.

...

aiqtoolkit-llama-index (>=1.1.0 <=1.2.0rc4), airunner (>=3.0.0 <=3.1.14) +45 more potentially affected by CVE-2025-6211 via llama-index (>=0.10.0 <=0.12.38)

llama-index PYPI version =0.10.0, =1.1.0, =3.0.0, =1.0.5, =1.7.0, =0.2.53, =0.1.3, =0.1.169, =0.1.0, =0.3.0, =0.0.52, =0.0.61 - intelligent-engine-core =0.1.0 - jiuwen-opensource =0.0.3 and more Source cves: CVE-2025-6211 Source advisory: SNYK:PYTHON-LLAMAINDEX-10691925...

Serviio Media Server 安全漏洞

Serviio Media Server is a media server software from Serviio Individual Developers in the UK. A security vulnerability exists in Serviio Media Server versions 1.4 through 1.8, which stems from a command injection issue in the /rest/action API endpoint that could lead to remote code execution...

3m (=0.1.0), aaa-ml-datasets-course (=1.0.0) +1817 more potentially affected by CVE-2025-3777 via transformers (>=2.10.0 <=4.52.0)

transformers PYPI version =2.10.0, =0.0.4.80, =0.1.0, =0.1.1, =0.1.0, =0.0.3, =0.0.1, =0.0.0.dev20230804, =0.1.0, =0.3.0, =0.1.0, =0.2.5, =0.2.11 and more Source cves: CVE-2025-3777 Source advisory: OSV:GHSA-PHHR-52QP-3MJ4...

@regis-samurai/n8n (>=0.216.1 <=0.219.1), n8n-nodes-accelo (>=0.1.0 <=0.1.9) +11 more potentially affected by CVE-2025-52554 via n8n (>=0.138.0 <=0.93.0)

n8n NPM version =0.138.0, =0.216.1, =0.1.0, =0.18.0, =0.1.0, =0.1.0, =0.2.14, =0.1.0, =0.1.0, =0.0.2, =0.0.2, =1.1.3 Source cves: CVE-2025-52554 Source advisory: OSV:GHSA-GQ57-V332-7666...

SUSE CVE-2025-53103

JUnit is a testing framework for Java and the JVM. From version 5.12.0 to 5.13.1, JUnit's support for writing Open Test Reporting XML files can leak Git credentials. The impact depends on the level of the access token exposed through the OpenTestReportGeneratingListener. If these test reports are...

0.app1 (=1.0.52), 0.edsql (>=1.0.49 <=1.0.50) +1811 more potentially affected by CVE-2024-46993 via electron (>=0.1.2 <=28.2.3)

electron NPM version =0.1.2, =1.0.49, =1.0.49, =1.0.49, =1.0.0, =1.0.0, =1.0.6, =1.0.1, =1.0.0, =4.0.23, =0.0.1, =0.0.2 and more Source cves: CVE-2024-46993 Source advisory: OSV:GHSA-6R2X-8PQ8-9489...

CVE-2025-32897 Apache Seata (incubating): Deserialization of untrusted Data in Apache Seata Server

Deserialization of Untrusted Data vulnerability in Apache Seata incubating. This security vulnerability is the same as CVE-2024-47552, but the version range described in the CVE-2024-47552 definition is too narrow. This issue affects Apache Seata incubating: from 2.0.0 before 2.3.0. Severity...

CVE-2025-32897

CVE-2025-32897 describes a deserialization of untrusted data vulnerability in Apache Seata (incubating) affecting versions 2.0.0 up to but not including 2.3.0. The underlying issue is unsafe deserialization of serialized user data, enabling potential code execution. The CVSS v3.1 base score is 9....