CVE-2025-6703

Improper Input Validation vulnerability in Mozilla neqo leads to an unexploitable crash..This issue affects neqo: from 0.4.24 through 0.13.2...

DEBIAN-CVE-2025-6545

Improper Input Validation vulnerability in pbkdf2 allows Signature Spoofing by Improper Validation. This vulnerability is associated with program files lib/to-buffer.Js. This issue affects pbkdf2: from 3.0.10 through 3.1.2...

CVE-2025-6545

CVE-2025-6545 (pbkdf2) : An improper input validation issue in pbkdf2 can enable signature spoofing. Affects pbkdf2 versions 3.0.10–3.1.2, with the root cause in the library’s input handling (noted as lib/to-buffer.Js). CVSS v4.0 base score 9.1 (critical). Public references describe vendor adviso...

a2 (>=0.1.0 <=0.3.17), agentos (>=0.0.5 <=0.0.7) +218 more potentially affected by CVE-2025-52967 via mlflow (>=0.8.2 <=2.22.0)

mlflow PYPI version =0.8.2, =0.1.0, =0.0.5, =0.1.0, =0.1.9, =0.0.1, =1.0.4, =0.1.2, =1.0.18.2, =0.0.1, =1.0.41, =1.4.0, =0.2.5, =0.2.17rc1 and more Source cves: CVE-2025-52967 Source advisory: OSV:GHSA-WXJ7-3FX5-PP9M...

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is a set of data integration platforms from International Business Machines IBM. The platform can be used to integrate data information obtained from various sources. A security vulnerability exists in IBM InfoSphere Information Server versions 11.7.0.0 through...

CVE-2025-49967

Cross-Site Request Forgery CSRF vulnerability in marcusjansen Live Sports Streamthunder live-sports-streamthunder allows Cross Site Request Forgery.This issue affects Live Sports Streamthunder: from n/a through = 2.1...

MediaWiki >= 2.4.2 < 3.3.1 Multiple Vulnerabilities

MediaWiki is prone to multiple vulnerabilities. Note: This VT has been deprecated as it had targeted the wrong product. It is therefore no longer functional. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

Crafter Studio Groovy Sandbox Bypass

Improper Control of Dynamically-Managed Code Resources vulnerability in Crafter Studio of CrafterCMS allows authenticated developers to execute OS commands via Groovy Sandbox Bypass. By inserting malicious Groovy elements, an attacker may bypass Sandbox restrictions and obtain RCE Remote Code...

CVE-2025-49258

Improper Control of Filename for Include/Require Statement in PHP Program 'PHP Remote File Inclusion' vulnerability in thembay Maia maia allows PHP Local File Inclusion.This issue affects Maia: from n/a through = 1.1.15...

CVE-2025-39479

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in smartiolabs Smart Notification allows Blind SQL Injection. This issue affects Smart Notification: from n/a through 10.3...

OESA-2025-1630 redis security update

Redis is an advanced key-value store. It is often referred to as a dattructure server since keys can contain strings, hashes ,lists, sets anorted sets. Security Fixes: Redis is an open source, in-memory database that persists on disk. In versions starting from 7.0.0 to before 8.0.2, a stack-based...

CVE-2025-2254

An issue has been discovered in GitLab CE/EE affecting all versions from 17.9 before 17.10.8, 17.11 before 17.11.4, and 18.0 before 18.0.2. Improper output encoding in the snipper viewer functionality lead to Cross-Site scripting attacks...

matrix-sdk-crypto vulnerable to encrypted event sender spoofing by homeserver administrator

matrix-sdk-crypto versions 0.8.0 up to and including 0.11.0 does not correctly validate the sender of an encrypted event. Accordingly, a malicious homeserver operator can modify events served to clients, making those events appear to the recipient as if they were sent by another user. Although th...

org.apache.kafka:kafka-perf_2.8.2 (>=0.8.0 <=0.8.0-beta1), org.apache.nifi:nifi-kafka-nar (>=0.0.1-incubating <=0.3.0) +1 more potentially affected by CVE-2025-27819 via org.apache.kafka:kafka_2.8.2 (>=0.8.0-beta1 <=0.8.1)

org.apache.kafka:kafka2.8.2 MAVEN version =0.8.0-beta1, =0.8.0, =0.0.1-incubating, =0.0.1-incubating, =0.3.0 Source cves: CVE-2025-27819 Source advisory: OSV:GHSA-MCWH-C9PG-XW43...

matrix-rust-sdk 安全漏洞

matrix-rust-sdk is a Matrix open source implementation of the Matrix client-server library in Rust. A security vulnerability exists in matrix-rust-sdk versions 0.8.0 through 0.11.0, which stems from insufficient sender authentication and could lead to event tampering...

@alfresco/adf-testing (=6.0.0-A.2-8258), @genexus/ngx-aws-deploy (=5.2.1) +6 more potentially affected by CVE-2025-5889 via brace-expansion (>=2.0.0 <=2.0.1)

brace-expansion NPM version =2.0.0, =1.16.0, =1.0.1, =0.0.20, =15.0.0 - fluid-webdriver =1.1.2 - nx-cargo =1.0.0-alpha.2 Source cves: CVE-2025-5889 Source advisory: OSV:GHSA-V6H2-P8H4-QCJW...

CVE-2025-48130

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in spicethemes Spice Blocks spice-blocks allows Path Traversal.This issue affects Spice Blocks: from n/a through = 2.0.7.4...

CVE-2025-30948

Cross-Site Request Forgery CSRF vulnerability in Giraphix Creative Layouts for Elementor layouts-for-elementor allows Cross Site Request Forgery.This issue affects Layouts for Elementor: from n/a through = 1.11...

CVE-2025-28981

CVE-2025-28981 is a vulnerability in the WordPress plugin WP Mail Options . The connected Red Hat entry confirms a Cross-Site Request Forgery (CSRF) condition that allows a Stored XSS via WP Mail Options, affecting versions listed as from n/a through 0.2.3. The CVE description in the initial docu...

CVE-2025-49306

CVE-2025-49306 is a stored XSS in WordPress WP Social Widget due to improper input neutralization during web page generation. Affected: WP Social Widget up to version 2.3 (including). The connected sources (Wordfence WordPress vulnerability report) confirm stored XSS and affected version, but do ...