Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-27976 |
8.8 (3.1)
|
Zed Extension Sandbox Escape via Tar Symlink Following |
zed-industries |
zed |
2026-02-25T23:34:40.103Z | 2026-02-27T04:55:52.466Z |
| CVE-2026-27967 |
7.1 (3.1)
|
Symlink Escape in Agent File Tools |
zed-industries |
zed |
2026-02-25T23:33:21.477Z | 2026-02-28T04:55:28.156Z |
| CVE-2026-27800 |
7.4 (3.1)
|
Zed has Zip Slip Path Traversal in Extension Archive E… |
zed-industries |
zed |
2026-02-25T23:25:45.400Z | 2026-02-26T17:04:50.704Z |
| CVE-2026-27799 |
4 (3.1)
|
ImageMagick has a heap Buffer Over-read in its DJVU im… |
ImageMagick |
ImageMagick |
2026-02-25T23:20:25.204Z | 2026-02-26T17:04:08.122Z |
| CVE-2026-27798 |
4 (3.1)
|
ImageMagick: Heap Buffer Over-read in WaveletDenoise w… |
ImageMagick |
ImageMagick |
2026-02-25T23:18:33.174Z | 2026-02-26T16:54:57.532Z |
| CVE-2026-27933 |
6.8 (3.1)
|
Manyfold vulnerable to session hijack via cookie leaka… |
manyfold3d |
manyfold |
2026-02-25T23:16:01.572Z | 2026-02-26T16:45:33.523Z |
| CVE-2026-27635 |
7.5 (3.1)
|
Manyfold vulnerable to OS command injection via ZIP fi… |
manyfold3d |
manyfold |
2026-02-25T23:10:27.951Z | 2026-02-26T16:52:18.942Z |
| CVE-2026-27633 |
8.7 (4.0)
|
TinyWeb has Unbounded Content-Length Memory Exhaustion (DoS) |
maximmasiutin |
TinyWeb |
2026-02-25T23:07:35.787Z | 2026-02-26T16:51:43.475Z |
| CVE-2026-27630 |
8.7 (4.0)
|
TinyWeb vulnerable to Remote Denial of Service via Thr… |
maximmasiutin |
TinyWeb |
2026-02-25T23:05:16.563Z | 2026-02-26T16:50:51.538Z |
| CVE-2026-3209 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
fosrl Pangolin Role verifyApiKeyRoleAccess access control |
fosrl |
Pangolin |
2026-02-25T23:02:10.115Z | 2026-02-26T16:44:27.165Z |
| CVE-2026-27613 |
10 (4.0)
|
CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS a… |
maximmasiutin |
TinyWeb |
2026-02-25T22:58:16.358Z | 2026-02-26T20:22:22.813Z |
| CVE-2026-27498 |
9 (4.0)
|
n8n has Arbitrary Command Execution via File Write and… |
n8n-io |
n8n |
2026-02-25T22:42:21.618Z | 2026-02-26T20:21:05.587Z |
| CVE-2026-27578 |
8.5 (4.0)
|
n8n Vulnerable to Stored XSS via Various Nodes |
n8n-io |
n8n |
2026-02-25T22:40:38.606Z | 2026-02-26T20:16:20.758Z |
| CVE-2026-27577 |
9.4 (4.0)
|
n8n: Expression Sandbox Escape Leads to RCE |
n8n-io |
n8n |
2026-02-25T22:19:44.806Z | 2026-02-26T20:14:30.327Z |
| CVE-2026-27497 |
9.4 (4.0)
|
n8n has Potential Remote Code Execution via Merge Node |
n8n-io |
n8n |
2026-02-25T22:16:08.347Z | 2026-02-26T19:35:29.529Z |
| CVE-2026-27495 |
9.4 (4.0)
|
n8n has a Sandbox Escape in its JavaScript Task Runner |
n8n-io |
n8n |
2026-02-25T22:10:04.054Z | 2026-02-26T20:28:18.099Z |
| CVE-2026-27494 |
7.1 (4.0)
|
n8n has Arbitrary File Read via Python Code Node Sandb… |
n8n-io |
n8n |
2026-02-25T22:08:00.520Z | 2026-02-26T20:28:57.625Z |
| CVE-2026-27493 |
9.5 (4.0)
|
n8n has Unauthenticated Expression Evaluation via Form Node |
n8n-io |
n8n |
2026-02-25T22:05:00.686Z | 2026-02-26T20:27:26.036Z |
| CVE-2026-27148 |
8.9 (4.0)
|
Storybook Dev Server Vulnerable to WebSocket Hijacking |
storybookjs |
storybook |
2026-02-25T21:46:48.967Z | 2026-02-26T20:26:14.136Z |
| CVE-2026-27819 |
7.2 (3.1)
|
Vikunja has Path Traversal in CLI Restore |
go-vikunja |
vikunja |
2026-02-25T21:40:38.703Z | 2026-02-26T20:24:45.237Z |
| CVE-2026-27616 |
7.3 (3.1)
|
Vikunja Vulnerable to Stored Cross-Site Scripting (XSS… |
go-vikunja |
vikunja |
2026-02-25T21:37:57.671Z | 2026-02-26T20:38:41.085Z |
| CVE-2026-27575 |
9.1 (3.1)
|
Vijkunja has Weak Password Policy Combined with Persis… |
go-vikunja |
vikunja |
2026-02-25T21:35:23.230Z | 2026-02-26T20:39:18.888Z |
| CVE-2026-27116 |
6.1 (3.1)
|
Vikunja has Reflected HTML Injection via filter Parame… |
go-vikunja |
vikunja |
2026-02-25T21:33:50.448Z | 2026-02-25T21:38:05.386Z |
| CVE-2026-26985 |
8.1 (3.1)
|
LORIS vulnerable to path traversal in electrophysiolog… |
aces |
Loris |
2026-02-25T21:26:00.201Z | 2026-02-25T21:39:45.355Z |
| CVE-2026-2694 |
5.4 (3.1)
|
The Events Calendar <= 6.15.16 - Improper Authorizatio… |
stellarwp |
The Events Calendar |
2026-02-25T21:25:02.211Z | 2026-02-25T21:40:41.317Z |
| CVE-2026-26984 |
8.7 (3.0)
|
LORIS media module vulnerable to remote code execution |
aces |
Loris |
2026-02-25T21:15:54.790Z | 2026-02-25T21:42:13.721Z |
| CVE-2026-27951 |
5.3 (3.1)
|
FreeRDP has possible Integer overflow in Stream_Ensure… |
FreeRDP |
FreeRDP |
2026-02-25T21:07:30.828Z | 2026-02-25T21:43:56.822Z |
| CVE-2026-27950 |
5.5 (4.0)
|
FreeRDP heap-use-after-free in update_pointer_new(SDL)… |
FreeRDP |
FreeRDP |
2026-02-25T21:05:23.581Z | 2026-02-26T20:38:07.068Z |
| CVE-2026-26986 |
5.5 (4.0)
|
FreeRDP has heap-use-after-free in rail_window_free |
FreeRDP |
FreeRDP |
2026-02-25T21:01:16.916Z | 2026-02-26T20:36:03.263Z |
| CVE-2026-26965 |
8.8 (3.1)
|
FreeRDP has Out-of-bounds Write |
FreeRDP |
FreeRDP |
2026-02-25T20:59:17.828Z | 2026-02-26T14:44:04.865Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-27831 |
7.5 (3.1)
|
rldns Vulnerable to Heap-based Out-of-Bounds Read |
bluedragonsecurity |
rldns |
2026-02-26T00:11:45.608Z | 2026-02-27T15:24:12.727Z |
| CVE-2026-27830 |
8.9 (4.0)
|
c3p0 vulnerable to Remote Code Execution via unsafe de… |
swaldman |
c3p0 |
2026-02-26T00:45:18.222Z | 2026-02-27T16:25:52.917Z |
| CVE-2026-27829 |
6.5 (3.1)
|
Astro is vulnerable to SSRF due to missing allowlist e… |
withastro |
astro |
2026-02-26T00:36:40.497Z | 2026-02-26T16:21:44.676Z |
| CVE-2026-27976 |
8.8 (3.1)
|
Zed Extension Sandbox Escape via Tar Symlink Following |
zed-industries |
zed |
2026-02-25T23:34:40.103Z | 2026-02-27T04:55:52.466Z |
| CVE-2026-27967 |
7.1 (3.1)
|
Symlink Escape in Agent File Tools |
zed-industries |
zed |
2026-02-25T23:33:21.477Z | 2026-02-28T04:55:28.156Z |
| CVE-2026-27933 |
6.8 (3.1)
|
Manyfold vulnerable to session hijack via cookie leaka… |
manyfold3d |
manyfold |
2026-02-25T23:16:01.572Z | 2026-02-26T16:45:33.523Z |
| CVE-2026-27821 |
7.7 (4.0)
|
GPAC NHML Demuxer (dmx_nhml.c) Vulnerable to Stack Buf… |
gpac |
gpac |
2026-02-26T00:08:39.924Z | 2026-02-26T15:15:39.671Z |
| CVE-2026-27818 |
8.7 (4.0)
|
TerriaJS-Server has a domain validation bypass vulnera… |
TerriaJS |
terriajs-server |
2026-02-26T00:02:45.127Z | 2026-02-26T15:16:30.580Z |
| CVE-2026-27812 |
8 (4.0)
|
Sub2API Vulnerable to Password Reset Poisoning via Hos… |
Wei-Shaw |
sub2api |
2026-02-26T00:00:10.239Z | 2026-02-26T14:53:58.840Z |
| CVE-2026-27809 |
6.8 (4.0)
|
psd-tools: Compression module has unguarded zlib decom… |
psd-tools |
psd-tools |
2026-02-25T23:57:00.760Z | 2026-02-26T15:17:34.807Z |
| CVE-2026-27808 |
5.8 (3.1)
|
Mailpit is Vulnerable to Server-Side Request Forgery (… |
axllent |
mailpit |
2026-02-25T23:51:20.365Z | 2026-02-26T15:47:56.826Z |
| CVE-2026-27804 |
9.3 (4.0)
|
Parse Server: Account takeover via JWT algorithm confu… |
parse-community |
parse-server |
2026-02-25T23:48:20.858Z | 2026-02-26T17:03:50.903Z |
| CVE-2026-27800 |
7.4 (3.1)
|
Zed has Zip Slip Path Traversal in Extension Archive E… |
zed-industries |
zed |
2026-02-25T23:25:45.400Z | 2026-02-26T17:04:50.704Z |
| CVE-2026-27799 |
4 (3.1)
|
ImageMagick has a heap Buffer Over-read in its DJVU im… |
ImageMagick |
ImageMagick |
2026-02-25T23:20:25.204Z | 2026-02-26T17:04:08.122Z |
| CVE-2026-27798 |
4 (3.1)
|
ImageMagick: Heap Buffer Over-read in WaveletDenoise w… |
ImageMagick |
ImageMagick |
2026-02-25T23:18:33.174Z | 2026-02-26T16:54:57.532Z |
| CVE-2026-27735 |
6.4 (4.0)
|
mcp-server-git : Path traversal in git_add allows stag… |
modelcontextprotocol |
servers |
2026-02-25T23:45:52.077Z | 2026-02-26T17:04:59.103Z |
| CVE-2026-27711 |
5.1 (4.0)
|
NanaZip UFS Archive Parser Memory Corruption via Unval… |
M2Team |
NanaZip |
2026-02-25T23:44:26.848Z | 2026-02-26T15:07:47.597Z |
| CVE-2026-27710 |
5.1 (4.0)
|
NanaZip .NET Single-File Parser Integer Underflow Lead… |
M2Team |
NanaZip |
2026-02-25T23:43:28.219Z | 2026-02-26T15:48:29.934Z |
| CVE-2026-27709 |
5.1 (4.0)
|
NanaZip .NET Single-File Manifest Parser Vulnerable to… |
M2Team |
NanaZip |
2026-02-25T23:39:03.772Z | 2026-02-26T15:49:04.311Z |
| CVE-2026-27635 |
7.5 (3.1)
|
Manyfold vulnerable to OS command injection via ZIP fi… |
manyfold3d |
manyfold |
2026-02-25T23:10:27.951Z | 2026-02-26T16:52:18.942Z |
| CVE-2026-27633 |
8.7 (4.0)
|
TinyWeb has Unbounded Content-Length Memory Exhaustion (DoS) |
maximmasiutin |
TinyWeb |
2026-02-25T23:07:35.787Z | 2026-02-26T16:51:43.475Z |
| CVE-2026-27630 |
8.7 (4.0)
|
TinyWeb vulnerable to Remote Denial of Service via Thr… |
maximmasiutin |
TinyWeb |
2026-02-25T23:05:16.563Z | 2026-02-26T16:50:51.538Z |
| CVE-2026-26186 |
5.1 (4.0)
|
Fleet has a SQL injection via backtick escape in ORDER… |
fleetdm |
fleet |
2026-02-26T00:05:02.016Z | 2026-02-26T14:52:24.634Z |
| CVE-2026-3209 |
5.3 (4.0)
6.3 (3.1)
6.3 (3.0)
|
fosrl Pangolin Role verifyApiKeyRoleAccess access control |
fosrl |
Pangolin |
2026-02-25T23:02:10.115Z | 2026-02-26T16:44:27.165Z |
| CVE-2026-27613 |
10 (4.0)
|
CGI Parameter Injection (Bypass of STRICT_CGI_PARAMS a… |
maximmasiutin |
TinyWeb |
2026-02-25T22:58:16.358Z | 2026-02-26T20:22:22.813Z |
| CVE-2026-27578 |
8.5 (4.0)
|
n8n Vulnerable to Stored XSS via Various Nodes |
n8n-io |
n8n |
2026-02-25T22:40:38.606Z | 2026-02-26T20:16:20.758Z |
| CVE-2026-27577 |
9.4 (4.0)
|
n8n: Expression Sandbox Escape Leads to RCE |
n8n-io |
n8n |
2026-02-25T22:19:44.806Z | 2026-02-26T20:14:30.327Z |
| CVE-2026-27498 |
9 (4.0)
|
n8n has Arbitrary Command Execution via File Write and… |
n8n-io |
n8n |
2026-02-25T22:42:21.618Z | 2026-02-26T20:21:05.587Z |
| CVE-2026-27497 |
9.4 (4.0)
|
n8n has Potential Remote Code Execution via Merge Node |
n8n-io |
n8n |
2026-02-25T22:16:08.347Z | 2026-02-26T19:35:29.529Z |
| CVE-2026-27495 |
9.4 (4.0)
|
n8n has a Sandbox Escape in its JavaScript Task Runner |
n8n-io |
n8n |
2026-02-25T22:10:04.054Z | 2026-02-26T20:28:18.099Z |
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-9qpv-49q8-9chx |
5.4 (3.1)
|
A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote at… | 2026-02-25T18:31:38Z | 2026-02-25T18:31:38Z |
| ghsa-8f59-hcpc-g3hp |
7.4 (3.1)
|
A vulnerability in the Link Layer Discovery Protocol (LLDP) feature of Cisco NX-OS Software could a… | 2026-02-25T18:31:38Z | 2026-02-25T18:31:38Z |
| ghsa-7f98-q4h8-rf6r |
6.5 (3.1)
8.3 (4.0)
|
OpenSIPS versions 3.1 before 3.6.4 containing the auth_jwt module (prior to commit 3822d33) contain… | 2026-02-25T18:31:38Z | 2026-02-27T21:31:20Z |
| ghsa-687g-rcf9-r6r3 |
6.7 (3.1)
|
A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Man… | 2026-02-25T18:31:38Z | 2026-02-25T18:31:38Z |
| ghsa-5w57-gjvc-whwc |
9.8 (3.1)
9.3 (4.0)
|
An Incorrect Permission Assignment for Critical Resource vulnerability in the On-Box Anomaly detect… | 2026-02-25T18:31:38Z | 2026-02-25T18:31:38Z |
| ghsa-5h54-2f2f-5x5c |
9.8 (3.1)
|
A vulnerability in the API user authentication of Cisco Catalyst SD-WAN Manager could allow an unau… | 2026-02-25T18:31:38Z | 2026-02-25T18:31:38Z |
| ghsa-4pqc-pmx6-jgc9 |
4.8 (3.1)
|
A vulnerability in the web-based management interface of Cisco FXOS Software and Cisco UCS Manager … | 2026-02-25T18:31:38Z | 2026-02-25T18:31:38Z |
| ghsa-4g2q-86h2-35w4 |
3.1 (3.1)
1.3 (4.0)
|
A vulnerability was detected in Chia Blockchain 2.1.0. Impacted is an unknown function of the file … | 2026-02-25T18:31:38Z | 2026-02-25T18:31:38Z |
| ghsa-4466-83q5-3rxw |
7.4 (3.1)
|
A vulnerability with the Ethernet VPN (EVPN) Layer 2 ingress packet processing of Cisco Nexus 3600 … | 2026-02-25T18:31:38Z | 2026-02-25T18:31:38Z |
| ghsa-2p6h-wfw7-47wv |
3.1 (3.1)
2.3 (4.0)
|
A weakness has been identified in feiyuchuixue sz-boot-parent up to 1.3.2-beta. This vulnerability … | 2026-02-25T18:31:38Z | 2026-02-25T18:31:39Z |
| ghsa-w654-6gvp-6w5j |
9.8 (3.1)
|
Due to improper neutralization of special elements, SQL statements can be injected via the handshak… | 2026-02-25T18:31:37Z | 2026-02-26T18:31:39Z |
| ghsa-qc7c-4556-qm66 |
9.8 (3.1)
|
Due to missing neutralization of special elements, OS commands can be injected via the handshake of… | 2026-02-25T18:31:37Z | 2026-02-26T18:31:39Z |
| ghsa-7gqx-qgr9-rhw9 |
9.1 (3.1)
9.3 (4.0)
|
The administrative credentials can be extracted through application API responses, mobile applicati… | 2026-02-25T18:31:37Z | 2026-02-25T18:31:37Z |
| ghsa-6j93-38rf-cf9g |
6.2 (3.1)
|
Due to missing authentication, a user with physical access to the device can misuse the mesh functi… | 2026-02-25T18:31:37Z | 2026-02-25T21:31:18Z |
| ghsa-47p7-hmcr-q3rr |
9.6 (3.1)
|
An arbitrary file upload vulnerability in the subtitle loading function of asbplayer v1.13.0 allows… | 2026-02-25T18:31:37Z | 2026-02-26T21:31:30Z |
| ghsa-9fj4-3849-rv9g |
0.0 (3.1)
|
OpenKruise PodProbeMarker is Vulnerable to SSRF via Unrestricted Host Field | 2026-02-25T18:30:40Z | 2026-02-27T21:48:39Z |
| ghsa-c6rr-7pmc-73wc |
2.7 (4.0)
|
ENS DNSSEC Oracle Vulnerable to RSA Signature Forgery via Missing PKCS#1 v1.5 Padding Validation | 2026-02-25T18:26:58Z | 2026-02-27T20:55:13Z |
| ghsa-m2cm-222f-qw44 |
8.9 (4.0)
|
mchange-commons-java: Remote Code Execution via JNDI Reference Resolution | 2026-02-25T18:20:05Z | 2026-02-27T20:55:40Z |
| ghsa-cj9f-h6r6-4cx2 |
6.5 (3.1)
|
Astro is vulnerable to SSRF due to missing allowlist enforcement in remote image inferSize | 2026-02-25T18:11:47Z | 2026-02-27T21:53:27Z |
| ghsa-jmhp-5558-qxh5 |
9.9 (3.1)
|
OneUptime: OS Command Injection in Probe NetworkPathMonitor via unsanitized destination in tracerou… | 2026-02-25T18:09:47Z | 2026-02-27T20:55:31Z |
| ghsa-xh87-mx6m-69f3 |
8.2 (3.1)
|
Hono is Vulnerable to Authentication Bypass by IP Spoofing in AWS Lambda ALB conninfo | 2026-02-25T18:02:19Z | 2026-02-27T20:55:22Z |
| ghsa-2phg-qgmm-r638 |
7.7 (4.0)
|
Sliver has Potential Zip Bomb Denial of Service in GzipEncoder | 2026-02-25T17:36:44Z | 2026-02-27T21:46:08Z |
| ghsa-f229-3862-4942 |
10.0 (3.1)
|
@enclave-vm/core is vulnerable to Sandbox Escape | 2026-02-25T17:26:23Z | 2026-02-25T17:26:23Z |
| ghsa-49gm-hh7w-wfvf |
9.9 (3.1)
|
OliveTin: OS Command Injection via `password` argument type and webhook JSON extraction bypasses sh… | 2026-02-25T16:18:22Z | 2026-02-27T21:45:19Z |
| ghsa-2rw7-x74f-jg35 |
1.2 (4.0)
|
pypdf has a possible infinite loop when loading circular /Prev entries in cross-reference streams | 2026-02-25T16:09:03Z | 2026-02-25T16:09:03Z |
| ghsa-xfvg-8v67-j7wp |
6.8 (4.0)
|
TypiCMS Core has Stored Cross-Site Scripting (XSS) via SVG File Upload | 2026-02-25T16:06:59Z | 2026-02-25T16:06:59Z |
| ghsa-vp6q-7m36-pq3w |
9.3 (3.1)
|
Bugsink is vulnerable to Stored XSS via Pygments fallback in stacktrace rendering | 2026-02-25T16:06:00Z | 2026-02-25T16:06:00Z |
| ghsa-fm8c-6m29-rp6j |
6.1 (3.1)
|
repostat: Reflected Cross-Site Scripting (XSS) via repo prop in RepoCard | 2026-02-25T16:04:41Z | 2026-02-25T16:04:41Z |
| ghsa-8vrh-3pm2-v4v6 |
6.5 (3.1)
7.1 (4.0)
|
FileBrowser Quantum: Password Protection Not Enforced on Shared File Links | 2026-02-25T16:00:49Z | 2026-02-27T21:42:54Z |
| ghsa-qrr9-2772-633f |
5.5 (3.1)
|
RF4CE Profile protocol dissector crash in Wireshark 4.6.0 to 4.6.3 and 4.4.0 to 4.4.13 allows denia… | 2026-02-25T15:31:43Z | 2026-02-25T15:31:43Z |
| ID | Severity | Description | Package | Published | Updated |
|---|---|---|---|---|---|
| pysec-2023-234 |
7.5 (3.1)
|
An issue discovered in esptool 4.6.2 allows attackers to view sensitive information via w… | esptool | 2023-11-09T16:15:00Z | 2024-01-02T13:04:16.284694Z |
| pysec-2023-274 |
8.8 (3.1)
|
Label Studio is a multi-type data labeling and annotation tool with standardized output f… | label-studio | 2023-11-09T15:15:00+00:00 | 2024-11-21T14:22:53.173192+00:00 |
| pysec-2023-235 |
7.5 (3.1)
|
An issue was discovered in Couchbase Server 7.2.0. There is a private key leak in debug.l… | couchbase | 2023-11-08T21:15:00Z | 2024-01-03T21:03:33.010228Z |
| pysec-2023-233 |
8.8 (3.1)
|
Exiv2 is a C++ library and a command-line utility to read, write, delete and modify Exif,… | exiv2 | 2023-11-06T18:15:00Z | 2024-01-02T15:20:59.435740Z |
| pysec-2023-227 |
|
An issue was discovered in Pillow before 10.0.0. It is a Denial of Service that uncontrol… | pillow | 2023-11-03T05:15:00+00:00 | 2023-11-03T10:29:41.505456+00:00 |
| pysec-2023-226 |
|
In Django 3.2 before 3.2.22, 4.1 before 4.1.12, and 4.2 before 4.2.6, the django.utils.te… | django | 2023-11-03T05:15:00+00:00 | 2023-11-03T10:29:40.328470+00:00 |
| pysec-2023-225 |
|
In Django 3.2 before 3.2.21, 4.1 before 4.1.11, and 4.2 before 4.2.5, django.utils.encodi… | django | 2023-11-03T05:15:00+00:00 | 2023-11-03T10:29:40.160394+00:00 |
| pysec-2023-223 |
|
Unsafe YAML deserialization in yaml.Loader in transmute-core before 1.13.5 allows attacke… | transmute-core | 2023-11-02T06:15:00+00:00 | 2023-11-02T10:30:07.951105+00:00 |
| pysec-2023-222 |
|
An issue was discovered in Django 3.2 before 3.2.23, 4.1 before 4.1.13, and 4.2 before 4.… | django | 2023-11-02T06:15:00+00:00 | 2023-11-02T10:30:06.341485+00:00 |
| pysec-2023-230 |
5.3 (3.1)
|
Synapse is an open-source Matrix homeserver Prior to versions 1.95.1 and 1.96.0rc1, cache… | matrix-synapse | 2023-10-31T17:15:00+00:00 | 2023-11-08T20:24:49.199333+00:00 |
| pysec-2023-224 |
5.3 (3.1)
|
Twisted is an event-based framework for internet applications. Prior to version 23.10.0rc… | twisted | 2023-10-25T21:15:00+00:00 | 2023-11-02T16:33:16.395026+00:00 |
| pysec-2023-228 |
3.3 (3.1)
|
When installing a package from a Mercurial VCS URL (ie "pip install hg+...") with pip p… | pip | 2023-10-25T18:17:00+00:00 | 2023-11-03T16:28:41.538340+00:00 |
| pysec-2023-221 |
7.5 (3.1)
|
Werkzeug is a comprehensive WSGI web application library. If an upload of a file that sta… | werkzeug | 2023-10-25T18:17:00Z | 2023-11-08T18:38:34.170214Z |
| pysec-2023-220 |
6.5 (3.1)
|
Nautobot is a Network Automation Platform built as a web application atop the Django Pyth… | nautobot | 2023-10-25T18:17:00+00:00 | 2023-11-01T18:30:02.084237+00:00 |
| pysec-2023-218 |
4.3 (3.1)
|
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Apache Airflo… | apache-airflow | 2023-10-23T19:15:00+00:00 | 2023-10-28T05:24:46.485079+00:00 |
| pysec-2023-211 |
|
views/switch.py in django-grappelli (aka Django Grappelli) before 2.15.2 attempts to prev… | django-grappelli | 2023-10-22T19:15:00+00:00 | 2023-10-22T20:22:30.994719+00:00 |
| pysec-2023-210 |
|
views.py in Wagtail CRX CodeRed Extensions (formerly CodeRed CMS or coderedcms) before 0.… | coderedcms | 2023-10-22T19:15:00+00:00 | 2023-10-22T20:22:30.887585+00:00 |
| pysec-2023-217 |
8.8 (3.1)
|
Cross-Site Request Forgery (CSRF) in GitHub repository modoboa/modoboa prior to 2.2.2. | modoboa | 2023-10-20T17:15:00+00:00 | 2023-10-27T20:23:07.873996+00:00 |
| pysec-2023-216 |
5.4 (3.1)
|
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. | modoboa | 2023-10-20T17:15:00+00:00 | 2023-10-27T20:23:07.820957+00:00 |
| pysec-2023-215 |
5.4 (3.1)
|
Cross-site Scripting (XSS) - DOM in GitHub repository modoboa/modoboa prior to 2.2.2. | modoboa | 2023-10-20T17:15:00+00:00 | 2023-10-27T20:23:07.768462+00:00 |
| pysec-2023-214 |
5.4 (3.1)
|
Home assistant is an open source home automation. The audit team’s analyses confirmed tha… | homeassistant | 2023-10-20T00:15:00+00:00 | 2023-10-26T20:24:24.928732+00:00 |
| pysec-2023-229 |
5.4 (3.1)
|
ArchiveBox is an open source self-hosted web archiving system. Any users who are using th… | archivebox | 2023-10-19T22:15:00+00:00 | 2023-11-04T04:27:37.550377+00:00 |
| pysec-2023-213 |
7.5 (3.1)
|
Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive informa… | mycli | 2023-10-19T22:15:00+00:00 | 2023-10-25T22:26:24.480718+00:00 |
| pysec-2023-219 |
2.7 (3.1)
|
Wagtail is an open source content management system built on Django. A user with a limite… | wagtail | 2023-10-19T19:15:00+00:00 | 2023-10-31T20:23:51.857051+00:00 |
| pysec-2023-205 |
|
LangChain before 0.0.317 allows SSRF via document_loaders/recursive_url_loader.py because… | langchain | 2023-10-19T05:15:00+00:00 | 2023-10-19T10:33:05.150766+00:00 |
| pysec-2023-212 |
4.2 (3.1)
|
urllib3 is a user-friendly HTTP client library for Python. urllib3 previously wouldn't re… | urllib3 | 2023-10-17T20:15:00+00:00 | 2023-10-25T18:28:34.811764+00:00 |
| pysec-2023-206 |
7.5 (3.1)
|
NULL Pointer Dereference in GitHub repository seleniumhq/selenium prior to 4.14.0. | selenium | 2023-10-15T23:15:00+00:00 | 2023-10-19T12:51:06.907613+00:00 |
| pysec-2023-207 |
6.1 (3.1)
|
urllib3 before 1.24.2 does not remove the authorization HTTP header when following a cros… | urllib3 | 2023-10-15T19:15:00+00:00 | 2023-10-19T16:33:01.297810+00:00 |
| pysec-2023-204 |
4.3 (3.1)
|
Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an … | apache-airflow | 2023-10-14T10:15:00+00:00 | 2023-10-18T20:24:08.594791+00:00 |
| pysec-2023-203 |
6.5 (3.1)
|
Apache Airflow, in versions prior to 2.7.2, contains a security vulnerability that allows… | apache-airflow | 2023-10-14T10:15:00+00:00 | 2023-10-18T20:24:08.541134+00:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2026-707 | Malicious code in js-unpack (npm) | 2026-02-03T17:41:26Z | 2026-02-06T03:05:24Z |
| mal-2026-706 | Malicious code in @devgandhi/healthpulse (npm) | 2026-02-03T17:39:11Z | 2026-02-06T03:05:22Z |
| mal-2026-705 | Malicious code in @devgandhi/cpp (npm) | 2026-02-03T17:39:11Z | 2026-02-06T03:05:22Z |
| mal-2026-704 | Malicious code in testing-package-xdsfdsfsc (npm) | 2026-02-03T16:22:25Z | 2026-02-07T10:45:40Z |
| mal-2026-703 | Malicious code in @x-clients/features (npm) | 2026-02-03T15:41:03Z | 2026-02-06T03:05:22Z |
| mal-2026-702 | Malicious code in serpapi-python (PyPI) | 2026-02-03T11:52:58Z | 2026-02-03T11:52:58Z |
| mal-2026-701 | Malicious code in filespath (PyPI) | 2026-02-03T10:31:19Z | 2026-02-03T10:31:19Z |
| mal-2026-700 | Malicious code in tabulapys (PyPI) | 2026-02-03T10:04:45Z | 2026-02-03T10:04:45Z |
| mal-2026-699 | Malicious code in tokyo-ppe-test (PyPI) | 2026-02-03T09:32:04Z | 2026-02-03T09:32:04Z |
| mal-2026-698 | Malicious code in tableshow (PyPI) | 2026-02-03T09:30:09Z | 2026-02-03T09:30:09Z |
| mal-2026-697 | Malicious code in pathlib-v2-utility (PyPI) | 2026-02-03T09:17:38Z | 2026-02-03T09:17:38Z |
| mal-2026-696 | Malicious code in pathfiles (PyPI) | 2026-02-03T09:15:58Z | 2026-02-03T10:19:00Z |
| mal-2026-690 | Malicious code in fileupload-util (npm) | 2026-02-03T07:56:03Z | 2026-02-06T03:05:23Z |
| mal-2026-693 | Malicious code in tailwindcss-forms-kit (npm) | 2026-02-03T07:51:18Z | 2026-02-06T03:05:26Z |
| mal-2026-686 | Malicious code in tableapys (PyPI) | 2026-02-03T07:49:06Z | 2026-02-03T09:19:13Z |
| mal-2026-695 | Malicious code in tsconfig-stitch (npm) | 2026-02-03T07:48:27Z | 2026-02-06T03:05:27Z |
| mal-2026-691 | Malicious code in fingerprint-stitch (npm) | 2026-02-03T07:48:27Z | 2026-02-06T03:05:23Z |
| mal-2026-689 | Malicious code in eslint-config-stitch (npm) | 2026-02-03T07:48:27Z | 2026-02-06T03:05:23Z |
| mal-2026-688 | Malicious code in eslint-config-nlx (npm) | 2026-02-03T07:48:27Z | 2026-02-06T03:05:23Z |
| mal-2026-692 | Malicious code in graphrix (npm) | 2026-02-03T07:44:00Z | 2026-02-06T03:05:24Z |
| mal-2026-694 | Malicious code in tarax (npm) | 2026-02-03T07:42:06Z | 2026-02-06T03:05:27Z |
| mal-2026-687 | Malicious code in @uselagoon/ui-library (npm) | 2026-02-03T07:39:16Z | 2026-02-06T03:05:22Z |
| mal-2026-681 | Malicious code in internallib_v782 (npm) | 2026-02-03T07:27:28Z | 2026-02-06T03:05:24Z |
| mal-2026-685 | Malicious code in strengthifys (npm) | 2026-02-03T07:27:10Z | 2026-02-06T03:05:26Z |
| mal-2026-684 | Malicious code in react-responsive-carousel-v4 (npm) | 2026-02-03T07:27:10Z | 2026-02-06T03:05:26Z |
| mal-2026-680 | Malicious code in frontend-js-state-web (npm) | 2026-02-03T07:27:10Z | 2026-02-06T03:05:24Z |
| mal-2026-679 | Malicious code in epic-admin-ui (npm) | 2026-02-03T07:27:10Z | 2026-02-06T03:05:23Z |
| mal-2026-683 | Malicious code in l2-contracts (npm) | 2026-02-03T07:24:02Z | 2026-02-06T03:05:24Z |
| mal-2026-682 | Malicious code in kwp-analytics (npm) | 2026-02-03T07:22:08Z | 2026-02-06T03:05:24Z |
| mal-2026-677 | Malicious code in chai-promise-tools (npm) | 2026-02-03T06:59:53Z | 2026-02-06T03:05:23Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| wid-sec-w-2025-2694 | MariaDB: Schwachstelle ermöglicht Codeausführung | 2025-11-27T23:00:00.000+00:00 | 2026-01-08T23:00:00.000+00:00 |
| wid-sec-w-2025-2693 | CUPS: Mehrere Schwachstellen ermöglichen Denial of Service | 2025-11-27T23:00:00.000+00:00 | 2026-01-27T23:00:00.000+00:00 |
| wid-sec-w-2025-2691 | NCP Secure Enterprise Client: Schwachstelle ermöglicht Ausführen von beliebigem Programmcode mit Administratorrechten | 2025-11-26T23:00:00.000+00:00 | 2025-11-26T23:00:00.000+00:00 |
| wid-sec-w-2025-2690 | MISP: Schwachstelle ermöglicht Offenlegung von Informationen und potenziell Manipulation von Dateien | 2025-11-26T23:00:00.000+00:00 | 2025-11-26T23:00:00.000+00:00 |
| wid-sec-w-2025-2689 | Angular: Schwachstelle ermöglicht Offenlegung von Informationen | 2025-11-26T23:00:00.000+00:00 | 2025-11-26T23:00:00.000+00:00 |
| wid-sec-w-2025-2688 | Microsoft Azure, SharePoint, Defender, Dynamics: Mehrere Schwachstellen | 2025-11-26T23:00:00.000+00:00 | 2025-11-26T23:00:00.000+00:00 |
| wid-sec-w-2025-2687 | Apache CloudStack: Mehrere Schwachstellen | 2025-11-26T23:00:00.000+00:00 | 2025-11-27T23:00:00.000+00:00 |
| wid-sec-w-2025-2686 | Red Hat JBoss Enterprise Application Platform (Eclipse JGit): Schwachstelle ermöglicht Denial of Service | 2025-11-26T23:00:00.000+00:00 | 2025-12-04T23:00:00.000+00:00 |
| wid-sec-w-2025-2685 | Mattermost: Schwachstelle ermöglicht nicht spezifizierten Angriff | 2025-11-26T23:00:00.000+00:00 | 2025-11-26T23:00:00.000+00:00 |
| wid-sec-w-2025-2684 | GitLab: Mehrere Schwachstellen | 2025-11-26T23:00:00.000+00:00 | 2025-11-26T23:00:00.000+00:00 |
| wid-sec-w-2025-2683 | Splunk Enterprise (Add-on für Palo Alto Networks): Schwachstelle ermöglicht Offenlegung von Informationen | 2025-11-26T23:00:00.000+00:00 | 2025-11-26T23:00:00.000+00:00 |
| wid-sec-w-2025-2682 | Tinyproxy: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen | 2025-11-26T23:00:00.000+00:00 | 2025-12-02T23:00:00.000+00:00 |
| wid-sec-w-2025-2681 | IBM App Connect Enterprise: Mehrere Schwachstellen | 2025-11-25T23:00:00.000+00:00 | 2025-11-26T23:00:00.000+00:00 |
| wid-sec-w-2025-2680 | OpenSearch: Schwachstelle ermöglicht Denial of Service | 2025-11-25T23:00:00.000+00:00 | 2025-11-25T23:00:00.000+00:00 |
| wid-sec-w-2025-2679 | Contao: Mehrere Schwachstellen | 2025-11-25T23:00:00.000+00:00 | 2025-11-25T23:00:00.000+00:00 |
| wid-sec-w-2025-2678 | Foreman: Schwachstelle ermöglicht Offenlegung von Informationen | 2025-11-25T23:00:00.000+00:00 | 2025-11-26T23:00:00.000+00:00 |
| wid-sec-w-2025-2677 | OPNsense: Schwachstelle ermöglicht Manipulation von Dateien | 2025-11-25T23:00:00.000+00:00 | 2025-12-23T23:00:00.000+00:00 |
| wid-sec-w-2025-2676 | GeoServer: Mehrere Schwachstellen | 2025-11-25T23:00:00.000+00:00 | 2025-12-11T23:00:00.000+00:00 |
| wid-sec-w-2025-2675 | OpenBao: Schwachstelle ermöglicht Erlangen von Administratorrechten | 2025-11-25T23:00:00.000+00:00 | 2025-11-26T23:00:00.000+00:00 |
| wid-sec-w-2025-2674 | Lenovo PGX Workstation (ThinkStation): Mehrere Schwachstellen | 2025-11-25T23:00:00.000+00:00 | 2025-11-25T23:00:00.000+00:00 |
| wid-sec-w-2025-2673 | Red Hat OpenShift (Trusted Artifact Signer): Schwachstelle ermöglicht Codeausführung | 2025-11-25T23:00:00.000+00:00 | 2025-11-25T23:00:00.000+00:00 |
| wid-sec-w-2025-2672 | Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service | 2025-11-24T23:00:00.000+00:00 | 2026-02-04T23:00:00.000+00:00 |
| wid-sec-w-2025-2671 | D-LINK Router: Mehrere Schwachstellen | 2025-11-24T23:00:00.000+00:00 | 2025-11-24T23:00:00.000+00:00 |
| wid-sec-w-2025-2670 | Fluent Bit: Mehrere Schwachstellen | 2025-11-24T23:00:00.000+00:00 | 2025-11-25T23:00:00.000+00:00 |
| wid-sec-w-2025-2669 | MongoDB: Mehrere Schwachstellen | 2025-11-24T23:00:00.000+00:00 | 2025-11-24T23:00:00.000+00:00 |
| wid-sec-w-2025-2668 | Red Hat Enterprise Linux (CivetWeb library): Schwachstelle ermöglicht Denial of Service | 2025-11-24T23:00:00.000+00:00 | 2025-12-15T23:00:00.000+00:00 |
| wid-sec-w-2025-2667 | Janitza UMG 96-PA und UMG 96-PA-MID+: Schwachstelle ermöglicht Denial of Service | 2025-11-23T23:00:00.000+00:00 | 2025-11-24T23:00:00.000+00:00 |
| wid-sec-w-2025-2666 | vllm und PyTorch: Schwachstelle ermöglicht DoS und potenzielle Codeausführung | 2025-11-23T23:00:00.000+00:00 | 2025-12-16T23:00:00.000+00:00 |
| wid-sec-w-2025-2665 | Hashicorp Terraform (Enterprise, Vault Provider): Mehrere Schwachstellen | 2025-11-23T23:00:00.000+00:00 | 2025-11-23T23:00:00.000+00:00 |
| wid-sec-w-2025-2664 | HCL BigFix: Schwachstelle ermöglicht Manipulation von Daten | 2025-11-23T23:00:00.000+00:00 | 2025-11-23T23:00:00.000+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| ncsc-2025-0088 | Kwetsbaarheden verholpen in Autodesk AutoCAD | 2025-03-14T10:10:13.263645Z | 2025-03-14T10:10:13.263645Z |
| ncsc-2025-0087 | Kwetsbaarheden verholpen in GitLab | 2025-03-14T09:14:59.775984Z | 2025-03-14T09:14:59.775984Z |
| ncsc-2025-0086 | Kwetsbaarheid verholpen in Apple iOS, iPadOS, macOS Sequoia, visionOS en Safari | 2025-03-12T13:48:59.223945Z | 2025-03-12T13:48:59.223945Z |
| ncsc-2025-0085 | Kwetsbaarheid verholpen in Ivanti Secure Access Client | 2025-03-12T11:00:45.614633Z | 2025-03-12T11:00:45.614633Z |
| ncsc-2025-0084 | Kwetsbaarheden verholpen in Adobe Acrobat Reader | 2025-03-12T10:56:00.883114Z | 2025-03-12T10:56:00.883114Z |
| ncsc-2025-0083 | Kwetsbaarheden verholpen in Fortinet FortiSandbox | 2025-03-12T10:51:18.487649Z | 2025-03-12T10:51:18.487649Z |
| ncsc-2025-0082 | Kwetsbaarheden verholpen in FortiOS, FortiProxy, FortiPAM, FortiSRA en FortiWeb. | 2025-03-12T10:46:38.451715Z | 2025-03-12T10:46:38.451715Z |
| ncsc-2025-0081 | Kwetsbaarheden verholpen in Microsoft Azure | 2025-03-11T18:45:19.628300Z | 2025-03-11T18:45:19.628300Z |
| ncsc-2025-0080 | Kwetsbaarheden verholpen in Microsoft Office | 2025-03-11T18:44:43.336447Z | 2025-03-11T18:44:43.336447Z |
| ncsc-2025-0079 | Kwetsbaarheden verholpen in Microsoft Developer Tools | 2025-03-11T18:44:07.766518Z | 2025-03-11T18:44:07.766518Z |
| ncsc-2025-0078 | Kwetsbaarheden verholpen in Microsoft Windows | 2025-03-11T18:43:14.505624Z | 2025-03-11T18:43:14.505624Z |
| ncsc-2025-0077 | Kwetsbaarheden verholpen in Siemens producten | 2025-03-11T12:30:29.277759Z | 2025-03-11T12:30:29.277759Z |
| ncsc-2025-0076 | Kwetsbaarheden verholpen in SAP software | 2025-03-11T12:20:06.258896Z | 2025-03-11T12:20:06.258896Z |
| ncsc-2025-0075 | Kwetsbaarheid verholpen in Elastic Kibana | 2025-03-07T13:51:51.509917Z | 2025-03-07T13:51:51.509917Z |
| ncsc-2025-0074 | Kwetsbaarheden verholpen in IBM Storage producten | 2025-03-04T14:14:48.398751Z | 2025-03-04T14:14:48.398751Z |
| ncsc-2025-0073 | Kwetsbaarheden verholpen in VMware producten | 2025-03-04T14:11:56.959153Z | 2025-03-04T14:11:56.959153Z |
| ncsc-2025-0072 | Kwetsbaarheden verholpen in Google Android en Samsung Mobile | 2025-03-04T10:15:32.203439Z | 2025-03-04T10:15:32.203439Z |
| ncsc-2025-0071 | Kwetsbaarheid verholpen in Zohocorp ManageEngine ADSelfService Plus | 2025-03-03T14:11:46.709999Z | 2025-03-03T14:11:46.709999Z |
| ncsc-2025-0070 | Kwetsbaarheden verholpen in GitLab | 2025-03-03T14:10:30.120360Z | 2025-03-03T14:10:30.120360Z |
| ncsc-2025-0069 | Kwetsbaarheid verholpen in MITRE Caldera | 2025-02-25T07:42:48.535179Z | 2025-02-25T07:42:48.535179Z |
| ncsc-2025-0068 | Kwetsbaarheden verholpen in Mattermost | 2025-02-24T12:04:19.392654Z | 2025-02-24T12:04:19.392654Z |
| ncsc-2025-0067 | Kwetsbaarheid verholpen in Exim | 2025-02-21T12:54:32.376733Z | 2025-02-21T12:54:32.376733Z |
| ncsc-2025-0066 | Kwetsbaarheid verholpen in XWiki | 2025-02-21T12:33:24.503983Z | 2025-02-21T12:33:24.503983Z |
| ncsc-2025-0065 | Kwetsbaarheden verholpen in Nagios XI | 2025-02-21T12:32:41.120020Z | 2025-02-21T12:32:41.120020Z |
| ncsc-2025-0064 | Kwetsbaarheden verholpen in IBM Cognos Controller | 2025-02-21T08:40:26.849797Z | 2025-02-21T08:40:26.849797Z |
| ncsc-2025-0063 | Kwetsbaarheid verholpen in PostgreSQL | 2025-02-19T09:11:55.511966Z | 2025-02-19T09:11:55.511966Z |
| ncsc-2025-0062 | Kwetsbaarheid verholpen in Juniper Session Smart Router | 2025-02-18T14:25:56.916762Z | 2025-02-18T14:25:56.916762Z |
| ncsc-2025-0061 | Kwetsbaarheden verholpen in Siemens producten | 2025-02-14T08:46:28.240775Z | 2025-02-14T08:46:28.240775Z |
| ncsc-2025-0060 | Kwetsbaarheid verholpen in Veeam | 2025-02-13T09:48:03.729080Z | 2025-02-13T09:48:03.729080Z |
| ncsc-2025-0059 | Kwetsbaarheid verholpen in Fortinet FortiOS | 2025-02-13T09:29:35.625977Z | 2025-02-13T09:29:35.625977Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| ssa-337210 | SSA-337210: Privilege Escalation Vulnerability in SINUMERIK MC | 2022-03-08T00:00:00Z | 2022-03-08T00:00:00Z |
| ssa-252466 | SSA-252466: Multiple Vulnerabilities in Climatix POL909 (AWM and AWB) | 2022-03-08T00:00:00Z | 2022-03-08T00:00:00Z |
| ssa-250085 | SSA-250085: Multiple Vulnerabilities in SINEC NMS and SINEMA Server | 2022-03-08T00:00:00Z | 2023-10-10T00:00:00Z |
| ssa-223353 | SSA-223353: Multiple Vulnerabilities in Nucleus RTOS based SIMOTICS CONNECT 400 | 2022-03-08T00:00:00Z | 2022-03-08T00:00:00Z |
| ssa-166747 | SSA-166747: Scene File Parsing Vulnerability in Simcenter STAR-CCM+ Viewer before V2022.1 | 2022-03-08T00:00:00Z | 2022-03-08T00:00:00Z |
| ssa-155599 | SSA-155599: File Parsing Vulnerabilities in COMOS | 2022-03-08T00:00:00Z | 2022-03-08T00:00:00Z |
| ssa-148641 | SSA-148641: XPath Constraint Vulnerability in Mendix Runtime | 2022-03-08T00:00:00Z | 2024-10-08T00:00:00Z |
| ssa-134279 | SSA-134279: Vulnerability in Mendix Forgot Password Appstore module | 2022-03-08T00:00:00Z | 2022-03-08T00:00:00Z |
| ssa-949188 | SSA-949188: File Parsing Vulnerabilities in Simcenter Femap before V2022.1.1 | 2022-02-17T00:00:00Z | 2022-02-17T00:00:00Z |
| ssa-914168 | SSA-914168: Multiple Vulnerabilities in SIMATIC WinCC Affecting Other SIMATIC Software Products | 2022-02-08T00:00:00Z | 2022-08-09T00:00:00Z |
| ssa-838121 | SSA-838121: Multiple Denial of Service Vulnerabilities in Industrial Products | 2022-02-08T00:00:00Z | 2023-04-11T00:00:00Z |
| ssa-831168 | SSA-831168: Cross-Site Scripting Vulnerability in Spectrum Power 4 | 2022-02-08T00:00:00Z | 2022-02-08T00:00:00Z |
| ssa-669737 | SSA-669737: Improper Access Control Vulnerability in SICAM TOOLBOX II | 2022-02-08T00:00:00Z | 2022-08-09T00:00:00Z |
| ssa-654775 | SSA-654775: Open Redirect Vulnerability in SINEMA Remote Connect Server | 2022-02-08T00:00:00Z | 2022-02-08T00:00:00Z |
| ssa-609880 | SSA-609880: File Parsing Vulnerabilities in Simcenter Femap before V2022.1 | 2022-02-08T00:00:00Z | 2022-02-08T00:00:00Z |
| ssa-539476 | SSA-539476: Siemens SIMATIC NET CP, SINEMA and SCALANCE Products Affected by Vulnerabilities in Third-Party Component strongSwan | 2022-02-08T00:00:00Z | 2023-03-14T00:00:00Z |
| ssa-244969 | SSA-244969: OpenSSL Vulnerability in Industrial Products | 2022-02-08T00:00:00Z | 2023-04-11T00:00:00Z |
| ssa-995338 | SSA-995338: Multiple Vulnerabilities in COMOS Web | 2022-01-11T00:00:00Z | 2022-04-12T00:00:00Z |
| ssa-845392 | SSA-845392: Multiple Vulnerabilities in Nucleus RTOS based Siemens Energy PLUSCONTROL 1st Gen Devices | 2022-01-11T00:00:00Z | 2022-01-11T00:00:00Z |
| ssa-439673 | SSA-439673: Information Disclosure Vulnerability in SIPROTEC 5 Devices | 2022-01-11T00:00:00Z | 2022-01-11T00:00:00Z |
| ssa-173318 | SSA-173318: Unquoted Search Path Vulnerability in SICAM PQ Analyzer | 2022-01-11T00:00:00Z | 2022-01-11T00:00:00Z |
| ssa-784507 | SSA-784507: Apache Log4j Vulnerability (CVE-2021-44832) via JDBC Appender - Impact to Siemens Products | 2021-12-28T00:00:00Z | 2021-12-28T00:00:00Z |
| ssa-479842 | SSA-479842: Apache Log4j Vulnerabilities - Impact to Siemens Energy Sensformer / Sensgear (Platform, Basic and Advanced) | 2021-12-21T00:00:00Z | 2021-12-23T00:00:00Z |
| ssa-397453 | SSA-397453: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to Siemens Energy TraceAlertServerPLUS | 2021-12-20T00:00:00Z | 2021-12-20T00:00:00Z |
| ssa-501673 | SSA-501673: Apache Log4j Denial of Service Vulnerability (CVE-2021-45105) - Impact to Siemens Products | 2021-12-19T00:00:00Z | 2021-12-19T00:00:00Z |
| ssa-714170 | SSA-714170: Apache Log4j Vulnerabilities (Log4Shell, CVE-2021-44228, CVE-2021-45046) - Impact to SPPA-T3000 | 2021-12-16T00:00:00Z | 2022-02-08T00:00:00Z |
| ssa-595101 | SSA-595101: Multiple File Parsing Vulnerabilities in JT2Go and Teamcenter Visualization before V13.2.0.5 | 2021-12-14T00:00:00Z | 2021-12-14T00:00:00Z |
| ssa-523250 | SSA-523250: Improper Certificate Validation Vulnerability in SINUMERIK Edge | 2021-12-14T00:00:00Z | 2021-12-14T00:00:00Z |
| ssa-496292 | SSA-496292: Remote Code Execution Vulnerability in POWER METER SICAM Q100 | 2021-12-14T00:00:00Z | 2021-12-14T00:00:00Z |
| ssa-463116 | SSA-463116: Multiple Access Control Vulnerabilities in Siveillance Identity before V1.6.284.0 | 2021-12-14T00:00:00Z | 2021-12-14T00:00:00Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2026:1485 | Red Hat Security Advisory: RHUI 4.11.3 security update - python-urllib3 | 2026-01-28T11:24:11+00:00 | 2026-02-17T12:41:21+00:00 |
| rhsa-2026:1478 | Red Hat Security Advisory: python3.9 security update | 2026-01-28T10:54:02+00:00 | 2026-02-16T14:15:13+00:00 |
| rhsa-2026:1477 | Red Hat Security Advisory: curl security update | 2026-01-28T10:09:46+00:00 | 2026-02-11T14:41:11+00:00 |
| rhsa-2026:1473 | Red Hat Security Advisory: openssl security update | 2026-01-28T10:08:56+00:00 | 2026-02-12T19:26:47+00:00 |
| rhsa-2026:1475 | Red Hat Security Advisory: openssl security update | 2026-01-28T09:21:36+00:00 | 2026-02-04T01:03:35+00:00 |
| rhsa-2026:1472 | Red Hat Security Advisory: openssl security update | 2026-01-28T09:06:06+00:00 | 2026-02-12T19:26:44+00:00 |
| rhsa-2026:1471 | Red Hat Security Advisory: thunderbird security update | 2026-01-28T08:32:01+00:00 | 2026-02-09T13:26:42+00:00 |
| rhsa-2026:1468 | Red Hat Security Advisory: gnupg2 security update | 2026-01-28T07:58:16+00:00 | 2026-02-11T15:13:23+00:00 |
| rhsa-2026:1465 | Red Hat Security Advisory: glib2 security update | 2026-01-28T06:53:11+00:00 | 2026-02-13T19:05:03+00:00 |
| rhsa-2026:1462 | Red Hat Security Advisory: thunderbird security update | 2026-01-28T04:22:41+00:00 | 2026-02-09T13:26:42+00:00 |
| rhsa-2026:1461 | Red Hat Security Advisory: thunderbird security update | 2026-01-28T04:08:15+00:00 | 2026-02-09T13:26:39+00:00 |
| rhsa-2026:1444 | Red Hat Security Advisory: kernel security update | 2026-01-28T00:57:25+00:00 | 2026-02-16T14:22:36+00:00 |
| rhsa-2026:1442 | Red Hat Security Advisory: kernel security update | 2026-01-28T00:42:29+00:00 | 2026-02-10T19:01:35+00:00 |
| rhsa-2026:1441 | Red Hat Security Advisory: kernel security update | 2026-01-28T00:38:19+00:00 | 2026-02-16T14:15:09+00:00 |
| rhsa-2026:1445 | Red Hat Security Advisory: kernel security update | 2026-01-28T00:33:29+00:00 | 2026-02-16T19:39:41+00:00 |
| rhsa-2026:1443 | Red Hat Security Advisory: kernel-rt security update | 2026-01-28T00:26:44+00:00 | 2026-02-16T14:15:06+00:00 |
| rhsa-2026:1431 | Red Hat Security Advisory: Red Hat OpenShift distributed tracing platform (Tempo) 3.8.2 release | 2026-01-27T20:01:40+00:00 | 2026-02-17T12:41:21+00:00 |
| rhsa-2026:1429 | Red Hat Security Advisory: php:8.3 security update | 2026-01-27T19:37:59+00:00 | 2026-02-11T01:03:47+00:00 |
| rhsa-2026:1409 | Red Hat Security Advisory: php:8.2 security update | 2026-01-27T18:07:34+00:00 | 2026-02-11T01:03:42+00:00 |
| rhsa-2026:1412 | Red Hat Security Advisory: php:8.2 security update | 2026-01-27T17:44:24+00:00 | 2026-02-11T01:03:45+00:00 |
| rhsa-2026:0978 | Red Hat Security Advisory: OpenShift Container Platform 4.20.12 bug fix and security update | 2026-01-27T17:40:19+00:00 | 2026-02-12T13:27:09+00:00 |
| rhsa-2026:1410 | Red Hat Security Advisory: python3.11 security update | 2026-01-27T17:32:53+00:00 | 2026-02-16T14:15:05+00:00 |
| rhsa-2026:1408 | Red Hat Security Advisory: python3.12 security update | 2026-01-27T17:29:58+00:00 | 2026-02-16T14:15:03+00:00 |
| rhsa-2026:1414 | Red Hat Security Advisory: thunderbird security update | 2026-01-27T17:28:09+00:00 | 2026-02-09T13:26:44+00:00 |
| rhsa-2026:1415 | Red Hat Security Advisory: thunderbird security update | 2026-01-27T17:16:19+00:00 | 2026-02-09T13:26:41+00:00 |
| rhsa-2026:1413 | Red Hat Security Advisory: thunderbird security update | 2026-01-27T17:10:39+00:00 | 2026-02-09T13:26:39+00:00 |
| rhsa-2026:1416 | Red Hat Security Advisory: Red Hat build of OpenTelemetry 3.8.2 release | 2026-01-27T16:53:57+00:00 | 2026-02-17T12:41:20+00:00 |
| rhsa-2026:1377 | Red Hat Security Advisory: image-builder security update | 2026-01-27T16:34:13+00:00 | 2026-02-17T08:01:29+00:00 |
| rhsa-2026:1381 | Red Hat Security Advisory: osbuild-composer security update | 2026-01-27T16:31:53+00:00 | 2026-02-17T08:01:32+00:00 |
| rhsa-2026:1379 | Red Hat Security Advisory: osbuild-composer security update | 2026-01-27T16:11:53+00:00 | 2026-02-17T08:01:31+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| icsa-25-140-03 | Danfoss AK-SM 8xxA Series (Update A) | 2025-05-20T06:00:00.000000Z | 2025-08-26T06:00:00.000000Z |
| icsa-25-140-02 | National Instruments Circuit Design Suite | 2025-05-20T06:00:00.000000Z | 2025-05-20T06:00:00.000000Z |
| icsa-25-140-01 | ABUP IoT Cloud Platform | 2025-05-20T06:00:00.000000Z | 2025-05-20T06:00:00.000000Z |
| icsa-25-140-04 | Mitsubishi Electric Iconics Digital Solutions and Mitsubishi Electric Products (Update E) | 2025-05-20T04:00:00.000000Z | 2026-02-12T05:00:00.000000Z |
| va-25-136-01 | IBM Security Guardium stored cross-site scripting | 2025-05-16T20:14:51Z | 2025-06-16T00:00:00Z |
| icsa-25-135-20 | Schneider Electric EcoStruxure Power Build Rapsody | 2025-05-15T06:00:00.000000Z | 2025-05-15T06:00:00.000000Z |
| icsa-25-135-19 | ECOVACS DEEBOT Vacuum and Base Station (Update A) | 2025-05-15T06:00:00.000000Z | 2025-07-10T06:00:00.000000Z |
| icsa-25-140-05 | Siemens Siveillance Video | 2025-05-14T00:00:00.000000Z | 2025-05-14T00:00:00.000000Z |
| icsa-25-133-04 | ABB Automation Builder | 2025-05-13T06:00:00.000000Z | 2025-05-13T06:00:00.000000Z |
| icsa-25-153-02 | Schneider Electric EcoStruxure Power Build Rapsody | 2025-05-13T04:00:00.000000Z | 2025-05-13T04:00:00.000000Z |
| icsa-25-140-08 | Schneider Electric Modicon Controllers (Update B) | 2025-05-13T04:00:00.000000Z | 2025-10-14T07:00:00.000000Z |
| icsa-25-140-07 | Schneider Electric Galaxy VS, Galaxy VL, Galaxy VXL (Update A) | 2025-05-13T04:00:00.000000Z | 2025-09-24T04:00:00.000000Z |
| icsa-25-140-06 | Schneider Electric PrismaSeT Active - Wireless Panel Server | 2025-05-13T04:00:00.000000Z | 2025-05-13T04:00:00.000000Z |
| icsa-25-148-02 | Siemens SiPass Integrated | 2025-05-13T00:00:00.000000Z | 2025-05-13T00:00:00.000000Z |
| icsa-25-135-18 | Siemens SCALANCE LPE9403 | 2025-05-13T00:00:00.000000Z | 2025-05-13T00:00:00.000000Z |
| icsa-25-135-17 | Siemens RUGGEDCOM ROX II | 2025-05-13T00:00:00.000000Z | 2025-11-11T00:00:00.000000Z |
| icsa-25-135-16 | Siemens MS/TP Point Pickup Module | 2025-05-13T00:00:00.000000Z | 2025-05-13T00:00:00.000000Z |
| icsa-25-135-15 | Siemens Mendix OIDC SSO | 2025-05-13T00:00:00.000000Z | 2025-11-11T00:00:00.000000Z |
| icsa-25-135-14 | Siemens APOGEE PXC and TALON TC Series | 2025-05-13T00:00:00.000000Z | 2025-05-13T00:00:00.000000Z |
| icsa-25-135-13 | Siemens SIRIUS | 2025-05-13T00:00:00.000000Z | 2025-05-13T00:00:00.000000Z |
| icsa-25-135-12 | Siemens SIMATIC PCS | 2025-05-13T00:00:00.000000Z | 2025-05-13T00:00:00.000000Z |
| icsa-25-135-11 | Siemens Polarion | 2025-05-13T00:00:00.000000Z | 2025-05-13T00:00:00.000000Z |
| icsa-25-135-10 | Siemens OZW Web Servers | 2025-05-13T00:00:00.000000Z | 2025-05-13T00:00:00.000000Z |
| icsa-25-135-09 | Siemens User Management Component (UMC) | 2025-05-13T00:00:00.000000Z | 2025-10-14T00:00:00.000000Z |
| icsa-25-135-08 | Siemens VersiCharge AC Series EV Chargers | 2025-05-13T00:00:00.000000Z | 2025-05-13T00:00:00.000000Z |
| icsa-25-135-07 | Siemens SIMATIC IPC RS-828A | 2025-05-13T00:00:00.000000Z | 2025-08-12T00:00:00.000000Z |
| icsa-25-135-06 | Siemens Teamcenter Visualization | 2025-05-13T00:00:00.000000Z | 2025-05-13T00:00:00.000000Z |
| icsa-25-135-05 | Siemens SIPROTEC and SICAM | 2025-05-13T00:00:00.000000Z | 2025-11-11T00:00:00.000000Z |
| icsa-25-135-04 | Siemens Desigo | 2025-05-13T00:00:00.000000Z | 2025-05-13T00:00:00.000000Z |
| icsa-25-135-03 | Siemens BACnet ATEC Devices | 2025-05-13T00:00:00.000000Z | 2025-05-13T00:00:00.000000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| cisco-sa-iosxr-acl-bypass-rzu5nl3e | Cisco IOS XR Software MPLS and Pseudowire Interfaces Access Control List Bypass Vulnerabilities | 2024-03-13T16:00:00+00:00 | 2024-03-13T16:00:00+00:00 |
| cisco-sa-secure-privesc-syxqo6ds | Cisco Secure Client for Linux with ISE Posture Module Privilege Escalation Vulnerability | 2024-03-06T16:00:00+00:00 | 2024-03-06T16:00:00+00:00 |
| cisco-sa-secure-client-crlf-w43v4g7 | Cisco Secure Client Carriage Return Line Feed Injection Vulnerability | 2024-03-06T16:00:00+00:00 | 2024-03-12T14:17:07+00:00 |
| cisco-sa-sb-wap-multi-85g83crb | Cisco Small Business 100, 300, and 500 Series Wireless Access Points Command Injection and Buffer Overflow Vulnerabilities | 2024-03-06T16:00:00+00:00 | 2024-03-06T16:00:00+00:00 |
| cisco-sa-duo-win-bypass-pn42kkbm | Cisco Duo Authentication for Windows Logon and RDP Authentication Bypass Vulnerability | 2024-03-06T16:00:00+00:00 | 2024-03-06T16:00:00+00:00 |
| cisco-sa-duo-infodisc-rlceqm6t | Cisco Duo Authentication for Windows Logon and RDP Information Disclosure Vulnerability | 2024-03-06T16:00:00+00:00 | 2024-03-08T18:23:38+00:00 |
| cisco-sa-appd-xss-3jwqsmnt | Cisco AppDynamics Controller Cross-Site Scripting Vulnerability | 2024-03-06T16:00:00+00:00 | 2024-03-06T16:00:00+00:00 |
| cisco-sa-appd-traversal-m7n8mzpf | Cisco AppDynamics Controller Path Traversal Vulnerability | 2024-03-06T16:00:00+00:00 | 2024-03-06T16:00:00+00:00 |
| cisco-sa-ucsfi-imm-syn-p6kztdqc | Cisco UCS 6400 and 6500 Series Fabric Interconnects Intersight Managed Mode Denial of Service Vulnerability | 2024-02-28T16:00:00+00:00 | 2024-02-28T16:00:00+00:00 |
| cisco-sa-nxos-po-acl-tkyepgvl | Cisco Nexus 3000 and 9000 Series Switches Port Channel ACL Programming Vulnerability | 2024-02-28T16:00:00+00:00 | 2024-02-28T16:00:00+00:00 |
| cisco-sa-nxos-lldp-dos-z7pnctgt | Cisco FXOS and NX-OS Software Link Layer Discovery Protocol Denial of Service Vulnerability | 2024-02-28T16:00:00+00:00 | 2024-02-28T16:00:00+00:00 |
| cisco-sa-nxos-ebgp-dos-l3qcwvj | Cisco NX-OS Software External Border Gateway Protocol Denial of Service Vulnerability | 2024-02-28T16:00:00+00:00 | 2024-02-28T16:00:00+00:00 |
| cisco-sa-ipv6-mpls-dos-r9ycxkwm | Cisco NX-OS Software MPLS Encapsulated IPv6 Denial of Service Vulnerability | 2024-02-28T16:00:00+00:00 | 2024-02-28T16:00:00+00:00 |
| cisco-sa-cuic-access-control-jjszqmjj | Cisco Unified Intelligence Center Insufficient Access Control Vulnerability | 2024-02-21T16:00:00+00:00 | 2024-02-21T16:00:00+00:00 |
| cisco-sa-expressway-csrf-knnzdmj3 | Cisco Expressway Series Cross-Site Request Forgery Vulnerabilities | 2024-02-07T16:00:00+00:00 | 2024-02-12T17:55:43+00:00 |
| cisco-sa-clamav-hdffu6t | ClamAV OLE2 File Format Parsing Denial of Service Vulnerability | 2024-02-07T16:00:00+00:00 | 2024-02-13T17:57:43+00:00 |
| cisco-sa-sb-bus-acl-bypass-5zn9hnjk | Cisco Small Business Series Switches Stacked Reload ACL Bypass Vulnerability | 2024-01-24T16:00:00+00:00 | 2024-01-24T16:00:00+00:00 |
| cisco-sa-cucm-rce-bwnzqcum | Cisco Unified Communications Products Remote Code Execution Vulnerability | 2024-01-24T16:00:00+00:00 | 2024-01-30T19:16:46+00:00 |
| cisco-sa-cuc-xss-9tfuu5ms | Cisco Unity Connection Cross-Site Scripting Vulnerability | 2024-01-24T16:00:00+00:00 | 2024-01-24T16:00:00+00:00 |
| cisco-sa-tms-portal-xss-axnevg3s | Cisco TelePresence Management Suite Cross-Site Scripting Vulnerabilities | 2024-01-10T16:00:00+00:00 | 2024-01-12T15:18:40+00:00 |
| cisco-sa-thouseyes-privesc-dmzhg3qv | Cisco ThousandEyes Enterprise Agent Virtual Appliance Privilege Escalation Vulnerability | 2024-01-10T16:00:00+00:00 | 2024-01-10T16:00:00+00:00 |
| cisco-sa-sb-wap-inject-bhstwgxo | Cisco WAP371 Wireless Access Point Command Injection Vulnerability | 2024-01-10T16:00:00+00:00 | 2024-01-10T16:00:00+00:00 |
| cisco-sa-pi-epnm-wkzjeyeq | Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure Vulnerabilities | 2024-01-10T16:00:00+00:00 | 2024-01-10T16:00:00+00:00 |
| cisco-sa-ise-xss-bl4vtml | Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerability | 2024-01-10T16:00:00+00:00 | 2024-01-10T16:00:00+00:00 |
| cisco-sa-cuc-unauth-afu-froyscsd | Cisco Unity Connection Unauthenticated Arbitrary File Upload Vulnerability | 2024-01-10T16:00:00+00:00 | 2024-02-05T17:23:14+00:00 |
| cisco-sa-broadworks-xss-6syj82ju | Cisco BroadWorks Application Delivery Platform and Xtended Services Platform Stored Cross-Site Scripting Vulnerability | 2024-01-10T16:00:00+00:00 | 2024-01-23T17:43:55+00:00 |
| cisco-sa-struts-c2kcmkmt | Apache Struts Vulnerability Affecting Cisco Products: December 2023 | 2023-12-12T16:00:00+00:00 | 2023-12-21T22:23:04+00:00 |
| cisco-sa-asa-ssl-vpn-y88qom77 | Cisco Adaptive Security Appliance and Firepower Threat Defense Software VPN Packet Validation Vulnerability | 2023-12-05T16:00:00+00:00 | 2023-12-05T16:00:00+00:00 |
| cisco-sa-uipphone-xss-ncmuykqa | Cisco IP Phone Stored Cross-Site Scripting Vulnerability | 2023-11-15T16:00:00+00:00 | 2023-11-15T16:00:00+00:00 |
| cisco-sa-secure-endpoint-dos-rzogfknd | Cisco Secure Endpoint for Windows Scanning Evasion Vulnerability | 2023-11-15T16:00:00+00:00 | 2023-11-15T16:00:00+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2025-68763 | crypto: starfive - Correctly handle return of sg_nents_for_len | 2026-01-02T00:00:00.000Z | 2026-02-21T04:08:57.000Z |
| msrc_cve-2025-68759 | wifi: rtl818x: Fix potential memory leaks in rtl8180_init_rx_ring() | 2026-01-02T00:00:00.000Z | 2026-02-18T02:52:26.000Z |
| msrc_cve-2025-68758 | backlight: led-bl: Add devlink to supplier LEDs | 2026-01-02T00:00:00.000Z | 2026-02-21T04:09:56.000Z |
| msrc_cve-2025-68757 | drm/vgem-fence: Fix potential deadlock on release | 2026-01-02T00:00:00.000Z | 2026-02-18T02:53:29.000Z |
| msrc_cve-2025-68756 | block: Use RCU in blk_mq_[un]quiesce_tagset() instead of set->tag_list_lock | 2026-01-02T00:00:00.000Z | 2026-02-18T02:54:14.000Z |
| msrc_cve-2025-68755 | staging: most: remove broken i2c driver | 2026-01-02T00:00:00.000Z | 2026-02-21T04:05:35.000Z |
| msrc_cve-2025-68753 | ALSA: firewire-motu: add bounds check in put_user loop for DSP events | 2026-01-02T00:00:00.000Z | 2026-02-21T04:06:54.000Z |
| msrc_cve-2025-68471 | Avahi has a reachable assertion in lookup_start | 2026-01-02T00:00:00.000Z | 2026-02-18T14:12:53.000Z |
| msrc_cve-2025-68468 | Avahi has a reachable assertion in lookup_multicast_callback | 2026-01-02T00:00:00.000Z | 2026-02-18T14:12:12.000Z |
| msrc_cve-2025-68276 | Avahi has a reachable assertion in avahi_wide_area_scan_cache | 2026-01-02T00:00:00.000Z | 2026-02-18T14:11:33.000Z |
| msrc_cve-2025-68151 | CoreDNS gRPC/HTTPS/HTTP3 servers lack resource limits, enabling DoS via unbounded connections and oversized messages | 2026-01-02T00:00:00.000Z | 2026-02-19T01:14:17.000Z |
| msrc_cve-2025-62291 | In the eap-mschapv2 plugin (client-side) in strongSwan before 6.0.3, a malicious EAP-MSCHAPv2 server can send a crafted message of size 6 through 8, and cause an integer underflow that potentially results in a heap-based buffer overflow. | 2026-01-02T00:00:00.000Z | 2026-02-18T14:53:23.000Z |
| msrc_cve-2025-56226 | Libsndfile <=1.2.2 contains a memory leak vulnerability in the mpeg_l3_encoder_init() function within the mpeg_l3_encode.c file. | 2026-01-02T00:00:00.000Z | 2026-02-18T15:03:32.000Z |
| msrc_cve-2025-24528 | In MIT Kerberos 5 (aka krb5) before 1.22 (with incremental propagation), there is an integer overflow for a large update size to resize() in kdb_log.c. An authenticated attacker can cause an out-of-bounds write and kadmind daemon crash. | 2026-01-02T00:00:00.000Z | 2026-02-18T15:03:11.000Z |
| msrc_cve-2025-15444 | Crypt::Sodium::XS module versions prior to 0.000042, for Perl, include a vulnerable version of libsodium | 2026-01-02T00:00:00.000Z | 2026-02-21T03:41:16.000Z |
| msrc_cve-2025-15281 | wordexp with WRDE_REUSE and WRDE_APPEND may return uninitialized memory | 2026-01-02T00:00:00.000Z | 2026-02-18T15:01:17.000Z |
| msrc_cve-2025-15224 | libssh key passphrase bypass without agent set | 2026-01-02T00:00:00.000Z | 2026-02-21T03:22:11.000Z |
| msrc_cve-2025-15079 | libssh global known_hosts override | 2026-01-02T00:00:00.000Z | 2026-02-21T03:33:13.000Z |
| msrc_cve-2025-14819 | OpenSSL partial chain store policy bypass | 2026-01-02T00:00:00.000Z | 2026-02-21T03:37:04.000Z |
| msrc_cve-2025-14524 | bearer token leak on cross-protocol redirect | 2026-01-02T00:00:00.000Z | 2026-02-21T03:27:56.000Z |
| msrc_cve-2025-14017 | broken TLS options for threaded LDAPS | 2026-01-02T00:00:00.000Z | 2026-02-21T03:15:49.000Z |
| msrc_cve-2025-13151 | CVE-2025-13151 | 2026-01-02T00:00:00.000Z | 2026-02-19T01:11:53.000Z |
| msrc_cve-2025-13034 | No QUIC certificate pinning with GnuTLS | 2026-01-02T00:00:00.000Z | 2026-02-21T04:14:52.000Z |
| msrc_cve-2025-14174 | Chromium: CVE-2025-14174 Out of bounds memory access in ANGLE | 2025-12-09T08:00:00.000Z | 2025-12-15T08:00:00.000Z |
| msrc_cve-2025-65046 | Microsoft Edge (Chromium-based) Spoofing Vulnerability | 2025-12-09T00:00:00.000Z | 2026-02-20T08:00:00.000Z |
| msrc_cve-2025-65041 | Microsoft Partner Center Elevation of Privilege Vulnerability | 2025-12-09T00:00:00.000Z | 2025-12-18T00:00:00.000Z |
| msrc_cve-2025-65037 | Azure Container Apps Remote Code Execution Vulnerability | 2025-12-09T00:00:00.000Z | 2025-12-18T00:00:00.000Z |
| msrc_cve-2025-64680 | Windows DWM Core Library Elevation of Privilege Vulnerability | 2025-12-09T00:00:00.000Z | 2025-12-23T00:00:00.000Z |
| msrc_cve-2025-64679 | Windows DWM Core Library Elevation of Privilege Vulnerability | 2025-12-09T00:00:00.000Z | 2026-01-14T00:00:00.000Z |
| msrc_cve-2025-64678 | Windows Routing and Remote Access Service (RRAS) Remote Code Execution Vulnerability | 2025-12-09T00:00:00.000Z | 2026-01-14T00:00:00.000Z |
| ID | Description | Updated |
|---|---|---|
| var-201710-1408 | An issue was discovered in certain Apple products. iOS before 11 is affected. Safari befo… | 2025-12-22T22:34:27.661000Z |
| var-201311-0106 | Heap-based buffer overflow in Ruby 1.8, 1.9 before 1.9.3-p484, 2.0 before 2.0.0-p353, 2.1… | 2025-12-22T22:34:27.141000Z |
| var-201606-0395 | The xmlParseElementDecl function in parser.c in libxml2 before 2.9.4 allows context-depen… | 2025-12-22T22:34:26.489000Z |
| var-201210-0145 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java … | 2025-12-22T22:34:25.356000Z |
| var-202102-1093 | An issue was discovered in GNOME GLib before 2.66.6 and 2.67.x before 2.67.3. The functio… | 2025-12-22T22:34:25.203000Z |
| var-201109-0214 | Use-after-free vulnerability in Google Chrome before 14.0.835.163 allows remote attackers… | 2025-12-22T22:34:24.370000Z |
| var-202108-2087 | A logic issue was addressed with improved restrictions. This issue is fixed in macOS Mont… | 2025-12-22T22:34:08.609000Z |
| var-201504-0064 | The (1) mod_dav_svn and (2) svnserve servers in Subversion 1.6.0 through 1.7.19 and 1.8.0… | 2025-12-22T22:34:08.047000Z |
| var-201006-1234 | Cross-site scripting (XSS) vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X… | 2025-12-22T22:33:44.614000Z |
| var-200502-0025 | The der_chop script in the openssl package in Trustix Secure Linux 1.5 through 2.1 and ot… | 2025-12-22T22:33:43.233000Z |
| var-201910-1509 | The BGP parser in tcpdump before 4.9.3 has a buffer over-read in print-bgp.c:bgp_attr_pri… | 2025-12-22T22:32:14.530000Z |
| var-200904-0809 | The JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.1… | 2025-12-22T22:32:13.599000Z |
| var-202210-1202 | Git is an open source, scalable, distributed revision control system. Versions prior to 2… | 2025-12-22T22:32:13.147000Z |
| var-201904-0745 | Multiple memory corruption issues were addressed with improved memory handling. This issu… | 2025-12-22T22:31:39.715000Z |
| var-200703-0011 | Heap-based buffer overflow in Apple QuickTime before 7.1.5 allows remote user-assisted at… | 2025-12-22T22:31:01.718000Z |
| var-200711-0560 | Perl-Compatible Regular Expression (PCRE) library before 7.3 backtracks too far when matc… | 2025-12-22T22:31:01.195000Z |
| var-201912-0606 | An input validation issue was addressed with improved input validation. This issue is fix… | 2025-12-22T22:31:00.948000Z |
| var-201006-0052 | Cross-site scripting (XSS) vulnerability in the WEBrick HTTP server in Ruby in Apple Mac … | 2025-12-22T22:30:54.449000Z |
| var-201912-0457 | A validation issue was addressed with improved logic. This issue is fixed in iOS 12.2, tv… | 2025-12-22T22:30:20.247000Z |
| var-201904-1433 | A memory corruption issue was addressed with improved validation. This issue affected ver… | 2025-12-22T22:30:19.718000Z |
| var-201210-0343 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java … | 2025-12-22T22:30:19.463000Z |
| var-201006-1169 | Use-after-free vulnerability in WebKit in Apple Safari before 5.0 on Mac OS X 10.5 throug… | 2025-12-22T22:30:19.406000Z |
| var-201304-0303 | Unspecified vulnerability in the Java Runtime Environment (JRE) component in Oracle Java … | 2025-12-22T22:30:15.112000Z |
| var-201503-0052 | Use-after-free vulnerability in the d2i_ECPrivateKey function in crypto/ec/ec_asn1.c in O… | 2025-12-22T22:30:14.968000Z |
| var-201904-1411 | A cross-origin issue existed with "iframe" elements. This was addressed with improved tra… | 2025-12-22T22:30:04.531000Z |
| var-201506-0498 | The X509_cmp_time function in crypto/x509/x509_vfy.c in OpenSSL before 0.9.8zg, 1.0.0 bef… | 2025-12-22T22:30:04.156000Z |
| var-202002-1243 | There is a use-after-free vulnerability in the Linux kernel through 5.5.2 in the n_tty_re… | 2025-12-22T22:30:03.034000Z |
| var-202205-0855 | Heap buffer overflow in vim_strncpy find_word in GitHub repository vim/vim prior to 8.2.4… | 2025-12-22T22:29:43.644000Z |
| var-201605-0075 | Integer overflow in the EVP_EncodeUpdate function in crypto/evp/encode.c in OpenSSL befor… | 2025-12-22T22:29:09.895000Z |
| var-200512-0293 | Heap-based buffer overflow in LibSystem in Mac OS X 10.4 through 10.4.5 allows context-de… | 2025-12-22T22:29:09.833000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| jvndb-2024-000034 | SonicDICOM Media Viewer may insecurely load Dynamic Link Libraries | 2024-03-27T14:31+09:00 | 2024-03-27T14:31+09:00 |
| jvndb-2024-003025 | Multiple vulnerabilities in ELECOM wireless LAN routers | 2024-03-27T14:26+09:00 | 2024-11-27T14:34+09:00 |
| jvndb-2024-000905 | Mini Thread vulnerable to cross-site scripting | 2024-03-26T17:43+09:00 | 2024-03-26T17:43+09:00 |
| jvndb-2024-000906 | ffBull vulnerable to OS command injection | 2024-03-26T16:07+09:00 | 2024-03-26T16:07+09:00 |
| jvndb-2024-000900 | "EasyRange" may insecurely load executable files | 2024-03-26T15:50+09:00 | 2024-03-26T15:50+09:00 |
| jvndb-2024-000907 | 0ch BBS Script (0ch) vulnerable to cross-site scripting | 2024-03-26T15:35+09:00 | 2024-03-26T15:35+09:00 |
| jvndb-2024-000902 | TvRock vulnerable to cross-site scripting | 2024-03-26T14:27+09:00 | 2024-03-26T14:27+09:00 |
| jvndb-2024-000904 | WebProxy vulnerable to OS command injection | 2024-03-26T14:19+09:00 | 2024-03-26T14:19+09:00 |
| jvndb-2023-025113 | BUFFALO LinkStation 200 series vulnerable to arbitrary code execution | 2024-03-25T18:16+09:00 | 2024-03-25T18:16+09:00 |
| jvndb-2024-003016 | Multiple vulnerabilities in home gateway HGW BL1500HM | 2024-03-25T17:28+09:00 | 2025-03-28T12:01+09:00 |
| jvndb-2024-000033 | WordPress Plugin "easy-popup-show" vulnerable to cross-site request forgery | 2024-03-25T13:31+09:00 | 2024-03-25T13:31+09:00 |
| jvndb-2024-003008 | Sangoma Technologies CG/MG family driver cg6kwin2k.sys vulnerable to insufficient access control on its IOCTL | 2024-03-22T13:50+09:00 | 2024-04-24T11:45+09:00 |
| jvndb-2024-000032 | Multiple vulnerabilities in FitNesse | 2024-03-18T14:08+09:00 | 2024-03-19T11:02+09:00 |
| jvndb-2024-000031 | "ABEMA" App for Android fails to restrict access permissions | 2024-03-15T16:37+09:00 | 2024-03-15T16:37+09:00 |
| jvndb-2024-002961 | Information Exposure Vulnerability in Cosminexus Component Container | 2024-03-13T12:10+09:00 | 2024-03-13T12:10+09:00 |
| jvndb-2024-000030 | a-blog cms vulnerable to directory traversal | 2024-03-08T15:27+09:00 | 2024-03-08T15:27+09:00 |
| jvndb-2024-002942 | OMRON NJ/NX series vulnerable to path traversal | 2024-03-08T14:16+09:00 | 2024-03-08T14:16+09:00 |
| jvndb-2024-000028 | Multiple vulnerabilities in SKYSEA Client View | 2024-03-07T16:09+09:00 | 2024-07-29T18:13+09:00 |
| jvndb-2024-000027 | FUJIFILM Business Innovation Corp. printers vulnerable to cross-site request forgery | 2024-03-06T18:24+09:00 | 2024-03-06T18:24+09:00 |
| jvndb-2024-000026 | Multiple vulnerabilities in printers and scanners which implement BROTHER Web Based Management | 2024-03-06T18:12+09:00 | 2024-03-06T18:12+09:00 |
| jvndb-2024-000029 | Toyoko Inn official App vulnerable to improper server certificate verification | 2024-03-06T13:53+09:00 | 2024-03-06T13:53+09:00 |
| jvndb-2024-000025 | Protection mechanism failure in RevoWorks | 2024-02-29T15:40+09:00 | 2024-02-29T15:40+09:00 |
| jvndb-2024-000024 | OET-213H-BTS1 missing authorization check in the initial configuration | 2024-02-29T14:59+09:00 | 2024-02-29T14:59+09:00 |
| jvndb-2024-000023 | OpenPNE plugin "opTimelinePlugin" vulnerable to cross-site scripting | 2024-02-29T13:12+09:00 | 2024-02-29T13:12+09:00 |
| jvndb-2024-000022 | Multiple vulnerabilities in baserCMS | 2024-02-27T14:25+09:00 | 2024-02-27T14:25+09:00 |
| jvndb-2024-002831 | ELECOM wireless LAN routers vulnerable to OS command injection | 2024-02-22T08:15+09:00 | 2026-02-04T12:02+09:00 |
| jvndb-2024-002832 | EL Injection Vulnerability in Hitachi Global Link Manager | 2024-02-21T15:53+09:00 | 2024-02-21T15:53+09:00 |
| jvndb-2024-000020 | Multiple vulnerabilities in ELECOM wireless LAN routers and wireless LAN repeater | 2024-02-20T14:14+09:00 | 2024-11-26T15:26+09:00 |
| jvndb-2024-002560 | Android App "Mopria Print Service" vulnerable to improper intent handling | 2024-02-15T15:26+09:00 | 2024-02-15T15:26+09:00 |
| jvndb-2024-000019 | a-blog cms vulnerable to URL spoofing | 2024-02-15T14:12+09:00 | 2024-02-15T14:12+09:00 |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| suse-su-2026:20073-1 | Security update for libpng16 | 2026-01-12T11:15:01Z | 2026-01-12T11:15:01Z |
| suse-su-2026:20030-1 | Security update for libpng16 | 2026-01-12T11:15:01Z | 2026-01-12T11:15:01Z |
| suse-su-2026:0099-1 | Security update for ImageMagick | 2026-01-12T10:37:47Z | 2026-01-12T10:37:47Z |
| suse-su-2026:0107-1 | Security update for the Linux Kernel (Live Patch 31 for SUSE Linux Enterprise 15 SP5) | 2026-01-12T10:34:47Z | 2026-01-12T10:34:47Z |
| suse-su-2026:0090-1 | Security update for the Linux Kernel (Live Patch 24 for SUSE Linux Enterprise 15 SP5) | 2026-01-12T10:34:10Z | 2026-01-12T10:34:10Z |
| suse-su-2026:20071-1 | Security update for python-tornado6 | 2026-01-12T10:30:08Z | 2026-01-12T10:30:08Z |
| suse-su-2026:20028-1 | Security update for python-tornado6 | 2026-01-12T10:30:08Z | 2026-01-12T10:30:08Z |
| suse-su-2026:20070-1 | Security update for avahi | 2026-01-11T16:54:30Z | 2026-01-11T16:54:30Z |
| suse-su-2026:20027-1 | Security update for avahi | 2026-01-11T16:54:30Z | 2026-01-11T16:54:30Z |
| suse-su-2026:0087-1 | Security update for libheif | 2026-01-09T15:19:44Z | 2026-01-09T15:19:44Z |
| suse-su-2026:0086-1 | Security update for php8 | 2026-01-09T15:01:56Z | 2026-01-09T15:01:56Z |
| suse-su-2026:0085-1 | Security update for libpng16 | 2026-01-09T15:01:38Z | 2026-01-09T15:01:38Z |
| suse-su-2026:20050-1 | Security update for libvirt | 2026-01-09T11:04:23Z | 2026-01-09T11:04:23Z |
| suse-su-2026:20049-1 | Security update for openvswitch | 2026-01-09T10:54:58Z | 2026-01-09T10:54:58Z |
| suse-su-2026:0083-1 | Security update for gimp | 2026-01-09T09:12:59Z | 2026-01-09T09:12:59Z |
| suse-su-2026:0082-1 | Security update for python-filelock | 2026-01-09T09:12:48Z | 2026-01-09T09:12:48Z |
| suse-su-2026:0081-1 | Security update for poppler | 2026-01-09T08:02:02Z | 2026-01-09T08:02:02Z |
| suse-su-2026:0080-1 | Security update for libvirt | 2026-01-09T08:01:44Z | 2026-01-09T08:01:44Z |
| suse-su-2026:0079-1 | Security update for libvirt | 2026-01-09T08:01:29Z | 2026-01-09T08:01:29Z |
| suse-su-2026:0078-1 | Security update for curl | 2026-01-09T07:07:10Z | 2026-01-09T07:07:10Z |
| suse-su-2026:0077-1 | Security update for curl | 2026-01-08T19:04:00Z | 2026-01-08T19:04:00Z |
| suse-su-2026:20048-1 | Security update for libpcap | 2026-01-08T16:29:06Z | 2026-01-08T16:29:06Z |
| suse-su-2026:20047-1 | Security update for python311 | 2026-01-08T16:27:35Z | 2026-01-08T16:27:35Z |
| suse-su-2026:20064-1 | Security update for libpcap | 2026-01-08T16:16:36Z | 2026-01-08T16:16:36Z |
| suse-su-2026:20045-1 | Security update for glib2 | 2026-01-08T16:00:18Z | 2026-01-08T16:00:18Z |
| suse-su-2026:20044-1 | Security update for rsync | 2026-01-08T15:49:46Z | 2026-01-08T15:49:46Z |
| suse-su-2026:20043-1 | Security update for python-tornado6 | 2026-01-08T15:48:09Z | 2026-01-08T15:48:09Z |
| suse-su-2026:20042-1 | Security update for curl | 2026-01-08T15:18:54Z | 2026-01-08T15:18:54Z |
| suse-su-2026:20041-1 | Security update for bluez | 2026-01-08T15:07:04Z | 2026-01-08T15:07:04Z |
| suse-su-2026:20062-1 | Security update for curl | 2026-01-08T14:51:21Z | 2026-01-08T14:51:21Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| opensuse-su-2025:20133-1 | Security update for python-cbor2 | 2025-12-02T13:51:41Z | 2025-12-02T13:51:41Z |
| opensuse-su-2025:20132-1 | Security update for strongswan | 2025-12-02T13:11:59Z | 2025-12-02T13:11:59Z |
| opensuse-su-2025:15793-1 | gegl-0.4.64-3.1 on GA media | 2025-12-02T00:00:00Z | 2025-12-02T00:00:00Z |
| opensuse-su-2025:15792-1 | python39-3.9.24-2.1 on GA media | 2025-12-01T00:00:00Z | 2025-12-01T00:00:00Z |
| opensuse-su-2025:15791-1 | python315-3.15.0~a1-2.1 on GA media | 2025-12-01T00:00:00Z | 2025-12-01T00:00:00Z |
| opensuse-su-2025:15790-1 | python-mistralclient-doc-6.1.0-1.1 on GA media | 2025-12-01T00:00:00Z | 2025-12-01T00:00:00Z |
| opensuse-su-2025:15789-1 | libecpg6-18.1-1.1 on GA media | 2025-12-01T00:00:00Z | 2025-12-01T00:00:00Z |
| opensuse-su-2025:15788-1 | lightdm-kde-greeter-6.0.5-1.1 on GA media | 2025-12-01T00:00:00Z | 2025-12-01T00:00:00Z |
| opensuse-su-2025:20125-1 | Security update for java-17-openjdk | 2025-11-28T10:27:02Z | 2025-11-28T10:27:02Z |
| opensuse-su-2025:20123-1 | Security update for java-21-openjdk | 2025-11-28T09:35:08Z | 2025-11-28T09:35:08Z |
| opensuse-su-2025:20122-1 | Security update for openssh | 2025-11-28T07:46:24Z | 2025-11-28T07:46:24Z |
| opensuse-su-2025:15787-1 | python311-salt-3006.0-52.1 on GA media | 2025-11-28T00:00:00Z | 2025-11-28T00:00:00Z |
| opensuse-su-2025:15786-1 | postgresql17-17.7-1.1 on GA media | 2025-11-28T00:00:00Z | 2025-11-28T00:00:00Z |
| opensuse-su-2025:15785-1 | postgresql16-16.11-1.1 on GA media | 2025-11-28T00:00:00Z | 2025-11-28T00:00:00Z |
| opensuse-su-2025:15784-1 | postgresql15-15.15-1.1 on GA media | 2025-11-28T00:00:00Z | 2025-11-28T00:00:00Z |
| opensuse-su-2025:15783-1 | postgresql14-14.20-1.1 on GA media | 2025-11-28T00:00:00Z | 2025-11-28T00:00:00Z |
| opensuse-su-2025:15782-1 | postgresql13-13.23-1.1 on GA media | 2025-11-28T00:00:00Z | 2025-11-28T00:00:00Z |
| opensuse-su-2025:15781-1 | libpng16-16-1.6.51-1.1 on GA media | 2025-11-28T00:00:00Z | 2025-11-28T00:00:00Z |
| opensuse-su-2025:15780-1 | libcoap-devel-4.3.5a-1.1 on GA media | 2025-11-28T00:00:00Z | 2025-11-28T00:00:00Z |
| opensuse-su-2025:15779-1 | helm3-3.19.2-1.1 on GA media | 2025-11-28T00:00:00Z | 2025-11-28T00:00:00Z |
| opensuse-su-2025:20113-1 | Security update for dovecot24 | 2025-11-27T20:17:17Z | 2025-11-27T20:17:17Z |
| opensuse-su-2025:20114-1 | Security update for himmelblau | 2025-11-27T20:16:29Z | 2025-11-27T20:16:29Z |
| opensuse-su-2025:20106-1 | Security update for tomcat11 | 2025-11-27T15:43:26Z | 2025-11-27T15:43:26Z |
| opensuse-su-2025:20116-1 | Security update for rnp | 2025-11-27T12:39:03Z | 2025-11-27T12:39:03Z |
| opensuse-su-2025:20118-1 | Security update for gitea-tea | 2025-11-27T12:30:27Z | 2025-11-27T12:30:27Z |
| opensuse-su-2025:20119-1 | Security update for tcpreplay | 2025-11-27T12:29:40Z | 2025-11-27T12:29:40Z |
| opensuse-su-2025:20115-1 | Security update for pnpm | 2025-11-27T12:28:46Z | 2025-11-27T12:28:46Z |
| opensuse-su-2025:20117-1 | Security update for trivy | 2025-11-27T12:27:44Z | 2025-11-27T12:27:44Z |
| opensuse-su-2025:20100-1 | Security update for libvirt | 2025-11-27T10:23:20Z | 2025-11-27T10:23:20Z |
| opensuse-su-2025:20099-1 | Security update for xwayland | 2025-11-27T10:11:16Z | 2025-11-27T10:11:16Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| bit-minio-2025-62506 | MinIO vulnerable to privilege escalation via session policy bypass in service accounts and STS | 2025-10-21T09:34:30.739Z | 2025-10-24T15:07:36.996Z |
| bit-powershell-2025-25004 | PowerShell Elevation of Privilege Vulnerability | 2025-10-21T08:49:11.753Z | 2025-10-21T09:07:40.239Z |
| bit-envoy-2025-62504 | Envoy Lua filter use-after-free when oversized rewritten response body causes crash | 2025-10-21T08:41:18.087Z | 2025-11-06T13:25:46.476Z |
| bit-envoy-2025-62409 | Envoy allows large requests and responses to cause TCP connection pool crash | 2025-10-21T08:41:16.273Z | 2025-10-21T09:07:40.239Z |
| bit-valkey-2025-48367 | Redis DoS Vulnerability due to bad connection error handling | 2025-10-16T12:08:13.783Z | 2025-11-06T13:25:46.476Z |
| bit-valkey-2025-32023 | Redis allows out of bounds writes in hyperloglog commands leading to RCE | 2025-10-16T12:07:58.321Z | 2026-02-05T09:10:30.960Z |
| bit-redis-2025-48367 | Redis DoS Vulnerability due to bad connection error handling | 2025-10-16T12:07:00.720Z | 2025-10-16T12:31:38.153Z |
| bit-redis-2025-32023 | Redis allows out of bounds writes in hyperloglog commands leading to RCE | 2025-10-16T12:06:41.782Z | 2026-02-05T09:10:30.960Z |
| bit-keydb-2025-48367 | Redis DoS Vulnerability due to bad connection error handling | 2025-10-16T12:00:55.638Z | 2025-10-16T12:31:38.153Z |
| bit-keydb-2025-32023 | Redis allows out of bounds writes in hyperloglog commands leading to RCE | 2025-10-16T12:00:41.031Z | 2026-02-05T09:10:30.960Z |
| bit-valkey-2025-49844 | Redis Lua Use-After-Free may lead to remote code execution | 2025-10-16T09:19:55.260Z | 2025-11-06T13:25:46.476Z |
| bit-valkey-2025-49112 | 2025-10-16T09:19:52.847Z | 2026-02-11T09:09:18.507Z | |
| bit-redis-2025-49844 | Redis Lua Use-After-Free may lead to remote code execution | 2025-10-16T09:18:53.323Z | 2025-11-06T13:25:46.476Z |
| bit-keydb-2025-49844 | Redis Lua Use-After-Free may lead to remote code execution | 2025-10-16T09:12:52.562Z | 2025-11-06T13:25:46.476Z |
| bit-wildfly-2025-23367 | Org.wildfly.core:wildfly-server: wildfly improper rbac permission | 2025-10-15T08:51:55.776Z | 2026-02-11T09:09:18.507Z |
| bit-pytorch-2025-55560 | 2025-10-15T08:50:02.845Z | 2025-10-15T09:08:35.035Z | |
| bit-mastodon-2025-62176 | Mastadon streaming server allows OAuth clients without the `read` scope to subscribe to public channels | 2025-10-15T08:44:06.235Z | 2026-01-08T18:07:34.629Z |
| bit-mastodon-2025-62175 | Mastodon streaming API fails to disconnect disabled and suspended users | 2025-10-15T08:44:04.530Z | 2026-01-08T18:07:34.629Z |
| bit-mastodon-2025-62174 | Mastodon allows continued access after password reset via CLI | 2025-10-15T08:44:02.890Z | 2026-01-08T18:07:34.629Z |
| bit-python-2025-8291 | ZIP64 End of Central Directory (EOCD) Locator record offset not checked | 2025-10-14T09:30:19.669Z | 2025-12-04T12:07:39.656Z |
| bit-python-2024-5642 | Buffer overread when using an empty list with SSLContext.set_npn_protocols() | 2025-10-14T09:29:29.557Z | 2025-10-14T09:53:39.450Z |
| bit-libpython-2025-8291 | ZIP64 End of Central Directory (EOCD) Locator record offset not checked | 2025-10-14T09:25:48.465Z | 2025-12-04T12:07:39.656Z |
| bit-libpython-2024-5642 | Buffer overread when using an empty list with SSLContext.set_npn_protocols() | 2025-10-14T09:24:35.254Z | 2025-10-14T09:53:39.450Z |
| bit-kibana-2025-25018 | Kibana Stored Cross-Site Scripting (XSS) | 2025-10-14T08:43:02.190Z | 2025-11-06T13:25:46.476Z |
| bit-kibana-2025-25017 | Kibana Stored Cross-Site Scripting (XSS) | 2025-10-14T08:43:00.623Z | 2025-11-06T13:25:46.476Z |
| bit-elk-2025-25018 | Kibana Stored Cross-Site Scripting (XSS) | 2025-10-14T08:39:59.187Z | 2025-11-06T13:25:46.476Z |
| bit-elk-2025-25017 | Kibana Stored Cross-Site Scripting (XSS) | 2025-10-14T08:39:57.577Z | 2025-11-06T13:25:46.476Z |
| bit-elasticsearch-2025-37727 | Elasticsearch Insertion of sensitive information in log file | 2025-10-14T08:39:50.514Z | 2025-10-14T09:09:11.030Z |
| bit-gitlab-2025-2934 | Allocation of Resources Without Limits or Throttling in GitLab | 2025-10-11T09:05:29.864Z | 2025-10-21T09:07:40.239Z |
| bit-gitlab-2025-11340 | Incorrect Authorization in GitLab | 2025-10-11T09:04:34.616Z | 2025-10-11T09:07:57.990Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| drupal-contrib-2019-066 | 2019-09-18T15:07:56.000Z | 2023-08-11T18:34:46.000Z | |
| drupal-contrib-2019-065 | 2019-08-21T14:52:51.000Z | 2023-08-11T18:34:31.000Z | |
| drupal-contrib-2019-064 | 2019-08-14T17:33:20.000Z | 2023-08-11T18:34:14.000Z | |
| drupal-contrib-2019-063 | 2019-08-14T17:26:13.000Z | 2023-08-11T18:33:56.000Z | |
| drupal-contrib-2019-062 | 2019-08-14T17:14:00.000Z | 2023-08-11T18:33:31.000Z | |
| drupal-contrib-2019-060 | 2019-07-24T17:36:23.000Z | 2023-08-11T18:32:38.000Z | |
| drupal-contrib-2019-058 | 2019-07-24T16:31:19.000Z | 2023-08-11T18:32:08.000Z | |
| drupal-contrib-2019-055 | 2019-07-10T16:30:00.000Z | 2023-08-11T18:39:41.000Z | |
| drupal-contrib-2019-050 | 2019-05-22T16:29:17.000Z | 2023-08-11T18:37:20.000Z | |
| drupal-contrib-2019-048 | 2019-05-15T17:13:59.000Z | 2023-08-11T18:36:19.000Z | |
| drupal-contrib-2019-047 | 2019-05-15T17:09:57.000Z | 2023-08-11T18:35:51.000Z | |
| drupal-contrib-2019-046 | 2019-05-15T17:07:58.000Z | 2023-08-11T18:46:39.000Z | |
| drupal-contrib-2019-039 | 2019-03-20T13:26:14.000Z | 2023-08-11T18:43:25.000Z | |
| drupal-contrib-2019-033 | 2019-03-06T18:16:22.000Z | 2023-08-11T18:50:05.000Z | |
| drupal-contrib-2019-030 | 2019-02-27T17:28:36.000Z | 2023-08-11T18:48:35.000Z | |
| drupal-contrib-2019-025 | 2019-02-20T17:56:44.000Z | 2023-08-11T18:57:13.000Z | |
| drupal-contrib-2019-024 | 2019-02-20T17:49:58.000Z | 2023-08-11T18:56:41.000Z | |
| drupal-contrib-2019-023 | 2019-02-20T17:47:47.000Z | 2023-08-11T18:56:27.000Z | |
| drupal-contrib-2019-022 | 2019-02-20T17:44:08.000Z | 2023-08-11T18:55:29.000Z | |
| drupal-contrib-2019-021 | 2019-02-20T17:39:43.000Z | 2023-08-11T18:55:05.000Z | |
| drupal-contrib-2019-019 | 2019-02-20T17:37:45.000Z | 2023-08-11T18:53:47.000Z | |
| drupal-contrib-2019-014 | 2019-02-06T18:13:19.000Z | 2023-08-11T19:23:01.000Z | |
| drupal-contrib-2019-013 | 2019-02-06T17:36:06.000Z | 2023-08-11T19:22:41.000Z | |
| drupal-contrib-2019-010 | 2019-01-23T18:22:41.000Z | 2023-08-11T19:00:18.000Z | |
| drupal-contrib-2019-004 | 2019-01-23T17:01:58.000Z | 2023-08-11T19:25:48.000Z | |
| drupal-contrib-2018-081 | 2018-12-19T17:53:49.000Z | 2023-08-11T21:10:49.000Z | |
| drupal-contrib-2018-078 | 2018-12-05T19:24:02.000Z | 2023-08-11T21:09:51.000Z | |
| drupal-contrib-2018-074 | 2018-11-28T17:32:56.000Z | 2023-08-11T21:15:17.000Z | |
| drupal-contrib-2018-073 | 2018-10-31T17:53:57.000Z | 2023-08-11T21:14:25.000Z | |
| drupal-contrib-2018-071 | 2018-10-31T14:59:17.000Z | 2023-08-11T21:13:17.000Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| cnvd-2026-04232 | Apple macOS Tahoe存在未明漏洞(CNVD-2026-04232) | 2025-12-25 | 2026-01-16 |
| cnvd-2026-04231 | Apple macOS Tahoe拒绝服务漏洞 | 2025-12-25 | 2026-01-16 |
| cnvd-2026-04230 | Apple macOS Tahoe信息泄露漏洞 | 2025-12-25 | 2026-01-16 |
| cnvd-2026-04229 | Apple macOS Tahoe安全绕过漏洞 | 2025-12-25 | 2026-01-16 |
| cnvd-2026-04187 | WordPress插件Download Manager信息泄露漏洞 | 2025-12-25 | 2026-01-16 |
| cnvd-2026-04186 | WordPress插件All In One SEO Pack信息泄露漏洞 | 2025-12-25 | 2026-01-16 |
| cnvd-2026-03178 | Growatt ShineLan-X跨站脚本漏洞(CNVD-2026-0317861) | 2025-12-25 | 2026-01-09 |
| cnvd-2026-03177 | Growatt ShineLan-X跨站脚本漏洞 | 2025-12-25 | 2026-01-09 |
| cnvd-2026-03176 | Growatt ShineLan-X身份验证绕过漏洞(CNVD-2026-0317664) | 2025-12-25 | 2026-01-09 |
| cnvd-2026-03175 | Growatt ShineLan-X身份验证绕过漏洞 | 2025-12-25 | 2026-01-09 |
| cnvd-2026-03174 | Growatt ShineLan-X硬编码漏洞(CNVD-2026-0317468) | 2025-12-25 | 2026-01-09 |
| cnvd-2026-03173 | Growatt ShineLan-X硬编码漏洞 | 2025-12-25 | 2026-01-09 |
| cnvd-2026-03172 | Foxit PDF Editor Cloud跨站脚本漏洞(CNVD-2026-0317271) | 2025-12-25 | 2026-01-09 |
| cnvd-2026-03171 | Foxit PDF Editor Cloud跨站脚本漏洞(CNVD-2026-0317172) | 2025-12-25 | 2026-01-09 |
| cnvd-2026-03170 | Foxit PDF Editor Cloud跨站脚本漏洞(CNVD-2026-0317073) | 2025-12-25 | 2026-01-09 |
| cnvd-2026-03169 | Foxit PDF Editor Cloud跨站脚本漏洞(CNVD-2026-0316975) | 2025-12-25 | 2026-01-09 |
| cnvd-2026-03168 | Foxit PDF Editor Cloud跨站脚本漏洞(CNVD-2026-0316876) | 2025-12-25 | 2026-01-09 |
| cnvd-2026-03167 | Foxit PDF Editor Cloud跨站脚本漏洞(CNVD-2026-0316777) | 2025-12-25 | 2026-01-09 |
| cnvd-2026-03166 | Foxit PDF Editor Cloud跨站脚本漏洞 | 2025-12-25 | 2026-01-09 |
| cnvd-2026-03011 | Mozilla Firefox代码执行漏洞(CNVD-2026-03011) | 2025-12-25 | 2026-01-13 |
| cnvd-2026-02992 | Mozilla Firefox for iOS欺骗漏洞(CNVD-2026-02992) | 2025-12-25 | 2026-01-13 |
| cnvd-2026-02991 | Mozilla Firefox内存错误引用漏洞(CNVD-2026-02991) | 2025-12-25 | 2026-01-13 |
| cnvd-2026-00837 | Online Appointment Booking System clinic参数SQL注入漏洞 | 2025-12-25 | 2026-01-06 |
| cnvd-2026-00836 | ChurchCRM特权提升漏洞 | 2025-12-25 | 2026-01-06 |
| cnvd-2026-00835 | Student File Management System跨站脚本漏洞 | 2025-12-25 | 2026-01-05 |
| cnvd-2026-00834 | Student File Management System user_id参数SQL注入漏洞 | 2025-12-25 | 2026-01-05 |
| cnvd-2026-00833 | Student File Management System update_student.php文件SQL注入漏洞 | 2025-12-25 | 2026-01-05 |
| cnvd-2026-00832 | Student File Management System save_user.php文件SQL注入漏洞 | 2025-12-25 | 2026-01-05 |
| cnvd-2026-00831 | Student File Management System /save_student.php文件SQL注入漏洞 | 2025-12-25 | 2026-01-05 |
| cnvd-2026-00830 | Student File Management System stud_no参数SQL注入漏洞 | 2025-12-25 | 2026-01-05 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certfr-2025-avi-0979 | Multiples vulnérabilités dans le noyau Linux de SUSE | 2025-11-07T00:00:00.000000 | 2025-11-07T00:00:00.000000 |
| certfr-2025-avi-0978 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-11-07T00:00:00.000000 | 2025-11-07T00:00:00.000000 |
| certfr-2025-avi-0977 | Multiples vulnérabilités dans le noyau Linux d'Ubuntu | 2025-11-07T00:00:00.000000 | 2025-11-07T00:00:00.000000 |
| certfr-2025-avi-0976 | Multiples vulnérabilités dans Microsoft Edge | 2025-11-07T00:00:00.000000 | 2025-11-07T00:00:00.000000 |
| certfr-2025-avi-0975 | Vulnérabilité dans Elastic Defend | 2025-11-07T00:00:00.000000 | 2025-11-07T00:00:00.000000 |
| certfr-2025-avi-0974 | Multiples vulnérabilités dans Apple iOS et iPadOS | 2025-11-06T00:00:00.000000 | 2025-11-06T00:00:00.000000 |
| certfr-2025-avi-0973 | Multiples vulnérabilités dans Google Chrome | 2025-11-06T00:00:00.000000 | 2025-11-06T00:00:00.000000 |
| certfr-2025-avi-0972 | Multiples vulnérabilités dans Suricata | 2025-11-06T00:00:00.000000 | 2025-11-06T00:00:00.000000 |
| certfr-2025-avi-0971 | Vulnérabilité dans Mattermost Server | 2025-11-06T00:00:00.000000 | 2025-11-06T00:00:00.000000 |
| certfr-2025-avi-0970 | Multiples vulnérabilités dans Synacor Zimbra Collaboration | 2025-11-06T00:00:00.000000 | 2026-01-23T00:00:00.000000 |
| certfr-2025-avi-0969 | Multiples vulnérabilités dans les produits VMware | 2025-11-06T00:00:00.000000 | 2025-11-06T00:00:00.000000 |
| certfr-2025-avi-0968 | Multiples vulnérabilités dans les produits Cisco | 2025-11-06T00:00:00.000000 | 2025-11-06T00:00:00.000000 |
| certfr-2025-avi-0967 | Multiples vulnérabilités dans les produits VMware | 2025-11-05T00:00:00.000000 | 2025-11-05T00:00:00.000000 |
| certfr-2025-avi-0966 | Multiples vulnérabilités dans les produits Microsoft | 2025-11-05T00:00:00.000000 | 2025-11-05T00:00:00.000000 |
| certfr-2025-avi-0965 | Multiples vulnérabilités dans MISP | 2025-11-05T00:00:00.000000 | 2025-11-05T00:00:00.000000 |
| certfr-2025-avi-0964 | Vulnérabilité dans Curl | 2025-11-05T00:00:00.000000 | 2025-11-05T00:00:00.000000 |
| certfr-2025-avi-0963 | Multiples vulnérabilités dans Google Android | 2025-11-04T00:00:00.000000 | 2025-11-04T00:00:00.000000 |
| certfr-2025-avi-0962 | Vulnérabilité dans Dovecot | 2025-11-04T00:00:00.000000 | 2025-11-04T00:00:00.000000 |
| certfr-2025-avi-0961 | Multiples vulnérabilités dans les produits Apple | 2025-11-04T00:00:00.000000 | 2025-11-04T00:00:00.000000 |
| certfr-2025-avi-0960 | Multiples vulnérabilités dans VMware Tanzu | 2025-11-04T00:00:00.000000 | 2025-11-04T00:00:00.000000 |
| certfr-2025-avi-0959 | Vulnérabilité dans Python | 2025-11-04T00:00:00.000000 | 2025-11-04T00:00:00.000000 |
| certfr-2025-avi-0958 | Multiples vulnérabilités dans Tenable Identity Exposure | 2025-11-04T00:00:00.000000 | 2025-11-04T00:00:00.000000 |
| certfr-2025-avi-0957 | Multiples vulnérabilités dans Moodle | 2025-11-03T00:00:00.000000 | 2025-11-04T00:00:00.000000 |
| certfr-2025-avi-0956 | Multiples vulnérabilités dans MariaDB | 2025-11-03T00:00:00.000000 | 2025-11-03T00:00:00.000000 |
| certfr-2025-avi-0955 | Multiples vulnérabilités dans Microsoft Edge | 2025-11-03T00:00:00.000000 | 2025-11-03T00:00:00.000000 |
| certfr-2025-avi-0954 | Multiples vulnérabilités dans Liferay | 2025-11-03T00:00:00.000000 | 2025-11-14T00:00:00.000000 |
| certfr-2025-avi-0953 | Vulnérabilité dans Elastic Cloud Enterprise | 2025-11-03T00:00:00.000000 | 2025-11-03T00:00:00.000000 |
| certfr-2025-avi-0952 | Vulnérabilité dans Mattermost Server | 2025-11-03T00:00:00.000000 | 2025-11-03T00:00:00.000000 |
| certfr-2025-avi-0951 | Multiples vulnérabilités dans Axis OS | 2025-11-03T00:00:00.000000 | 2025-11-03T00:00:00.000000 |
| certfr-2025-avi-0950 | Multiples vulnérabilités dans le noyau Linux de Red Hat | 2025-10-31T00:00:00.000000 | 2025-10-31T00:00:00.000000 |