10xanswers (>=1.0.0 <=1.1.16), 24social-ui (>=1.0.0 <=1.0.1) +8200 more potentially affected by CVE-2024-53382 via prismjs (>=0.0.1 <=1.2.0)

prismjs NPM version =0.0.1, =1.0.0, =1.0.0, =0.1.13, =0.3.0, =0.3.0, =0.5.0, =1.0.0, =0.1.0, =0.1.2, =1.0.0, =1.0.23, =1.0.1, =1.0.0, =1.0.3, =1.0.0, =2.0.0-beta.0 and more Source cves: CVE-2024-53382 Source advisory: OSV:GHSA-X7HR-W5R2-H6WG...

io.peekandpoke.funktor:all-jvm (>=0.86.0 <=0.107.2), io.peekandpoke.funktor:insights-jvm (>=0.86.0 <=0.107.2) +3 more potentially affected by CVE-2024-53382 via org.webjars.npm:prismjs (>=1.23.0 <=1.29.0)

org.webjars.npm:prismjs MAVEN version =1.23.0, =0.86.0, =0.86.0, =0.86.0, =15.4.3, =3.3.1, =3.6.0 Source cves: CVE-2024-53382 Source advisory: SNYK:JAVA-ORGWEBJARSNPM-9055449...

ai.djl.timeseries:timeseries (>=0.19.0 <=0.33.0), cc.akkaha:pea-dubbo_2.12 (>=0.1.5 <=0.7.0) +478 more potentially affected by CVE-2025-1686 +1 more via io.pebbletemplates:pebble (>=2.5.0 <=3.2.3)

io.pebbletemplates:pebble MAVEN version =2.5.0, =0.19.0, =0.1.5, =0.3.0, =0.1.0, =4.1.0, =16.5.0, =6.5.1, =6.0.0, =12.0.0-beta, =16.0.9 and more Source cves: CVE-2025-1686, CVE-2025-27137 Source advisory: OSV:GHSA-P75G-CXFJ-7WRX...

CVE-2025-0159

IBM FlashSystem IBM Storage Virtualize 8.5.0.0 through 8.5.0.13, 8.5.1.0, 8.5.2.0 through 8.5.2.3, 8.5.3.0 through 8.5.3.1, 8.5.4.0, 8.6.0.0 through 8.6.0.5, 8.6.1.0, 8.6.2.0 through 8.6.2.1, 8.6.3.0, 8.7.0.0 through 8.7.0.2, 8.7.1.0, 8.7.2.0 through 8.7.2.1 could allow a remote attacker to bypas...

@gnar-engine/core (>=1.0.1 <=1.0.23) potentially affected by CVE-2025-1756 via mongosh (=1.10.6)

mongosh NPM version =1.10.6 is affected by a known vulnerability. The following packages have a transitive dependency on mongosh and may be impacted: - @gnar-engine/core =1.0.1, =1.0.23 Source cves: CVE-2025-1756 Source advisory: OSV:GHSA-F5W3-73H4-JPCM...

PT-2025-7849 · Pickplugins · Pickplugins Wishlist

Name of the Vulnerable Software and Affected Versions: PickPlugins Wishlist versions 1.0.0 through 1.0.41 Description: The issue is related to an SQL Injection vulnerability due to improper neutralization of special elements used in an SQL command. This allows for SQL Injection attacks...

log4j-core: Remote code execution in Log4j 2.x when logs contain an attacker-controlled string value

A flaw was found in the Apache Log4j logging library in versions from 2.0.0 and before 2.15.0. A remote attacker who can control log messages or log message parameters, can execute arbitrary code on the server via JNDI LDAP endpoint...

apache-commons-text: variable interpolation RCE

A flaw was found in Apache Commons Text packages 1.5 through 1.9. The affected versions allow an attacker to benefit from a variable interpolation process contained in Apache Commons Text, which can cause properties to be dynamically defined. Server applications are vulnerable to remote code...

CVE-2025-22632

Improper Neutralization of Input During Web Page Generation 'Cross-site Scripting' vulnerability in totalsoft WooCommerce Pricing – Product Pricing woo-pricing-table allows Stored XSS.This issue affects WooCommerce Pricing – Product Pricing: from n/a through = 1.0.9...

com.easy-flowable:easy-flowable-solon-plugin (>=1.0.0 <=1.0.2), com.luomor.pcsms:pcsms-solon-plugin-example (>=1.0.0 <=1.0.1) +17 more potentially affected by CVE-2025-1584 via org.noear:solon-web-staticfiles (>=2.9.2-M1 <=3.0.9-M2)

org.noear:solon-web-staticfiles MAVEN version =2.9.2-M1, =1.0.0, =1.0.0, =2024.3.0, =1.3.0, =20250107, =3.3.4, =1.8.4, =1.3.1, =1.7.8, =1.8.0, =2.9.2, =2.9.2, =2.9.2, =2.9.2, =3.0.10-M1 and more Source cves: CVE-2025-1584 Source advisory: OSV:GHSA-X8Q6-CCHR-P7M6...

Extreme Networks IQ Engine 安全漏洞

Extreme Networks IQ Engine is an engine by Extreme Networks, Inc. A security vulnerability exists in Extreme Networks IQ Engine versions prior to 10.6r1a and versions prior to 10.6r4 through 10.6r5, which originates from a buffer overflow in the ahwebui service...

Eclipse Open VSX 安全漏洞

Eclipse Open VSX is an open source registry of code extensions for Eclipse open source. A security vulnerability exists in Eclipse Open VSX versions v0.9.0 through v0.20.0, which stems from the /user/namespace/namespace/details API that allows a user to edit all namespace details, even if the use...

be.jidoka:jdk-keycloak-admin (>=2.0.0 <=2.4.0), ch.iterial.keycloak.plugins:keycloak-directus-plugin (>=0.1.0 <=0.7.0) +716 more potentially affected by CVE-2024-4028 via org.keycloak:keycloak-core (>=1.0-alpha-1 <=26.1.2)

org.keycloak:keycloak-core MAVEN version =1.0-alpha-1, =2.0.0, =0.1.0, =0.0.1, =1.5.1, =1.5.1, =1.6.2, =1.6.2, =1.5.2, =1.5.2, =1.7.2, =1.7.2, =1.0.22, =1.0.22, =1.4.3, =1.4.3, =1.6.5 and more Source cves: CVE-2024-4028 Source advisory: OSV:GHSA-Q4XQ-445G-G6CH...

JIP InfoBridge FileMegane 安全漏洞

JIP InfoBridge FileMegane is an application from JIP InfoBridge Japan. A security vulnerability exists in JIP InfoBridge FileMegane versions prior to 1.0.0.0 through 3.4.0.0, which stems from an authentication bypass issue that could allow a user to impersonate and access restricted files...

CVE-2024-8266

An issue was discovered in GitLab CE/EE affecting all versions starting from 17.1 prior to 17.6.0, which allows an attacker with maintainer role to trigger a pipeline as project owner under certain circumstances...

com.databricks:automatedml_2.11 (=0.7.2), com.github.aishfenton:vegas-flink_2.11 (=0.3.4) +11 more potentially affected by CVE-2025-25304 via org.webjars.bower:vega (>=1.5.4 <=3.0.0-rc4)

org.webjars.bower:vega MAVEN version =1.5.4, =0.3.6, =0.3.6, =0.3.6, =1.1.0, =2.1.0, =1.0.10, =2.0.1 Source cves: CVE-2025-25304 Source advisory: SNYK:JAVA-ORGWEBJARSBOWER-8730845...

OESA-2025-1117 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables...

OESA-2025-1116 cpp-httplib security update

A C++11 single-file header-only cross platform HTTP/HTTPS library. It's extremely easy to setup. Just include httplib.h file in your code! Security Fixes: cpp-httplib version v0.17.3 through v0.18.3 fails to filter CRLF characters "\r\n" when those are prefixed with a null byte. This enables...

Octokit 安全漏洞

Octokit is a Ruby toolkit for the GitHub API. A security vulnerability exists in Octokit version 1.0.0 through versions prior to 6.1.7, which stems from a Regular Expression Denial of Service ReDoS vulnerability in the processing of HTTP request headers, which can be exploited by an attacker to...

PT-2025-7072

Name of the Vulnerable Software and Affected Versions: @octokit/request-error versions 1.0.0 through 6.1.6 Description: A Regular Expression Denial of Service ReDoS vulnerability exists in the processing of HTTP request headers. By sending an authorization header containing an excessively long...