SUSE CVE-2025-5683

When loading a specifically crafted ICNS format image file in QImage then it will trigger a crash. This issue affects Qt from versions 6.3.0 through 6.5.9, from 6.6.0 through 6.8.4, 6.9.0. This is fixed in 6.5.10, 6.8.5 and 6.9.1...

Apache InLong 代码问题漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. A deserialization vulnerability exists in Apache InLong versions prior to 1.13.0 to 2.1.0. The vulnerability stems from unsafe...

RSJoomla! RSFirewall! 安全漏洞

RSJoomla! RSFirewall! is a website security protection tool from RSJoomla! A security vulnerability exists in RSJoomla! RSFirewall! versions 2.9.7 through 3.1.5, which stems from insufficient path cleanup and could lead to arbitrary file reads...

CVE-2025-24015

Deno is a JavaScript, TypeScript, and WebAssembly runtime. Versions 1.46.0 through 2.1.6 have an issue that affects AES-256-GCM and AES-128-GCM in Deno in which the authentication tag is not being validated. This means tampered ciphertexts or incorrect keys might not be detected, which breaks the...

io.lighty.applications.rcgnmi:lighty-rcgnmi-app-module (>=22.0.0 <=22.1.0), io.lighty.applications.rnc:lighty-rnc-module (>=22.0.0 <=22.1.0) +28 more potentially affected by CVE-2025-46548 via org.apache.pekko:pekko-management_2.13 (>=1.0.0 <=1.1.0)

org.apache.pekko:pekko-management2.13 MAVEN version =1.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =22.0.0, =1.0.0, =1.1.0-M1 and more Source cves: CVE-2025-46548 Source advisory: OSV:GHSA-9QVJ-RPJ8-V5C8...

phpwcms 代码问题漏洞

phpwcms is an open source web content management system from slackero open source. It is fast, easy to install and can run on any standard web server platform that supports PHP/MySQL. A code issue vulnerability exists in phpwcms 1.9.45 and 1.10.8 and earlier versions, which stems from an incorrec...

IBM Cloud Pak for Security和IBM QRadar Suite 代码注入漏洞

IBM Cloud Pak for Security is a software application. An open security platform that connects to your existing data sources to generate deeper insights and enables you to take automated action faster.IBM QRadar Suite is an integrated security information and event management SIEM solution for...

Multer 安全漏洞

Multer is an expressjs open source middleware for Node.js. A security vulnerability exists in Multer versions 1.4.4-lts.1 through prior to 2.0.1, which stems from an upload file request with an empty string field name that could result in a denial of service...

CVE-2025-48336

Deserialization of Untrusted Data vulnerability in ThimPress Course Builder course-builder allows Object Injection.This issue affects Course Builder: from n/a through 3.6.6...

ai.ancf.lmos-router:lmos-router-llm-in-spring-cloud-gateway-demo (>=0.2.0 <=0.28.0), ai.ancf.lmos:lmos-router-llm-in-spring-cloud-gateway-demo (=0.1.0) +63 more potentially affected by CVE-2025-41235 via org.springframework.cloud:spring-cloud-gateway-server (>=4.1.0 <=4.1.7)

org.springframework.cloud:spring-cloud-gateway-server MAVEN version =4.1.0, =0.2.0, =1.0.0, =1.0.0, =2024.1.0.0, =15.0-RELEASE, =1.1.0, =4.2.3, =1.3.0, =0.10.2, =1.5.1, =1.6.0 and more Source cves: CVE-2025-41235 Source advisory: OSV:GHSA-6J2Q-C73V-97C5...

CVE-2025-48381

CVAT (Computer Vision Annotation Tool) has a disclosed information-disclosure vulnerability affecting versions 2.4.0 through 2.37.x, where an authenticated user could retrieve IDs and names of tasks, projects, and labels, plus IDs of jobs and quality reports, potentially enabling information expo...

Computer Vision Annotation Tool 安全漏洞

Computer Vision Annotation Tool CVAT is a cvat.ai open source interactive video and image annotation tool for computer vision. A security vulnerability exists in Computer Vision Annotation Tool versions prior to 2.4.0 through 2.38.0, which stems from the possibility that an authenticated user may...

vLLM 输入验证错误漏洞

vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. An input validation error vulnerability exists in vLLM versions prior to 0.8.0 through 0.9.0, which stems from accidental or malformed inputs in the pattern and type fields that are not...

ace-step (=0.1.0), ambientagi (>=0.1.1 <=0.2.12) +39 more potentially affected by CVE-2025-5320 via gradio (>=5.0.0 <=5.29.1)

gradio PYPI version =5.0.0, =0.1.1, =0.0.1, =1.0.1, =0.1.2, =0.0.5, =0.1.0, =0.0.2, =0.1.0, =2.0.0, =1.1.8b3, =1.0.0, =2025.1.24, =2025.11.0b3 and more Source cves: CVE-2025-5320 Source advisory: OSV:GHSA-WMJH-CPQJ-4V6X...

CVE-2024-57336

Incorrect access control in M2Soft CROWNIX Report & ERS affected v7.x to v7.4.3.599 and v8.x to v8.0.3.79 allows unauthorized attackers to obtain Administrator account access...

Apache InLong 代码问题漏洞

Apache InLong is a one-stop mass data integration framework from the Apache USA Foundation. It provides automated, secure, and reliable data transfer capabilities. A code issue vulnerability exists in Apache InLong versions 1.13.0 to 2.1.0, which stems from deserializing untrustworthy data and...

Netwrix Directory Manager 安全漏洞

Netwrix Directory Manager is a group and user management software from Netwrix, Inc. A security vulnerability exists in Netwrix Directory Manager versions v.11.0.0.0 through v.11.1.25134.03, which originates from hard-coded passwords...

Apache InLong 代码问题漏洞

Apache InLong is the U.S. Apache Apache Foundation's one-stop massive data integration framework. Provides automated, secure and reliable data transfer capabilities. Apache InLong versions 1.13.0 to 2.1.0 has a deserialization vulnerability , the vulnerability stems from the application in the...

CVE-2025-47575

Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in mojoomla School Management allows SQL Injection. This issue affects School Management: from n/a through 92.0.0...

OESA-2025-1557 springframework security update

The spring is based on code pubilshed in Expert One-on-One J2EE Design and Dvelopment by Rod Johnson Wrox, 2002.it is a layered Java/J2ee application framework. Security Fixes: n Spring Framework versions 5.3.0 - 5.3.16 and older unsupported versions, it is possible for a user to provide a...