Recent vulnerabilities
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2026-23714 |
N/A
|
Not used | N/A | N/A | 2026-01-16T03:55:04.715Z | |
| CVE-2026-0855 |
8.7 (4.0)
8.8 (3.1)
|
Merit LILIN|IP Camera - OS Command Injection |
Merit LILIN |
P2 |
2026-01-12T06:44:40.227Z | 2026-01-16T02:09:56.328Z |
| CVE-2025-9904 |
5.3 (3.1)
6.9 (4.0)
|
Unallocated memory access vulnerability in print … |
Canon Inc. |
Generic Plus PCL6 Printer Driver |
2025-09-29T00:46:03.660Z | 2026-01-16T00:10:23.476Z |
| CVE-2025-9903 |
5.9 (3.1)
5.9 (4.0)
|
Out-of-bounds write vulnerabilities in print proc… |
Canon Inc. |
Generic Plus PCL6 Printer Driver |
2025-09-29T00:44:55.506Z | 2026-01-16T00:02:54.676Z |
| CVE-2025-7698 |
5.9 (3.1)
5.9 (4.0)
|
Out-of-bounds read vulnerabilities in print proce… |
Canon Inc. |
Generic Plus PCL6 Printer Driver |
2025-09-29T00:47:02.910Z | 2026-01-15T23:59:37.174Z |
| CVE-2026-1012 |
N/A
|
** REJECT ** DO NOT USE THIS CANDIDATE NUMBER. Reason: This candidate was issued in error. Notes: All references and descriptions in this candidate have been removed to prevent accidental usage. | N/A | N/A | 2026-01-15T22:55:03.432Z | |
| CVE-2020-36917 |
8.6 (4.0)
7.5 (3.1)
|
iDS6 DSSPro Digital Signage System 6.2 Cleartext Passw… |
Guangzhou Yeroo Tech Co., Ltd. |
iDS6 DSSPro Digital Signage System |
2026-01-06T15:53:23.292Z | 2026-01-15T21:37:30.416Z |
| CVE-2026-23622 |
7.4 (4.0)
|
CSRF Protection Bypass: Sensitive endpoints accept GET… |
alextselegidis |
easyappointments |
2026-01-15T19:28:58.369Z | 2026-01-15T21:34:43.098Z |
| CVE-2025-36934 |
7.4 (3.1)
|
In bigo_worker_thread of private/google-modules/v… |
Google |
Android |
2025-12-11T19:35:47.543Z | 2026-01-15T21:30:04.740Z |
| CVE-2025-70892 |
9.8 (3.1)
|
Phpgurukul Cyber Cafe Management System v1.0 cont… |
n/a |
n/a |
2026-01-15T00:00:00.000Z | 2026-01-15T21:25:50.687Z |
| CVE-2025-70893 |
8.8 (3.1)
|
A time-based blind SQL Injection vulnerability ex… |
n/a |
n/a |
2026-01-15T00:00:00.000Z | 2026-01-15T21:22:19.718Z |
| CVE-2026-21918 |
7.5 (3.1)
8.7 (4.0)
|
Junos OS: SRX and MX Series: When TCP packets occur in… |
Juniper Networks |
Junos OS |
2026-01-15T20:27:54.743Z | 2026-01-15T21:13:00.740Z |
| CVE-2026-21917 |
7.5 (3.1)
8.7 (4.0)
|
Junos OS: SRX Series: Specifically malformed SSL packe… |
Juniper Networks |
Junos OS |
2026-01-15T20:27:11.214Z | 2026-01-15T21:12:37.455Z |
| CVE-2026-21907 |
5.9 (3.1)
8.2 (4.0)
|
Junos Space: TLS/SSL server supports use of static key… |
Juniper Networks |
Junos Space |
2026-01-15T20:21:11.010Z | 2026-01-15T21:12:31.198Z |
| CVE-2026-21903 |
6.5 (3.1)
7.1 (4.0)
|
Junos OS: Subscribing to telemetry sensors at scale ca… |
Juniper Networks |
Junos OS |
2026-01-15T20:18:36.767Z | 2026-01-15T21:12:08.631Z |
| CVE-2026-0203 |
6.5 (3.1)
7.1 (4.0)
|
Junos OS: Receipt of a specifically malformed ICMP pac… |
Juniper Networks |
Junos OS |
2026-01-15T20:17:24.552Z | 2026-01-15T21:11:32.119Z |
| CVE-2025-60011 |
5.8 (3.1)
6.9 (4.0)
|
Junos OS and Junos OS Evolved: Optional transitive BGP… |
Juniper Networks |
Junos OS |
2026-01-15T20:16:47.459Z | 2026-01-15T21:10:58.766Z |
| CVE-2025-60007 |
5.5 (3.1)
6.8 (4.0)
|
Junos OS: A specifically crafted 'show chassis' comman… |
Juniper Networks |
Junos OS |
2026-01-15T20:16:22.617Z | 2026-01-15T21:10:13.435Z |
| CVE-2026-1002 |
6.9 (4.0)
|
Eclipse Vert.x Web static handler file access denial |
Eclipse Vert.x |
Eclipse Vert.x |
2026-01-15T20:50:25.642Z | 2026-01-15T21:09:22.172Z |
| CVE-2025-60003 |
7.5 (3.1)
8.7 (4.0)
|
Junos OS and Junos OS Evolved: BGP update with a set o… |
Juniper Networks |
Junos OS |
2026-01-15T20:15:04.828Z | 2026-01-15T21:09:19.309Z |
| CVE-2025-59961 |
5.5 (3.1)
6.8 (4.0)
|
Junos OS and Junos OS Evolved: Unix socket used to con… |
Juniper Networks |
Junos OS |
2026-01-15T20:14:43.508Z | 2026-01-15T21:08:37.387Z |
| CVE-2025-67025 |
6.1 (3.1)
|
Cross Site Scripting vulnerability in Anycomment … |
n/a |
n/a |
2026-01-15T00:00:00.000Z | 2026-01-15T21:07:24.240Z |
| CVE-2025-70891 |
6.1 (3.1)
|
A stored cross-site scripting (XSS) vulnerability… |
n/a |
n/a |
2026-01-15T00:00:00.000Z | 2026-01-15T21:06:05.340Z |
| CVE-2025-70890 |
6.1 (3.1)
|
A stored cross-site scripting (XSS) vulnerability… |
n/a |
n/a |
2026-01-15T00:00:00.000Z | 2026-01-15T21:04:49.118Z |
| CVE-2025-65368 |
6.1 (3.1)
|
SparkyFitness v0.15.8.2 is vulnerable to Cross Si… |
n/a |
n/a |
2026-01-15T00:00:00.000Z | 2026-01-15T21:03:15.128Z |
| CVE-2026-21920 |
7.5 (3.1)
8.7 (4.0)
|
Junos OS: SRX Series: If a specific request is process… |
Juniper Networks |
Junos OS |
2026-01-15T20:28:10.526Z | 2026-01-15T20:59:21.070Z |
| CVE-2026-21921 |
6.5 (3.1)
7.1 (4.0)
|
Junos OS and Junos OS Evolved: When telemetry collecto… |
Juniper Networks |
Junos OS |
2026-01-15T20:28:29.656Z | 2026-01-15T20:55:25.182Z |
| CVE-2026-21909 |
6.5 (3.1)
7.1 (4.0)
|
Junos OS and Junos OS Evolved: Receipt of specific IS-… |
Juniper Networks |
Junos OS |
2026-01-15T20:22:44.674Z | 2026-01-15T20:52:42.400Z |
| CVE-2026-21910 |
6.5 (3.1)
7.1 (4.0)
|
Junos OS: EX4k Series, QFX5k Series: In an EVPN-VXLAN … |
Juniper Networks |
Junos OS |
2026-01-15T20:23:29.682Z | 2026-01-15T20:51:57.933Z |
| CVE-2026-21911 |
6.5 (3.1)
7.1 (4.0)
|
Junos OS Evolved: Flapping management interface causes… |
Juniper Networks |
Junos OS Evolved |
2026-01-15T20:23:54.924Z | 2026-01-15T20:51:32.531Z |
| ID | CVSS | Description | Vendor | Product | Published | Updated |
|---|---|---|---|---|---|---|
| CVE-2025-58888 |
8.2 (3.1)
|
WordPress The Flash theme <= 1.15 - Local File Inclusi… |
AncoraThemes |
The Flash |
2025-12-18T07:21:52.632Z | 2026-01-29T15:30:11.560Z |
| CVE-2025-58885 |
8.2 (3.1)
|
WordPress Pathfinder theme <= 1.16 - Local File Inclus… |
AncoraThemes |
Pathfinder |
2025-12-18T07:21:52.434Z | 2026-01-29T15:30:26.798Z |
| CVE-2025-58879 |
8.2 (3.1)
|
WordPress Festy theme <= 1.13.0 - Local File Inclusion… |
AncoraThemes |
Festy |
2025-12-18T07:21:52.239Z | 2026-01-29T15:30:52.812Z |
| CVE-2025-58877 |
7.5 (3.1)
|
WordPress Javo Core plugin <= 3.0.0.529 - Arbitrary Co… |
javothemes |
Javo Core |
2025-12-18T07:21:52.039Z | 2026-01-29T15:31:15.865Z |
| CVE-2025-58803 |
8.2 (3.1)
|
WordPress Algenix theme <= 1.0 - Local File Inclusion … |
axiomthemes |
Algenix |
2025-12-18T07:21:51.851Z | 2026-01-29T15:32:06.794Z |
| CVE-2025-58711 |
5.3 (3.1)
|
WordPress Blog Designer PRO plugin <= 3.4.8 - Broken A… |
solwin |
Blog Designer PRO |
2025-10-29T08:38:01.894Z | 2026-02-18T15:43:35.640Z |
| CVE-2025-58710 |
8.6 (3.1)
|
WordPress Hotel Listing plugin <= 1.4.0 - Privilege Es… |
e-plugins |
Hotel Listing |
2025-12-18T07:21:51.662Z | 2026-01-29T15:32:42.696Z |
| CVE-2025-58709 |
8.1 (3.1)
|
WordPress Legacy theme <= 1.9 - Local File Inclusion v… |
axiomthemes |
Legacy |
2025-12-18T07:21:51.475Z | 2026-01-20T14:28:10.386Z |
| CVE-2025-58708 |
8.1 (3.1)
|
WordPress 777 theme <= 1.3 - Local File Inclusion vuln… |
axiomthemes |
777 |
2025-12-18T07:21:51.283Z | 2026-01-20T14:28:10.343Z |
| CVE-2025-58706 |
8.1 (3.1)
|
WordPress Woo Hoo theme <= 1.25 - Local File Inclusion… |
axiomthemes |
Woo Hoo |
2025-12-18T07:21:51.092Z | 2026-01-20T14:28:10.245Z |
| CVE-2025-58638 |
7.1 (3.1)
|
WordPress Institutions Directory Plugin <= 1.3.3 - Cro… |
e-plugins |
Institutions Directory |
2025-11-06T15:54:28.161Z | 2026-01-20T14:28:10.256Z |
| CVE-2025-58636 |
9.8 (3.1)
|
WordPress WP Gravity Forms Keap/Infusionsoft Plugin <=… |
CRM Perks |
WP Gravity Forms Keap/Infusionsoft |
2025-11-06T15:54:26.970Z | 2026-01-20T14:28:10.255Z |
| CVE-2025-58629 |
7.5 (3.1)
|
WordPress Miraculous theme < 2.0.9 - Arbitrary Content… |
kamleshyadav |
Miraculous |
2025-11-06T15:54:25.101Z | 2026-01-20T14:28:10.228Z |
| CVE-2025-58627 |
9.8 (3.1)
|
WordPress Miraculous Core Plugin plugin < 2.0.9 - Inse… |
kamleshyadav |
Miraculous Core Plugin |
2025-11-06T15:54:23.943Z | 2026-01-20T14:28:10.231Z |
| CVE-2025-58619 |
8.8 (3.1)
|
WordPress Falang multilanguage Plugin <= 1.3.65 - PHP … |
sbouey |
Falang multilanguage |
2025-11-06T15:54:22.879Z | 2026-01-20T14:28:10.232Z |
| CVE-2025-58595 |
9.1 (3.1)
|
WordPress All In One Login plugin <= 2.0.8 - Bypass Vu… |
Saad Iqbal |
All In One Login |
2025-11-06T15:54:21.774Z | 2026-01-20T14:28:10.208Z |
| CVE-2025-58592 |
8.1 (3.1)
|
WordPress TranslatePress Plugin <= 2.10.2 - Deserializ… |
Cozmoslabs |
TranslatePress |
2025-11-06T15:54:20.550Z | 2026-01-20T14:28:10.226Z |
| CVE-2025-58243 |
5.3 (3.1)
|
WordPress imEvent Theme <= 3.4.0 - Broken Access Contr… |
Jthemes |
imEvent |
2025-11-06T15:54:19.824Z | 2026-01-20T14:28:10.207Z |
| CVE-2025-58225 |
8.1 (3.1)
|
WordPress Paragon theme <= 1.1 - Local File Inclusion … |
axiomthemes |
Paragon |
2025-12-18T07:21:50.906Z | 2026-01-20T14:28:10.207Z |
| CVE-2025-58207 |
8.2 (3.1)
|
WordPress Ai Image Alt Text Generator for WP Plugin <=… |
WP Messiah |
Ai Image Alt Text Generator for WP |
2025-11-06T15:54:19.210Z | 2026-01-20T14:28:10.196Z |
| CVE-2025-57931 |
5.3 (3.1)
|
WordPress Popup box plugin <= 5.5.4 - Cross Site Reque… |
Ays Pro |
Popup box |
2025-10-29T04:02:09.962Z | 2026-01-20T14:28:10.080Z |
| CVE-2025-57897 |
7.1 (3.1)
|
WordPress Logtik theme <= 2.3 - Cross Site Scripting (… |
venusweb |
Logtik |
2025-12-18T07:21:50.715Z | 2026-01-20T14:28:10.117Z |
| CVE-2025-55707 |
7.2 (3.1)
|
WordPress PostX Plugin <= 4.1.35 - Privilege Escalatio… |
WPXPO |
PostX |
2025-12-18T07:21:50.529Z | 2026-01-20T14:28:10.117Z |
| CVE-2025-54751 |
7.1 (3.1)
|
WordPress PostX plugin <= 4.1.36 - Broken Access Contr… |
WPXPO |
PostX |
2025-12-18T07:21:50.337Z | 2026-01-20T14:28:10.147Z |
| CVE-2025-54748 |
6.5 (3.1)
|
WordPress MapSVG Plugin < 8.6.12 - Arbitrary File Down… |
RomanCode |
MapSVG |
2025-12-18T07:21:50.115Z | 2026-01-20T14:28:10.128Z |
| CVE-2025-54745 |
6.5 (3.1)
|
WordPress miniOrange's Google Authenticator Plugin <= … |
miniOrange |
miniOrange's Google Authenticator |
2025-12-18T07:21:49.914Z | 2026-01-20T14:28:10.170Z |
| CVE-2025-54743 |
5.3 (3.1)
|
WordPress Download After Email Plugin 2.1.5-2.1.6 - Ot… |
mkscripts |
Download After Email |
2025-12-18T07:21:49.722Z | 2026-01-29T15:33:17.915Z |
| CVE-2025-54741 |
8.6 (3.1)
|
WordPress Super Blank Plugin <= 1.2.0 - Arbitrary Cont… |
Tyler Moore |
Super Blank |
2025-12-18T07:21:49.496Z | 2026-02-03T16:03:36.275Z |
| CVE-2025-54737 |
7.1 (3.1)
|
WordPress Jobmonster theme <= 4.7.8 - Cross Site Scrip… |
NooTheme |
Jobmonster |
2025-11-06T15:54:17.806Z | 2026-01-20T14:28:10.029Z |
| CVE-2025-54723 |
9.8 (3.1)
|
WordPress DentiCare Theme < 1.4.3 - PHP Object Injecti… |
BoldThemes |
DentiCare |
2025-12-18T07:21:49.313Z | 2026-02-03T16:04:44.922Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| fkie_cve-2025-58888 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusi… | 2025-12-18T08:15:57.910 | 2026-01-20T15:17:08.310 |
| fkie_cve-2025-58885 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusi… | 2025-12-18T08:15:57.777 | 2026-01-20T15:17:08.160 |
| fkie_cve-2025-58879 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusi… | 2025-12-18T08:15:57.650 | 2026-01-20T15:17:07.990 |
| fkie_cve-2025-58877 | Missing Authorization vulnerability in javothemes Javo Core javo-core allows Exploiting Incorrectly… | 2025-12-18T08:15:57.510 | 2026-01-20T15:17:07.683 |
| fkie_cve-2025-58803 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusi… | 2025-12-18T08:15:57.380 | 2026-01-20T15:17:07.540 |
| fkie_cve-2025-58711 | Missing Authorization vulnerability in solwin Blog Designer PRO blog-designer-pro allows Accessing … | 2025-10-29T09:15:37.343 | 2026-01-20T15:17:07.403 |
| fkie_cve-2025-58710 | Incorrect Privilege Assignment vulnerability in e-plugins Hotel Listing hotel-listing allows Privil… | 2025-12-18T08:15:57.247 | 2026-01-20T15:17:07.273 |
| fkie_cve-2025-58709 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusi… | 2025-12-18T08:15:57.117 | 2026-01-20T15:17:07.133 |
| fkie_cve-2025-58708 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusi… | 2025-12-18T08:15:56.980 | 2026-01-20T15:17:06.993 |
| fkie_cve-2025-58706 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusi… | 2025-12-18T08:15:56.840 | 2026-01-20T15:17:06.847 |
| fkie_cve-2025-58638 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2025-11-06T16:16:00.003 | 2026-01-20T15:17:06.710 |
| fkie_cve-2025-58636 | Deserialization of Untrusted Data vulnerability in CRM Perks WP Gravity Forms Keap/Infusionsoft gf-… | 2025-11-06T16:15:59.860 | 2026-01-20T15:17:06.583 |
| fkie_cve-2025-58629 | Missing Authorization vulnerability in kamleshyadav Miraculous miraculous allows Exploiting Incorre… | 2025-11-06T16:15:59.717 | 2026-01-20T15:17:06.453 |
| fkie_cve-2025-58627 | Authorization Bypass Through User-Controlled Key vulnerability in kamleshyadav Miraculous Core Plug… | 2025-11-06T16:15:59.557 | 2026-01-20T15:17:06.313 |
| fkie_cve-2025-58619 | Deserialization of Untrusted Data vulnerability in sbouey Falang multilanguage falang allows Object… | 2025-11-06T16:15:59.400 | 2026-01-20T15:17:06.183 |
| fkie_cve-2025-58595 | Authentication Bypass by Spoofing vulnerability in Saad Iqbal All In One Login change-wp-admin-logi… | 2025-11-06T16:15:59.233 | 2026-01-20T15:17:06.050 |
| fkie_cve-2025-58592 | Deserialization of Untrusted Data vulnerability in Cozmoslabs TranslatePress translatepress-multili… | 2025-11-06T16:15:59.080 | 2026-01-20T15:17:05.910 |
| fkie_cve-2025-58243 | Missing Authorization vulnerability in Jthemes imEvent imevent allows Accessing Functionality Not P… | 2025-11-06T16:15:58.723 | 2026-01-20T15:17:05.780 |
| fkie_cve-2025-58225 | Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusi… | 2025-12-18T08:15:56.707 | 2026-01-20T15:17:05.633 |
| fkie_cve-2025-58207 | Missing Authorization vulnerability in WP Messiah Ai Image Alt Text Generator for WP ai-image-alt-t… | 2025-11-06T16:15:58.567 | 2026-01-20T15:17:05.503 |
| fkie_cve-2025-57931 | Cross-Site Request Forgery (CSRF) vulnerability in Ays Pro Popup box allows Cross Site Request Forg… | 2025-10-29T04:15:52.820 | 2026-01-20T15:17:03.863 |
| fkie_cve-2025-57897 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2025-12-18T08:15:56.580 | 2026-01-20T15:17:03.733 |
| fkie_cve-2025-55707 | Incorrect Privilege Assignment vulnerability in WPXPO PostX ultimate-post allows Privilege Escalati… | 2025-12-18T08:15:56.450 | 2026-01-20T15:17:03.153 |
| fkie_cve-2025-54751 | Missing Authorization vulnerability in WPXPO PostX ultimate-post allows Exploiting Incorrectly Conf… | 2025-12-18T08:15:56.323 | 2026-01-20T15:17:01.893 |
| fkie_cve-2025-54748 | Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Rom… | 2025-12-18T08:15:56.187 | 2026-01-20T15:17:01.757 |
| fkie_cve-2025-54745 | Missing Authorization vulnerability in miniOrange miniOrange's Google Authenticator miniorange-2-fa… | 2025-12-18T08:15:56.060 | 2026-01-20T15:17:01.623 |
| fkie_cve-2025-54743 | Missing Authorization vulnerability in mkscripts Download After Email download-after-email allows E… | 2025-12-18T08:15:55.930 | 2026-01-20T15:17:01.500 |
| fkie_cve-2025-54741 | Missing Authorization vulnerability in Tyler Moore Super Blank super-blank allows Exploiting Incorr… | 2025-12-18T08:15:55.793 | 2026-01-20T15:17:01.367 |
| fkie_cve-2025-54737 | Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability … | 2025-11-06T16:15:58.427 | 2026-01-20T15:17:01.233 |
| fkie_cve-2025-54723 | Deserialization of Untrusted Data vulnerability in BoldThemes DentiCare denticare allows Object Inj… | 2025-12-18T08:15:55.660 | 2026-01-20T15:17:01.100 |
| ID | Severity | Description | Published | Updated |
|---|---|---|---|---|
| ghsa-c4mg-vhq3-hwc2 |
7.3 (3.1)
6.9 (4.0)
|
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an improper access control vulner… | 2026-01-04T00:30:16Z | 2026-01-04T00:30:16Z |
| ghsa-9w9c-6cc9-mc59 |
6.9 (4.0)
|
Rejected reason: This CVE ID was rejected because it was reserved but not used for a vulnerability … | 2026-01-02T18:30:33Z | 2026-01-04T00:30:16Z |
| ghsa-752h-56c7-7mr2 |
6.5 (3.1)
6.9 (4.0)
|
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authentication bypass vulnerab… | 2026-01-04T00:30:16Z | 2026-01-04T00:30:16Z |
| ghsa-4v2m-wc8x-hcjv |
7.3 (3.1)
6.9 (4.0)
|
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an authorization bypass vulnerabi… | 2026-01-04T00:30:16Z | 2026-01-04T00:30:16Z |
| ghsa-472g-2pwf-qm99 |
5.3 (3.1)
6.9 (4.0)
|
Petlibro Smart Pet Feeder Platform versions up to 1.7.31 contains an information disclosure vulnera… | 2026-01-04T00:30:16Z | 2026-01-04T00:30:16Z |
| ghsa-wvmf-999m-w27j |
9.1 (3.1)
6.9 (4.0)
|
Genymobile/scrcpy versions up to and including 3.3.3 and prior to commit 3e40b24 contain a global b… | 2025-12-19T00:31:41Z | 2026-01-03T21:30:26Z |
| ghsa-rcf9-vp22-qqr4 |
|
Rejected reason: Not used | 2026-01-03T06:30:16Z | 2026-01-03T06:30:16Z |
| ghsa-q99j-frr5-3c8c |
|
Rejected reason: Not used | 2026-01-03T06:30:16Z | 2026-01-03T06:30:16Z |
| ghsa-jxwc-j45q-67x2 |
|
Rejected reason: Not used | 2026-01-03T06:30:16Z | 2026-01-03T06:30:16Z |
| ghsa-h5g2-f397-gc23 |
|
Rejected reason: Not used | 2026-01-03T06:30:16Z | 2026-01-03T06:30:16Z |
| ghsa-cpj2-6jmp-955v |
|
Rejected reason: Not used | 2026-01-03T06:30:16Z | 2026-01-03T06:30:16Z |
| ghsa-9xc5-pgjp-9mcj |
|
Rejected reason: Not used | 2026-01-03T06:30:16Z | 2026-01-03T06:30:16Z |
| ghsa-3x46-6xw6-vv9h |
|
Rejected reason: Not used | 2026-01-03T06:30:16Z | 2026-01-03T06:30:16Z |
| ghsa-3pj2-6fqg-5xxm |
|
Rejected reason: Not used | 2026-01-03T06:30:16Z | 2026-01-03T06:30:16Z |
| ghsa-24x2-jv4m-57w2 |
|
Rejected reason: Not used | 2026-01-03T06:30:16Z | 2026-01-03T06:30:16Z |
| ghsa-96xq-9m54-h7p4 |
9.4 (4.0)
|
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue … | 2026-01-03T03:30:25Z | 2026-01-03T03:30:25Z |
| ghsa-9fpm-5f3v-gxp2 |
8.7 (4.0)
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerab… | 2026-01-03T03:30:24Z | 2026-01-03T03:30:24Z |
| ghsa-2mwc-h2mg-v6p8 |
5.2 (4.0)
|
Bagisto has HTML Filter Bypass that Enables Stored XSS | 2026-01-02T21:16:23Z | 2026-01-03T00:32:58Z |
| ghsa-gvq6-hvvp-h34h |
9.2 (4.0)
|
AdonisJS Path Traversal in Multipart File Handling | 2026-01-02T18:58:32Z | 2026-01-03T00:32:09Z |
| ghsa-v668-5qxg-qhjh |
9.4 (4.0)
|
Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection') vulnerab… | 2026-01-03T00:31:26Z | 2026-01-03T00:31:26Z |
| ghsa-rw75-27g5-4c67 |
9.4 (4.0)
|
A vulnerability in Nuvation Energy nCloud VPN Service allowed Network Boundary Bridging.This issue … | 2026-01-03T00:31:26Z | 2026-01-03T00:31:26Z |
| ghsa-fwx4-5874-4gvg |
10.0 (4.0)
|
Authentication Bypass Using an Alternate Path or Channel vulnerability in Nuvation Energy Multi-Sta… | 2026-01-03T00:31:26Z | 2026-01-03T00:31:26Z |
| ghsa-757q-w8xv-793g |
9.3 (4.0)
|
A vulnerability in Nuvation Battery Management System allows Authentication Bypass.This issue affec… | 2026-01-03T00:31:26Z | 2026-01-03T00:31:26Z |
| ghsa-2hrm-3727-3mc5 |
7.2 (4.0)
|
Insufficiently Protected Credentials vulnerability in Nuvation Energy Multi-Stack Controller (MSC) … | 2026-01-03T00:31:26Z | 2026-01-03T00:31:26Z |
| ghsa-xmhc-qgjh-2r5x |
6.1 (3.1)
|
The ShopBuilder WordPress plugin before 3.2.2 does not sanitise and escape a parameter before outp… | 2026-01-02T06:30:26Z | 2026-01-03T00:31:25Z |
| ghsa-mjh6-7rhf-fhc8 |
5.3 (3.1)
|
The Ninja Forms WordPress plugin before 3.13.3 allows unauthenticated attackers to generate valid … | 2026-01-02T06:30:26Z | 2026-01-03T00:31:25Z |
| ghsa-6w96-gvjq-xh8h |
6.5 (3.1)
|
The WPBookit WordPress plugin through 1.0.7 lacks a CSRF check when deleting customers. This could … | 2026-01-02T06:30:26Z | 2026-01-03T00:31:25Z |
| ghsa-24cx-vf27-7gv3 |
6.1 (3.1)
|
The Logo Slider WordPress plugin before 4.9.0 does not validate and escape some of its slider opti… | 2026-01-02T06:30:26Z | 2026-01-03T00:31:25Z |
| ghsa-f43r-cc68-gpx4 |
7.1 (3.1)
|
External Control of File Name or Path in Langflow | 2025-12-19T22:53:13Z | 2026-01-03T00:28:22Z |
| ghsa-v627-69v2-xx37 |
7.1 (3.1)
|
`GetRepositoryByName`, `DeleteRepositoryByName` and `GetArtifactByName` allow access of arbitrary r… | 2024-03-05T16:20:07Z | 2026-01-03T00:04:20Z |
| ID | Description | Updated |
|---|---|---|
| gsd-2024-1533 | The format of the source doesn't require a description, click on the link for more details. | 2024-02-16T06:02:25.974724Z |
| gsd-2024-1535 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile &… | 2024-02-16T06:02:25.973882Z |
| gsd-2024-1567 | The format of the source doesn't require a description, click on the link for more details. | 2024-02-16T06:02:25.973617Z |
| gsd-2024-1539 | The format of the source doesn't require a description, click on the link for more details. | 2024-02-16T06:02:25.972945Z |
| gsd-2024-1558 | A path traversal vulnerability exists in the `_create_model_version()` function within `s… | 2024-02-16T06:02:25.969035Z |
| gsd-2024-1557 | Memory safety bugs present in Firefox 122. Some of these bugs showed evidence of memory c… | 2024-02-16T06:02:25.965555Z |
| gsd-2024-1545 | The format of the source doesn't require a description, click on the link for more details. | 2024-02-16T06:02:25.957730Z |
| gsd-2024-1544 | The format of the source doesn't require a description, click on the link for more details. | 2024-02-16T06:02:25.949587Z |
| gsd-2024-1569 | parisneo/lollms-webui is vulnerable to a denial of service (DoS) attack due to uncontroll… | 2024-02-16T06:02:25.949369Z |
| gsd-2024-1549 | If a website set a large custom cursor, portions of the cursor could have overlapped with… | 2024-02-16T06:02:25.949141Z |
| gsd-2024-1531 | A vulnerability exists in the stb-language file handling that affects the RTU500 series p… | 2024-02-16T06:02:25.948108Z |
| gsd-2024-1534 | The Booster for WooCommerce plugin for WordPress is vulnerable to Stored Cross-Site Scrip… | 2024-02-16T06:02:25.944126Z |
| gsd-2024-1574 | The format of the source doesn't require a description, click on the link for more details. | 2024-02-16T06:02:25.937924Z |
| gsd-2024-1562 | The WooCommerce Google Sheet Connector plugin for WordPress is vulnerable to unauthorized… | 2024-02-16T06:02:25.930366Z |
| gsd-2024-1546 | When storing and re-accessing data on a networking channel, the length of buffers may hav… | 2024-02-16T06:02:25.930149Z |
| gsd-2024-1529 | Vulnerability in CMS Made Simple 2.2.14, which does not sufficiently encode user-controll… | 2024-02-16T06:02:25.919245Z |
| gsd-2024-1553 | Memory safety bugs present in Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7. Some… | 2024-02-16T06:02:25.916301Z |
| gsd-2024-1571 | The WP Recipe Maker plugin for WordPress is vulnerable to Stored Cross-Site Scripting via… | 2024-02-16T06:02:25.915423Z |
| gsd-2024-1556 | The incorrect object was checked for NULL in the built-in profiler, potentially leading t… | 2024-02-16T06:02:25.914620Z |
| gsd-2024-1526 | The Hubbub Lite WordPress plugin before 1.33.1 does not ensure that user have access to … | 2024-02-16T06:02:25.911465Z |
| gsd-2024-1532 | A vulnerability exists in the stb-language file handling that affects the RTU500 series p… | 2024-02-16T06:02:25.900285Z |
| gsd-2024-1550 | A malicious website could have used a combination of exiting fullscreen mode and `request… | 2024-02-16T06:02:25.896131Z |
| gsd-2024-1528 | CMS Made Simple version 2.2.14, does not sufficiently encode user-controlled input, resul… | 2024-02-16T06:02:25.886114Z |
| gsd-2024-1568 | The Seraphinite Accelerator plugin for WordPress is vulnerable to Server-Side Request For… | 2024-02-16T06:02:25.885278Z |
| gsd-2024-1525 | An issue has been discovered in GitLab CE/EE affecting all versions starting from 16.1 be… | 2024-02-16T06:02:25.879849Z |
| gsd-2024-1552 | Incorrect code generation could have led to unexpected numeric conversions and potential … | 2024-02-16T06:02:25.879095Z |
| gsd-2024-1547 | Through a series of API calls and redirects, an attacker-controlled alert dialog could ha… | 2024-02-16T06:02:25.878687Z |
| gsd-2024-1538 | The File Manager plugin for WordPress is vulnerable to Cross-Site Request Forgery in all … | 2024-02-16T06:02:25.877330Z |
| gsd-2024-1565 | The format of the source doesn't require a description, click on the link for more details. | 2024-02-16T06:02:25.868863Z |
| gsd-2024-1570 | The Paid Membership Plugin, Ecommerce, User Registration Form, Login Form, User Profile &… | 2024-02-16T06:02:25.868631Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| mal-2025-184591 | Malicious code in odasv-kiunu-bivoyiacaub (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184590 | Malicious code in odasv-kiunu-bivoyiacaguab (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184589 | Malicious code in odasv-kiunu-bivoyiacab (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184588 | Malicious code in odasv-kiunu-bivoycab (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184587 | Malicious code in odasv-kiunu-bivocab (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184586 | Malicious code in odasv-kiunu-bivob (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184585 | Malicious code in odasv-kiunu-bivoab (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184584 | Malicious code in odasv-kiunu-bio (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184583 | Malicious code in odasv-kinu-bobc (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184582 | Malicious code in odasv-kinu-bobacuvolafin (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184581 | Malicious code in odasv-kinu-bobacuvolaafin (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184580 | Malicious code in odasv-kinu-bobacuon (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184579 | Malicious code in odasv-kinu-bobacuoain (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184578 | Malicious code in odasv-kinu-bobacuoafin (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184577 | Malicious code in odasv-kinu-bobacun (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184576 | Malicious code in odasv-kinu-bobacn (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184575 | Malicious code in odasv-kinu-bobac (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184574 | Malicious code in odasv-kinu-bob (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184573 | Malicious code in odasv-kinu-bivoyicaguab (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184572 | Malicious code in odasv-kinu-bivoyiacaguab (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184571 | Malicious code in odasv-kinu-bivoycuab (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184570 | Malicious code in odasv-kinu-bivoycaguab (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184569 | Malicious code in odasv-kinu-bivocuab (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184568 | Malicious code in odasv-kinu-biocuab (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184567 | Malicious code in odasv-kinu-biocab (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184566 | Malicious code in odasv-kinu-bb (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184565 | Malicious code in oc-gua-vsojfahi (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184564 | Malicious code in oc-gua-vsji (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184563 | Malicious code in oc-gua-vsjfi (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| mal-2025-184562 | Malicious code in oc-gua-vsjfhi (npm) | 2025-11-12T22:25:03Z | 2025-11-12T22:25:03Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| rhsa-2024:3341 | Red Hat Security Advisory: gdk-pixbuf2 security update | 2024-05-23T17:45:35+00:00 | 2025-11-21T19:02:57+00:00 |
| rhsa-2024:3340 | Red Hat Security Advisory: .NET 7.0 security update | 2024-05-23T15:40:00+00:00 | 2025-11-21T19:02:57+00:00 |
| rhsa-2024:3338 | Red Hat Security Advisory: thunderbird security update | 2024-05-23T12:09:34+00:00 | 2025-11-21T19:02:56+00:00 |
| rhsa-2024:3325 | Red Hat Security Advisory: pcp security update | 2024-05-23T09:44:19+00:00 | 2025-11-21T19:02:53+00:00 |
| rhsa-2024:3321 | Red Hat Security Advisory: pcp security update | 2024-05-23T09:32:14+00:00 | 2025-11-21T19:02:53+00:00 |
| rhsa-2024:3324 | Red Hat Security Advisory: pcp security, bug fix, and enhancement update | 2024-05-23T09:51:19+00:00 | 2025-11-21T19:02:51+00:00 |
| rhsa-2024:3323 | Red Hat Security Advisory: pcp security update | 2024-05-23T09:45:04+00:00 | 2025-11-21T19:02:49+00:00 |
| rhsa-2024:3322 | Red Hat Security Advisory: pcp security update | 2024-05-23T09:28:30+00:00 | 2025-11-21T19:02:49+00:00 |
| rhsa-2024:3308 | Red Hat Security Advisory: tomcat security and bug fix update | 2024-05-23T06:18:36+00:00 | 2025-11-21T19:02:43+00:00 |
| rhsa-2024:3307 | Red Hat Security Advisory: tomcat security and bug fix update | 2024-05-23T06:23:23+00:00 | 2025-11-21T19:02:43+00:00 |
| rhsa-2024:3306 | Red Hat Security Advisory: kernel security and bug fix update | 2024-05-23T07:36:39+00:00 | 2025-11-21T19:02:41+00:00 |
| rhsa-2024:3305 | Red Hat Security Advisory: varnish:6 security update | 2024-05-23T07:06:03+00:00 | 2025-11-21T19:02:41+00:00 |
| rhsa-2024:3304 | Red Hat Security Advisory: libreoffice security fix update | 2024-05-23T06:59:49+00:00 | 2025-11-21T19:02:41+00:00 |
| rhsa-2024:3270 | Red Hat Security Advisory: sssd security update | 2024-05-22T12:02:37+00:00 | 2025-11-21T19:02:38+00:00 |
| rhsa-2024:3268 | Red Hat Security Advisory: krb5 security update | 2024-05-22T11:52:05+00:00 | 2025-11-21T19:02:37+00:00 |
| rhsa-2024:3267 | Red Hat Security Advisory: idm:DL1 and idm:client security update | 2024-05-22T11:47:22+00:00 | 2025-11-21T19:02:37+00:00 |
| rhsa-2024:3264 | Red Hat Security Advisory: pcp security update | 2024-05-22T11:56:43+00:00 | 2025-11-21T19:02:35+00:00 |
| rhsa-2024:3261 | Red Hat Security Advisory: tigervnc security update | 2024-05-22T11:53:58+00:00 | 2025-11-21T19:02:35+00:00 |
| rhsa-2024:3258 | Red Hat Security Advisory: xorg-x11-server security update | 2024-05-22T11:45:11+00:00 | 2025-11-21T19:02:33+00:00 |
| rhsa-2024:3253 | Red Hat Security Advisory: virt:rhel and virt-devel:rhel security update | 2024-05-22T12:07:18+00:00 | 2025-11-21T19:02:33+00:00 |
| rhsa-2024:3233 | Red Hat Security Advisory: libssh security update | 2024-05-22T10:24:35+00:00 | 2025-11-21T19:02:33+00:00 |
| rhsa-2024:3214 | Red Hat Security Advisory: gmp security update | 2024-05-22T10:28:31+00:00 | 2025-11-21T19:02:33+00:00 |
| rhsa-2024:3211 | Red Hat Security Advisory: traceroute security update | 2024-05-22T10:09:05+00:00 | 2025-11-21T19:02:31+00:00 |
| rhsa-2024:3178 | Red Hat Security Advisory: linux-firmware security update | 2024-05-22T10:25:49+00:00 | 2025-11-21T19:02:30+00:00 |
| rhsa-2024:3166 | Red Hat Security Advisory: openssh security update | 2024-05-22T09:44:01+00:00 | 2025-11-21T19:02:30+00:00 |
| rhsa-2024:3163 | Red Hat Security Advisory: pam security update | 2024-05-22T10:16:18+00:00 | 2025-11-21T19:02:29+00:00 |
| rhsa-2024:3139 | Red Hat Security Advisory: squashfs-tools security update | 2024-05-22T09:35:51+00:00 | 2025-11-21T19:02:29+00:00 |
| rhsa-2024:3127 | Red Hat Security Advisory: zziplib security update | 2024-05-22T10:21:57+00:00 | 2025-11-21T19:02:28+00:00 |
| rhsa-2024:3121 | Red Hat Security Advisory: httpd:2.4 security update | 2024-05-22T09:39:45+00:00 | 2025-11-21T19:02:27+00:00 |
| rhsa-2024:3120 | Red Hat Security Advisory: freeglut security update | 2024-05-22T10:24:05+00:00 | 2025-11-21T19:02:26+00:00 |
| ID | Description | Published | Updated |
|---|---|---|---|
| msrc_cve-2022-0909 | Divide By Zero error in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit f8d0f9aa. | 2022-03-02T00:00:00.000Z | 2022-03-19T00:00:00.000Z |
| msrc_cve-2022-0907 | Unchecked Return Value to NULL Pointer Dereference in tiffcrop in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit f2b656e2. | 2022-03-02T00:00:00.000Z | 2022-03-19T00:00:00.000Z |
| msrc_cve-2022-26899 | Microsoft Edge (Chromium-based) Elevation of Privilege Vulnerability | 2022-03-08T08:00:00.000Z | 2022-03-17T07:00:00.000Z |
| msrc_cve-2022-23299 | Windows PDEV Elevation of Privilege Vulnerability | 2022-03-08T08:00:00.000Z | 2022-03-17T07:00:00.000Z |
| msrc_cve-2022-22010 | Media Foundation Information Disclosure Vulnerability | 2022-03-08T08:00:00.000Z | 2022-03-17T07:00:00.000Z |
| msrc_cve-2022-0516 | A vulnerability was found in kvm_s390_guest_sida_op in the arch/s390/kvm/kvm-s390.c function in KVM for s390 in the Linux kernel. This flaw allows a local attacker with a normal user privilege to obtain unauthorized memory write access. This flaw affects Linux kernel versions prior to 5.17-rc4. | 2022-03-02T00:00:00.000Z | 2022-03-17T00:00:00.000Z |
| msrc_cve-2022-0433 | A NULL pointer dereference flaw was found in the Linux kernel's BPF subsystem in the way a user triggers the map_get_next_key function of the BPF bloom filter. This flaw allows a local user to crash the system. This flaw affects Linux kernel versions prior to 5.17-rc1. | 2022-03-02T00:00:00.000Z | 2022-03-17T00:00:00.000Z |
| msrc_cve-2021-4002 | A memory leak flaw in the Linux kernel's hugetlbfs memory usage was found in the way the user maps some regions of memory twice using shmget() which are aligned to PUD alignment with the fault of some of the memory pages. A local user could use this flaw to get unauthorized access to some data. | 2022-03-02T00:00:00.000Z | 2022-03-17T00:00:00.000Z |
| msrc_cve-2021-3640 | A flaw use-after-free in function sco_sock_sendmsg() of the Linux kernel HCI subsystem was found in the way user calls ioct UFFDIO_REGISTER or other way triggers race condition of the call sco_conn_del() together with the call sco_sock_sendmsg() with the expected controllable faulting memory page. A privileged local user could use this flaw to crash the system or escalate their privileges on the system. | 2022-03-02T00:00:00.000Z | 2022-03-17T00:00:00.000Z |
| msrc_cve-2022-24511 | Microsoft Office Word Tampering Vulnerability | 2022-03-08T08:00:00.000Z | 2022-03-16T07:00:00.000Z |
| msrc_cve-2022-23285 | Remote Desktop Client Remote Code Execution Vulnerability | 2022-03-08T08:00:00.000Z | 2022-03-16T07:00:00.000Z |
| msrc_cve-2022-23283 | Windows ALPC Elevation of Privilege Vulnerability | 2022-03-08T08:00:00.000Z | 2022-03-16T07:00:00.000Z |
| msrc_cve-2022-21977 | Media Foundation Information Disclosure Vulnerability | 2022-03-08T08:00:00.000Z | 2022-03-16T07:00:00.000Z |
| msrc_cve-2022-0891 | A heap buffer overflow in ExtractImageSection function in tiffcrop.c in libtiff library Version 4.3.0 allows attacker to trigger unsafe or out of bounds memory access via crafted TIFF image file which could result into application crash potential information disclosure or any other context-dependent impact | 2022-03-02T00:00:00.000Z | 2022-03-16T00:00:00.000Z |
| msrc_cve-2022-0865 | Reachable Assertion in tiffcp in libtiff 4.3.0 allows attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources the fix is available with commit 5e180045. | 2022-03-02T00:00:00.000Z | 2022-03-16T00:00:00.000Z |
| msrc_cve-2022-0492 | A vulnerability was found in the Linux kernel’s cgroup_release_agent_write in the kernel/cgroup/cgroup-v1.c function. This flaw under certain circumstances allows the use of the cgroups v1 release_agent feature to escalate privileges and bypass the namespace isolation unexpectedly. | 2022-03-02T00:00:00.000Z | 2022-03-16T00:00:00.000Z |
| msrc_cve-2021-44269 | An out of bounds read was found in Wavpack 5.4.0 in processing *.WAV files. This issue triggered in function WavpackPackSamples of file src/pack_utils.c tainted variable cnt is too large that makes pointer sptr read beyond heap bound. | 2022-03-02T00:00:00.000Z | 2022-03-16T00:00:00.000Z |
| msrc_cve-2021-4095 | A NULL pointer dereference was found in the Linux kernel's KVM when dirty ring logging is enabled without an active vCPU context. An unprivileged local attacker on the host may use this flaw to cause a kernel oops condition and thus a denial of service by issuing a KVM_XEN_HVM_SET_ATTR ioctl. This flaw affects Linux kernel versions prior to 5.17-rc1. | 2022-03-02T00:00:00.000Z | 2022-03-16T00:00:00.000Z |
| msrc_cve-2021-4023 | A flaw was found in the io-workqueue implementation in the Linux kernel versions prior to 5.15-rc1. The kernel can panic when an improper cancellation operation triggers the submission of new io-uring operations during a shortage of free space. This flaw allows a local user with permissions to execute io-uring requests to possibly crash the system. | 2022-03-02T00:00:00.000Z | 2022-03-16T00:00:00.000Z |
| msrc_cve-2021-3737 | A flaw was found in python. An improperly handled HTTP response in the HTTP client code of python may allow a remote attacker who controls the HTTP server to make the client script enter an infinite loop consuming CPU time. The highest threat from this vulnerability is to system availability. | 2022-03-02T00:00:00.000Z | 2022-03-16T00:00:00.000Z |
| msrc_cve-2021-3620 | A flaw was found in Ansible Engine's ansible-connection module where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality. | 2022-03-02T00:00:00.000Z | 2022-03-16T00:00:00.000Z |
| msrc_cve-2021-23214 | When the server is configured to use trust authentication with a clientcert requirement or to use cert authentication a man-in-the-middle attacker can inject arbitrary SQL queries when a connection is first established despite the use of SSL certificate verification and encryption. | 2022-03-02T00:00:00.000Z | 2022-03-16T00:00:00.000Z |
| msrc_cve-2021-3739 | A NULL pointer dereference flaw was found in the btrfs_rm_device function in fs/btrfs/volumes.c in the Linux Kernel where triggering the bug requires ‘CAP_SYS_ADMIN’. This flaw allows a local attacker to crash the system or leak kernel internal information. The highest threat from this vulnerability is to system availability. | 2022-03-02T00:00:00.000Z | 2022-03-15T00:00:00.000Z |
| msrc_cve-2021-3732 | A flaw was found in the Linux kernel's OverlayFS subsystem in the way the user mounts the TmpFS filesystem with OverlayFS. This flaw allows a local user to gain access to hidden files that should not be accessible. | 2022-03-02T00:00:00.000Z | 2022-03-15T00:00:00.000Z |
| msrc_cve-2021-3698 | A flaw was found in Cockpit in versions prior to 260 in the way it handles the certificate verification performed by the System Security Services Daemon (SSSD). This flaw allows client certificates to authenticate successfully regardless of the Certificate Revocation List (CRL) configuration or the certificate status. The highest threat from this vulnerability is to confidentiality. | 2022-03-02T00:00:00.000Z | 2022-03-15T00:00:00.000Z |
| msrc_cve-2021-3660 | Cockpit (and its plugins) do not seem to protect itself against clickjacking. It is possible to render a page from a cockpit server via another website inside an <iFrame> HTML entry. This may be used by a malicious website in clickjacking or similar attacks. | 2022-03-02T00:00:00.000Z | 2022-03-15T00:00:00.000Z |
| msrc_cve-2022-26490 | st21nfca_connectivity_event_received in drivers/nfc/st21nfca/se.c in the Linux kernel through 5.16.12 has EVT_TRANSACTION buffer overflows because of untrusted length parameters. | 2022-03-02T00:00:00.000Z | 2022-03-12T00:00:00.000Z |
| msrc_cve-2021-3744 | A memory leak flaw was found in the Linux kernel in the ccp_run_aes_gcm_cmd() function in drivers/crypto/ccp/ccp-ops.c which allows attackers to cause a denial of service (memory consumption). This vulnerability is similar with the older CVE-2019-18808. | 2022-03-02T00:00:00.000Z | 2022-03-12T00:00:00.000Z |
| msrc_cve-2021-3743 | An out-of-bounds (OOB) memory read flaw was found in the Qualcomm IPC router protocol in the Linux kernel. A missing sanity check allows a local attacker to gain access to out-of-bounds memory leading to a system crash or a leak of internal kernel information. The highest threat from this vulnerability is to system availability. | 2022-03-02T00:00:00.000Z | 2022-03-12T00:00:00.000Z |
| msrc_cve-2022-23648 | Insecure handling of image volumes in containerd CRI plugin | 2022-03-02T00:00:00.000Z | 2022-03-11T00:00:00.000Z |
| ID | Description | Updated |
|---|---|---|
| var-201507-0541 | Cross-site request forgery (CSRF) vulnerability on Cisco TelePresence IP VCR devices with… | 2025-04-13T23:14:30.924000Z |
| var-201508-0484 | The Call Policy Configuration page in Cisco TelePresence Video Communication Server (VCS)… | 2025-04-13T23:14:30.642000Z |
| var-201508-0505 | Open redirect vulnerability in Cisco WebEx Node for Media Convergence Server (MCS) allows… | 2025-04-13T23:14:30.612000Z |
| var-201508-0526 | GE Healthcare Centricity Clinical Archive Audit Trail Repository has a default password o… | 2025-04-13T23:14:30.581000Z |
| var-201509-0007 | The SSHv2 functionality in Cisco IOS 15.2, 15.3, 15.4, and 15.5 and IOS XE 3.6E before 3.… | 2025-04-13T23:14:30.411000Z |
| var-201509-0317 | Multiple unspecified vulnerabilities in Citrix NetScaler Application Delivery Controller … | 2025-04-13T23:14:30.187000Z |
| var-201509-0322 | Cross-site scripting (XSS) vulnerability in the Administrative Web Interface in Citrix Ne… | 2025-04-13T23:14:30.157000Z |
| var-201510-0019 | The Web Management GUI on Cisco Wireless LAN Controller (WLC) devices with software 7.4(1… | 2025-04-13T23:14:25.679000Z |
| var-201511-0079 | Directory traversal vulnerability on Huawei HG532e, HG532n, and HG532s devices allows rem… | 2025-04-13T23:14:24.721000Z |
| var-201511-0184 | A vulnerability has been identified in SIMATIC NET CP 342-5 (incl. SIPLUS variants) (All … | 2025-04-13T23:14:24.583000Z |
| var-201512-0001 | The Neighbor Discovery (ND) protocol implementation in the IPv6 stack in Cisco IOS 15.3(3… | 2025-04-13T23:14:24.371000Z |
| var-201512-0018 | Cross-site request forgery (CSRF) vulnerability on eWON devices with firmware through 10.… | 2025-04-13T23:14:24.194000Z |
| var-201512-0022 | eWON devices with firmware through 10.1s0 support unspecified GET requests, which might a… | 2025-04-13T23:14:24.150000Z |
| var-201512-0019 | eWON devices with firmware before 10.1s0 omit RBAC for I/O server information and status … | 2025-04-13T23:14:24.104000Z |
| var-201512-0017 | eWON devices with firmware before 10.1s0 do not trigger the discarding of browser session… | 2025-04-13T23:14:24.038000Z |
| var-201512-0020 | Cross-site scripting (XSS) vulnerability on eWON devices with firmware through 10.1s0 all… | 2025-04-13T23:14:23.908000Z |
| var-201512-0085 | The management portal on ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 does not te… | 2025-04-13T23:14:23.838000Z |
| var-201512-0093 | The web administration interface on ZyXEL NBG-418N devices with firmware 1.00(AADZ.3)C0 h… | 2025-04-13T23:14:23.799000Z |
| var-201512-0086 | ZyXEL PMG5318-B20A devices with firmware 1.00AANC0b5 allow remote authenticated users to … | 2025-04-13T23:14:23.759000Z |
| var-201512-0082 | ZyXEL P-660HW-T1 2 devices with ZyNOS firmware 3.40(AXH.0), PMG5318-B20A devices with fir… | 2025-04-13T23:14:23.720000Z |
| var-201512-0083 | Multiple cross-site scripting (XSS) vulnerabilities in Forms/rpAuth_1 on ZyXEL P-660HW-T1… | 2025-04-13T23:14:23.680000Z |
| var-201512-0084 | The diagnostic-ping implementation on ZyXEL PMG5318-B20A devices with firmware before 1.0… | 2025-04-13T23:14:23.637000Z |
| var-201512-0094 | Cross-site request forgery (CSRF) vulnerability on ZyXEL NBG-418N devices with firmware 1… | 2025-04-13T23:14:23.599000Z |
| var-201512-0400 | Cisco FireSIGHT Management Center allows remote attackers to bypass the HTTP attack detec… | 2025-04-13T23:14:23.477000Z |
| var-201512-0421 | Cisco Unified Computing System (UCS) Central software 1.3(0.1) allows remote attackers to… | 2025-04-13T23:14:23.442000Z |
| var-201512-0547 | Cisco Unified Communications Manager (UCM) 8.0 through 8.6 allows remote attackers to byp… | 2025-04-13T23:14:23.375000Z |
| var-201601-0052 | Cross-site scripting (XSS) vulnerability in the Management Center in Cisco FireSIGHT Syst… | 2025-04-13T23:14:23.299000Z |
| var-201601-0157 | Huawei TE30, TE40, TE50, and TE60 multimedia video conferencing endpoints with software b… | 2025-04-13T23:14:23.234000Z |
| var-201601-0430 | The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2015-10-12 ha… | 2025-04-13T23:14:23.111000Z |
| var-201601-0607 | The setUpSubtleUserAccount function in /bin/bw on Harman AMX devices before 2016-01-20 ha… | 2025-04-13T23:14:23.077000Z |
| ID | Description | Updated |
|---|
| ID | Description | Published | Updated |
|---|---|---|---|
| suse-su-2021:1915-1 | Security update for the Linux Kernel | 2021-06-09T12:29:53Z | 2021-06-09T12:29:53Z |
| suse-su-2021:1914-1 | Security update for libopenmpt | 2021-06-09T12:29:45Z | 2021-06-09T12:29:45Z |
| suse-su-2021:1913-1 | Security update for the Linux Kernel | 2021-06-09T11:55:09Z | 2021-06-09T11:55:09Z |
| suse-su-2021:1912-1 | Security update for the Linux Kernel | 2021-06-09T11:54:48Z | 2021-06-09T11:54:48Z |
| suse-su-2021:1911-1 | Security update for spice-gtk | 2021-06-09T09:17:33Z | 2021-06-09T09:17:33Z |
| suse-su-2021:1906-1 | Security update for spice | 2021-06-08T17:32:40Z | 2021-06-08T17:32:40Z |
| suse-su-2021:1905-1 | Security update for spice-gtk | 2021-06-08T17:32:21Z | 2021-06-08T17:32:21Z |
| suse-su-2021:1904-1 | Security update for gstreamer-plugins-bad | 2021-06-08T17:32:11Z | 2021-06-08T17:32:11Z |
| suse-su-2021:14744-1 | Security update for spice | 2021-06-08T17:31:32Z | 2021-06-08T17:31:32Z |
| suse-su-2021:1902-1 | Security update for spice | 2021-06-08T17:30:44Z | 2021-06-08T17:30:44Z |
| suse-su-2021:1901-1 | Security update for spice | 2021-06-08T17:30:41Z | 2021-06-08T17:30:41Z |
| suse-su-2021:1900-1 | Security update for apache2-mod_auth_openidc | 2021-06-08T17:30:07Z | 2021-06-08T17:30:07Z |
| suse-su-2021:1899-1 | Security update for the Linux Kernel | 2021-06-08T17:29:39Z | 2021-06-08T17:29:39Z |
| suse-su-2021:1897-1 | Security update for libX11 | 2021-06-08T14:16:12Z | 2021-06-08T14:16:12Z |
| suse-su-2021:1896-1 | Security update for pam_radius | 2021-06-08T14:09:13Z | 2021-06-08T14:09:13Z |
| suse-su-2021:1895-1 | Security update for qemu | 2021-06-08T14:06:35Z | 2021-06-08T14:06:35Z |
| suse-su-2021:1894-1 | Security update for qemu | 2021-06-08T13:16:49Z | 2021-06-08T13:16:49Z |
| suse-su-2021:1893-1 | Security update for qemu | 2021-06-08T13:16:45Z | 2021-06-08T13:16:45Z |
| suse-su-2021:1892-1 | Security update for libX11 | 2021-06-08T13:15:46Z | 2021-06-08T13:15:46Z |
| suse-su-2021:1891-1 | Security update for the Linux Kernel | 2021-06-08T13:09:12Z | 2021-06-08T13:09:12Z |
| suse-su-2021:1890-1 | Security update for the Linux Kernel | 2021-06-08T13:08:52Z | 2021-06-08T13:08:52Z |
| suse-su-2021:1889-1 | Security update for the Linux Kernel | 2021-06-08T13:07:48Z | 2021-06-08T13:07:48Z |
| suse-su-2021:1888-1 | Security update for the Linux Kernel | 2021-06-08T13:07:31Z | 2021-06-08T13:07:31Z |
| suse-su-2021:1887-1 | Security update for the Linux Kernel | 2021-06-08T13:07:24Z | 2021-06-08T13:07:24Z |
| suse-su-2021:1886-1 | Security update for MozillaFirefox | 2021-06-08T13:06:26Z | 2021-06-08T13:06:26Z |
| suse-su-2021:1885-1 | Security update for runc | 2021-06-08T13:05:41Z | 2021-06-08T13:05:41Z |
| suse-su-2021:1884-1 | Security update for MozillaFirefox | 2021-06-08T13:05:35Z | 2021-06-08T13:05:35Z |
| suse-su-2021:14743-1 | Security update for MozillaFirefox | 2021-06-08T10:32:14Z | 2021-06-08T10:32:14Z |
| suse-su-2021:1880-1 | Security update for shim | 2021-06-08T07:58:34Z | 2021-06-08T07:58:34Z |
| suse-su-2021:1878-1 | Security update for 389-ds | 2021-06-08T07:15:03Z | 2021-06-08T07:15:03Z |
| ID | Description | Published | Updated |
|---|---|---|---|
| cnvd-2024-48431 | Siemens SINEC NMS缓冲区溢出漏洞 | 2024-12-16 | 2024-12-17 |
| cnvd-2024-48430 | Siemens Totally Integrated Automation Portal (TIA Portal)缓冲区溢出漏洞 | 2024-12-16 | 2024-12-17 |
| cnvd-2024-48382 | Google Chrome安全绕过漏洞(CNVD-2024-48382) | 2024-11-15 | 2024-12-17 |
| cnvd-2024-48381 | Google Chrome代码执行漏洞(CNVD-2024-48381) | 2024-11-15 | 2024-12-17 |
| cnvd-2024-48380 | Google Chrome安全绕过漏洞(CNVD-2024-48380) | 2024-11-15 | 2024-12-17 |
| cnvd-2024-48379 | Google Chrome安全绕过漏洞(CNVD-2024-48379) | 2024-11-15 | 2024-12-17 |
| cnvd-2024-48378 | Google Chrome安全绕过漏洞(CNVD-2024-48378) | 2024-11-15 | 2024-12-17 |
| cnvd-2024-48377 | Google Chrome代码执行漏洞(CNVD-2024-48377) | 2024-11-21 | 2024-12-17 |
| cnvd-2024-48376 | Google Chrome代码执行漏洞(CNVD-2024-48376) | 2024-12-06 | 2024-12-17 |
| cnvd-2024-48222 | Adobe Substance 3D Painter缓冲区溢出漏洞(CNVD-2024-48222) | 2024-11-15 | 2024-12-17 |
| cnvd-2024-48221 | Adobe Substance 3D Painter缓冲区溢出漏洞(CNVD-2024-48221) | 2024-11-15 | 2024-12-17 |
| cnvd-2024-48220 | Adobe Substance 3D Painter缓冲区溢出漏洞(CNVD-2024-48220) | 2024-11-15 | 2024-12-17 |
| cnvd-2024-48219 | Adobe Substance 3D Painter缓冲区溢出漏洞(CNVD-2024-48219) | 2024-11-15 | 2024-12-16 |
| cnvd-2024-48218 | Adobe Substance 3D Painter缓冲区溢出漏洞(CNVD-2024-48218) | 2024-11-15 | 2024-12-16 |
| cnvd-2024-48217 | Adobe Substance 3D Painter缓冲区溢出漏洞(CNVD-2024-48217) | 2024-11-15 | 2024-12-16 |
| cnvd-2024-48216 | Adobe Substance 3D Painter缓冲区溢出漏洞(CNVD-2024-48216) | 2024-11-15 | 2024-12-16 |
| cnvd-2024-48215 | Adobe Substance 3D Painter缓冲区溢出漏洞(CNVD-2024-48215) | 2024-11-15 | 2024-12-16 |
| cnvd-2024-48214 | Adobe Substance 3D Painter缓冲区溢出漏洞(CNVD-2024-48214) | 2024-11-15 | 2024-12-16 |
| cnvd-2024-48213 | Adobe Substance 3D Painter代码问题漏洞(CNVD-2024-48213) | 2024-11-15 | 2024-12-16 |
| cnvd-2024-48212 | Adobe Substance 3D Painter资源管理错误漏洞(CNVD-2024-48212) | 2024-11-15 | 2024-12-16 |
| cnvd-2024-48211 | Adobe Substance 3D Stager缓冲区溢出漏洞(CNVD-2024-48211) | 2024-12-06 | 2024-12-16 |
| cnvd-2024-48210 | FFmpeg存在未明漏洞(CNVD-2024-48210) | 2024-12-06 | 2024-12-16 |
| cnvd-2024-48032 | 中科方德软件有限公司方德桌面操作系统存在命令执行漏洞 | 2024-11-01 | 2024-12-16 |
| cnvd-2024-48031 | 中科方德软件有限公司方德桌面操作系统存在命令执行漏洞 | 2024-11-01 | 2024-12-16 |
| cnvd-2024-48030 | 中科方德软件有限公司方德桌面操作系统存在权限提升漏洞 | 2024-11-01 | 2024-12-16 |
| cnvd-2024-48022 | 浙江大华技术股份有限公司智慧园区综合管理平台存在命令执行漏洞 | 2024-11-01 | 2024-12-16 |
| cnvd-2024-47177 | 贵州小码科技有限公司jpress存在文件上传漏洞 | 2024-10-31 | 2024-12-15 |
| cnvd-2024-47342 | 北京亚控科技发展有限公司KingPortal开发系统客户端存在任意文件读取漏洞 | 2024-10-30 | 2024-12-14 |
| cnvd-2024-48103 | Tenda i9拒绝服务漏洞 | 2024-12-06 | 2024-12-13 |
| cnvd-2024-48102 | Tenda AC10 formSetDeviceName函数堆栈溢出漏洞 | 2022-10-19 | 2024-12-13 |
| ID | Description | Published | Updated |
|---|---|---|---|
| certa-2012-avi-001 | Vulnérabilité dans Arkoon FAST360 | 2012-01-04T00:00:00.000000 | 2012-01-04T00:00:00.000000 |
| certa-2011-avi-730 | Vulnérabilité dans Apache Tomcat | 2011-12-30T00:00:00.000000 | 2011-12-30T00:00:00.000000 |
| certa-2011-avi-729 | Vulnérabilité dans Ruby | 2011-12-30T00:00:00.000000 | 2011-12-30T00:00:00.000000 |
| certa-2011-avi-728 | Vulnérabilité dans PHP | 2011-12-30T00:00:00.000000 | 2011-12-30T00:00:00.000000 |
| certa-2011-avi-727 | Vulnérabilités dans l'implémentation ASP.Net du Microsoft .NET Framework | 2011-12-30T00:00:00.000000 | 2011-12-30T00:00:00.000000 |
| certa-2011-avi-726 | Multiples vulnérabilités dans F5 Enterprise Manager | 2011-12-28T00:00:00.000000 | 2011-12-28T00:00:00.000000 |
| certa-2011-avi-725 | Vulnérabilité dans IBM DB2 | 2011-12-26T00:00:00.000000 | 2011-12-26T00:00:00.000000 |
| certa-2011-avi-724 | Vulnérabilité dans IBM Lotus Domino | 2011-12-26T00:00:00.000000 | 2011-12-26T00:00:00.000000 |
| certa-2011-avi-723 | Multiples vulnérabilités dans les produits Websense | 2011-12-26T00:00:00.000000 | 2011-12-26T00:00:00.000000 |
| certa-2011-avi-722 | Vulnérabilité dans pam_ssh sur FreeBSD | 2011-12-26T00:00:00.000000 | 2011-12-26T00:00:00.000000 |
| certa-2011-avi-721 | Multiples vulnérabilités dans HP Managed Printing Administration | 2011-12-26T00:00:00.000000 | 2011-12-26T00:00:00.000000 |
| certa-2011-avi-720 | Vulnérabilité dans phpMyAdmin | 2011-12-26T00:00:00.000000 | 2011-12-26T00:00:00.000000 |
| certa-2011-avi-719 | Vulnérabilité dans phpMyAdmin | 2011-12-26T00:00:00.000000 | 2011-12-26T00:00:00.000000 |
| certa-2011-avi-718 | Vulnérabilité dans telnetd sur FreeBSD | 2011-12-26T00:00:00.000000 | 2011-12-26T00:00:00.000000 |
| certa-2011-avi-706 | Vulnérabilité dans OpenPAM | 2011-12-19T00:00:00.000000 | 2011-12-26T00:00:00.000000 |
| certa-2011-avi-717 | Vulnérabilités dans Moodle | 2011-12-23T00:00:00.000000 | 2011-12-23T00:00:00.000000 |
| certa-2011-avi-716 | Vulnérabilité dans le pilote NVIDIA Stereoscopic 3D | 2011-12-22T00:00:00.000000 | 2011-12-22T00:00:00.000000 |
| certa-2011-avi-715 | Vulnérabilité dans Tiki Wiki | 2011-12-21T00:00:00.000000 | 2011-12-21T00:00:00.000000 |
| certa-2011-avi-714 | Vulnérabilité dans PuTTY | 2011-12-21T00:00:00.000000 | 2011-12-21T00:00:00.000000 |
| certa-2011-avi-713 | Vulnérabilité dans VLC media player | 2011-12-21T00:00:00.000000 | 2011-12-21T00:00:00.000000 |
| certa-2011-avi-712 | Vulnérabilités dans les produits Mozilla | 2011-12-21T00:00:00.000000 | 2011-12-21T00:00:00.000000 |
| certa-2011-avi-711 | Vulnérabilité dans bzexe | 2011-12-21T00:00:00.000000 | 2011-12-21T00:00:00.000000 |
| certa-2011-avi-710 | Vulnérabilité dans IBM Tivoli Federated Identity Manager | 2011-12-21T00:00:00.000000 | 2011-12-21T00:00:00.000000 |
| certa-2011-avi-709 | Multiples vulnérabilités dans Nagios | 2011-12-19T00:00:00.000000 | 2011-12-19T00:00:00.000000 |
| certa-2011-avi-708 | Vulnérabilité dans Intel TXT (solution de sécurité de processeurs Intel) SINIT | 2011-12-19T00:00:00.000000 | 2011-12-19T00:00:00.000000 |
| certa-2011-avi-707 | Vulnérabilité dans EMC RSA Adaptative Authentication On-Premise | 2011-12-19T00:00:00.000000 | 2011-12-19T00:00:00.000000 |
| certa-2011-avi-705 | Vulnérabilités dans Adobe Reader et Acrobat Reader | 2011-12-19T00:00:00.000000 | 2011-12-19T00:00:00.000000 |
| certa-2011-avi-704 | Vulnérabilité dans un produit Hitachi | 2011-12-16T00:00:00.000000 | 2011-12-16T00:00:00.000000 |
| certa-2011-avi-703 | Vulnérabilités dans JBoss | 2011-12-16T00:00:00.000000 | 2011-12-16T00:00:00.000000 |
| certa-2011-avi-702 | Vulnérabilités dans AIX | 2011-12-16T00:00:00.000000 | 2011-12-16T00:00:00.000000 |