CVE-2025-3488

The WPML plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin's wpmllanguageswitcher shortcode in versions 3.6.0 - 4.7.3 due to insufficient input sanitization and output escaping on user supplied attributes. This makes it possible for authenticated attackers, with...

click-clack (>=0.1.0 <=0.2.1), paos (>=1.2.7 <=1.2.10) +1 more potentially affected by unknown CVE via marimo (>=0.10.19 <=0.11.31)

marimo PYPI version =0.10.19, =0.1.0, =1.2.7, =0.1.1.dev1736307293, =0.1.1.dev1742453945 Source cves: unknown CVE Source advisory: SNYK:PYTHON-MARIMO-12671196...

KUNBUS PiCtory 安全漏洞

KUNBUS PiCtory is a graphical software tool from KUNBUS Corporation for configuring and managing the KUNBUS Revolution Pi industrial computer. A security vulnerability exists in KUNBUS PiCtory versions 2.5.0 through 2.11.1, which stems from a path traversal that could lead to authentication bypas...

ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0), com.charlyghislain.keycloak:keycloak-importexport (>=21.0.0 <=23.0.1) +135 more potentially affected by CVE-2025-3501 via org.keycloak:keycloak-services (>=1.0-alpha-1 <=26.2.1)

org.keycloak:keycloak-services MAVEN version =1.0-alpha-1, =0.1.0, =21.0.0, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.4.10, =1.0.1, =1.0.2 - com.kleegroup.accelerator:accelerator-security-keycloakmfa =1.0.1 and more Source cves: CVE-2025-3501 Source advisory:...

PYSEC-2025-42

vLLM is a high-throughput and memory-efficient inference and serving engine for LLMs. Versions starting from 0.6.5 and prior to 0.8.5, having vLLM integration with mooncake, are vulnerable to remote code execution due to using pickle based serialization over unsecured ZeroMQ sockets. The vulnerab...

vLLM 安全漏洞

vLLM is a high throughput and memory efficient inference and service engine for LLM from the vLLM open source. A security vulnerability exists in vLLM versions prior to 0.8.0 through 0.8.5, which stems from inefficiencies in the input preprocessing logic that could lead to resource exhaustion...

vLLM 代码问题漏洞

vLLM is a vLLM open source high throughput and memory efficient inference and service engine for LLM. A code issue vulnerability exists in vLLM versions prior to 0.6.5 to 0.8.5, which stems from the use of pickle-based serialization and could lead to remote code execution...

vLLM 安全漏洞

vLLM is a vLLM open source high throughput and memory efficient reasoning and service engine for LLM. A security vulnerability exists in vLLM versions prior to 0.5.2 through 0.8.5, which stems from ZeroMQ could lead to denial of service and data exposure...

Snowflake Connector for .NET 安全漏洞

Snowflake Connector for .NET is a . A security vulnerability exists in Snowflake Connector for .NET versions prior to 2.1.2 through 4.4.1, which stems from a TOCTOU contention condition that could result in the logging configuration being overwritten...

CVE-2025-46495

Cross-Site Request Forgery CSRF vulnerability in tomontoast Drop Caps drop-caps allows Stored XSS.This issue affects Drop Caps: from n/a through = 2.1...

CVE-2025-46457

Cross-Site Request Forgery CSRF vulnerability in Ahsanullah Akanda Wp Custom CMS Block wp-custom-cms-block allows Stored XSS.This issue affects Wp Custom CMS Block: from n/a through = 2.1...

CVE-2025-32531

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in tychesoftwares Arconix FAQ arconix-faq allows Reflected XSS.This issue affects Arconix FAQ: from n/a through = 1.9.5...

CVE-2025-39421

Cross-Site Request Forgery CSRF vulnerability in Mustafa KUCUK WP Sticky Side Buttons wp-sticky-side-buttons allows Stored XSS.This issue affects WP Sticky Side Buttons: from n/a through = 2.1...

Andamiro Pump It Up 20th Anniversary 安全漏洞

Andamiro Pump It Up 20th Anniversary is a dance simulation game by South Korean company Andamiro. A security vulnerability exists in Andamiro Pump It Up 20th Anniversary versions 1.00.0 through 2.08.3, which stems from a denial of service that may result from a specific cancel operation...

alloy-rs (=0.2.1), anndata (=0.2.0) +98 more potentially affected by unknown CVE via arrow2 (>=0.10.1 <=0.9.2)

arrow2 CARGO version =0.10.1, =0.1.0, =0.1.0, =0.6.0, =0.1.0, =0.0.1, =0.1.0, =0.2.1, =0.2.2, =0.4.0, =0.1.0, =0.1.3 - datap =0.0.1 - erc725-rs =0.1.0 - ezel =0.0.1 and more Source cves: unknown CVE Source advisory: OSV:RUSTSEC-2025-0038...

CVE-2025-2300

Hitachi Ops Center Common Services within Hitachi Ops Center OVA contains an information exposure vulnerability. This issue affects Hitachi Ops Center Common Services: from 11.0.3-00 before 11.0.4-00...

OpenText Content Server 安全漏洞

OpenText Content Server is an enterprise content management software from OpenText Canada. A security vulnerability exists in OpenText Content Server versions 20.2 through 24.4, which stems from improper authorization of the REST API and could result in an unprivileged user deleting external...

aij (>=1.0.14 <=1.2.10), aiotube (>=1.2.0 <=1.2.2) +349 more potentially affected by CVE-2024-38519 via youtube-dl (>=2015.9.22 <=2021.12.17)

youtube-dl PYPI version =2015.9.22, =1.0.14, =1.2.0, =0.0.1, =1.3.0, =0.1.0, =0.0.4, =0.0.1b1, =2.1.2, =0.4.6, =1.0.3, =0.0.2, =0.0.3 and more Source cves: CVE-2024-38519 Source advisory: OSV:GHSA-22FP-MF44-F2MQ...

@andesite-lab/andesite-core (=1.60.2), @bechara/crux (>=6.0.0 <=6.6.2) +139 more potentially affected by CVE-2025-32442 via fastify (>=5.0.0 <=5.3.1)

fastify NPM version =5.0.0, =6.0.0, =0.2.305, =1.0.6, =1.0.11, =1.9.4, =2.0.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.6.0, =1.8.3 - @citrineos/ocpi-base =2.0.1 - @citrineos/ocpi-cdrs =2.0.1 and more Source cves: CVE-2025-32442 Source advisory: OSV:GHSA-MG2H-6X62-WPWC...

CVE-2025-26934

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in graphthemes Glossy Blog glossy-blog allows Stored XSS.This issue affects Glossy Blog: from n/a through = 1.0.3...