4 Apr 2025 | VULN205 | Apache : ATS is vulnerable to request smuggling via chunked messages | Systems running ATS versions prior to 9.2.10, 10.0.5.
|
4 Apr 2025 | VULN204 | Rockwell Automation : Lifecycle Services with Veeam Backup and Replication are Vulnerable to third-party Vulnerabilities | Systems running Industrial Data Center (IDC) with Veeam versions Generations 1 – 5, VersaVirtual™ Appliance (VVA) with Veeam versions Series A - C.
|
4 Apr 2025 | VULN202 | Ivanti : April Security Advisory Ivanti Connect Secure, Policy Secure & ZTA Gateways (CVE-2025-22457) | Systems running Ivanti Connect Secure versions prior to 22.7R2.6, Pulse Connect Secure (EoS) versions prior to 22.7R2.6, Ivanti Policy Secure versions prior to 22.7R1.4, ZTA Gateways versions prior to 22.8R2.2.
|
4 Apr 2025 | VULN203 | IBM : IBM App Connect Enterprise is vulnerable to Remote Code Execution and improper preservation of permissions | Systems running IBM App Connect Enterprise versions 13.0.1.0 - 13.0.2.2, 12.0.1.0 - 12.0.12.11.
|
4 Apr 2025 | VULN201 | xz : XZ Utils Threaded decoder frees memory too early | Systems running xz versions prior to 5.8.1.
|
4 Apr 2025 | VULN200.1 | Canon : CP2025-003 Vulnerability Remediation for Certain Printer Drivers | Systems running Generic Plus PCL6 Printer Driver, Generic Plus UFR II Printer Driver, Generic Plus LIPS4 Printer Driver, Generic Plus LIPSLX Printer Driver, Generic Plus PS Printer Driver, versions prior to 3.12.
|
3 Apr 2025 | VULN200 | Canon : CP2025-003 Vulnerability Remediation for Certain Printer Drivers | Systems running Generic Plus PCL6 Printer Driver, Generic Plus UFR II Printer Driver, Generic Plus LIPS4 Printer Driver, Generic Plus LIPSLX Printer Driver, Generic Plus PS Printer Driver, versions prior to 1.4.5.
|
3 Apr 2025 | VULN199 | Cisco : Cisco Security Advisories Published on April 02, 2025 | Systems running Cisco Meraki MX and Z Serie, Cisco Enterprise Chat and Email, Cisco Evolved Programmable Network Manager and Cisco Prime Infrastructure.
|
3 Apr 2025 | VULN198 | OpenVPN : CVE-2025-2704 OpenVPN can reach an assertion failed state when receiving specially crafted packets | Systems running OpenVPN versions 2.6.1 up to and including 2.6.13.
|
3 Apr 2025 | VULN197 | Jenkins : Jenkins Security Advisory 2025-04-02 | Systems running Jenkins (core), AsakusaSatellite Plugin, Cadence vManager Plugin, monitor-remote-job Plugin, Simple Queue Plugin, Stack Hammer Plugin, Templating Engine Plugin.
|
3 Apr 2025 | VULN196 | Django : Django security releases issued 5.1.8 and 5.0.14 | Systems running Django versions prior to 5.1.8, 5.0.14.
|
2 Apr 2025 | STAT10.1 | |
|
2 Apr 2025 | VULN195 | Apache : Camel-Undertow Message Header Injection via Improper Filtering | Systems running Apache Camel versions prior to 4.10.3, 4.8.6.
|
2 Apr 2025 | VULN194 | Go : Go 1.24.2 and Go 1.23.8 are released | Systems running Go versions prior to 1.24.2, 1.23.8.
|
1 Apr 2025 | VULN193 | Apache : Apache Answer Using externally referenced images can leak user privacy | Systems running Apache Answer versions prior to 1.4.5.
|
1 Apr 2025 | VULN192 | APPLE : APPLE-SA-03-31-2025-7 macOS Sequoia 15.4 and Sonoma 14.7.5 | macOS versions prior to Sequoia 15.4, Sonoma 14.7.5.
|
1 Apr 2025 | VULN191 | APPLE : iOS 16.7.11, 15.8.4 and iPadOS 16.7.11, 15.8.4 | iOS, iPadOS versions prior to 16.7.11, 15.8.4.
|
1 Apr 2025 | VULN190 | Broadcom : VMware Aria Operations updates address a local privilege escalation vulnerability (CVE-2025-22231) | Systems running VMware Aria Operations, VMware Telco Cloud Platform, VMware Telco Cloud Infrastructure versions prior to 8.18 HF 5, VMware Cloud Foundation versions 5.x,4.x.
|
1 Apr 2025 | VULN189 | Apache : Apache Parquet Java Arbitrary code execution in the parquet-avro module | Systems running Apache Parquet Java versions prior to 1.15.1.
|
1 Apr 2025 | VULN188 | Apache : Apache ActiveMQ Artemis Address routing-type can be updated by user without the createAddress permission | Systems running ActiveMQ Artemis versions prior to 2.40.0.
|
1 Apr 2025 | VULN187 | Rancher : Restricted Administrator can change Administrator's passwords | Systems running Rancher versions prior to 2.8.14, 2.9.8, 2.10.4, 2.11.0.
|
28 Mar 2025 | VULN186 | Stormshield : DoS on multicast routing | Systems running Stormshield Network Security versions prior to 4.3.35.
|
28 Mar 2025 | VULN185 | Mozilla : Security Vulnerability fixed in Firefox 136.0.4, Firefox ESR 128.8.1, Firefox ESR 115.21.1 | Systems running Firefox versions prior to 136.0.4, Firefox ESR versions prior to 115.21.1, 128.8.1.
|
28 Mar 2025 | VULN184 | Vega : XSS vulnerabilities fixed in Vega | Systems running Vega versions prior to 5.32.0, vega-functions versions prior to 5.17.0.
|
28 Mar 2025 | VULN183 | Apache : CVE-2024-56325 Apache Pinot Authentication bypass issue | Systems running Apache Pinot versions prior to 1.3.
|
28 Mar 2025 | VULN182 | Synapse : Federation denial of service via malformed events | Systems running Synapse versions prior to 1.127.1.
|
27 Mar 2025 | STAT10 | |
|
27 Mar 2025 | STAT09 | |
|
27 Mar 2025 | VULN181 | GitLab : GitLab Patch Release: 17.10.1, 17.9.3, 17.8.6 | Systems running GitLab versions prior to 17.10.1, 17.9.3, 17.8.6.
|
27 Mar 2025 | VULN180 | Apache : remote code execution and SSRF Vulnerabilities fixed in Apache Kylin | Systems running Apache Kylin versions prior to 5.0.2.
|
27 Mar 2025 | VULN179 | Jetbrains : TeamCity Vulnerabilities fixed | Systems running TeamCity versions prior to 2025.03.
|
26 Mar 2025 | VULN178 | Exim : use-after-free Vulnerability in Exim | Systems running Exim versions prior to 4.98.2.
|
26 Mar 2025 | VULN177 | JetBrains : Arbitrary dynamic library execution Vulnerability fixed in JetBrains Runtime | Systems running JetBrains Runtime versions prior to 21.0.6b872.80.
|
26 Mar 2025 | VULN176 | Jetbrains : XXE vulnerability fixed in Goland | Systems running Jetbrains Goland versions prior to 2025.1.
|
26 Mar 2025 | VULN175 | Moodle : Vulnerabilities exposing user data fixed in Moodle | Systems running Moodle versions prior to 4.5.3, 4.4.7, 4.3.11, 4.1.17.
|
26 Mar 2025 | VULN174 | Google Chrome : Chrome 134.0.6998.177/.178 fixes 0day Vulnerability | Systems running Google Chrome versions prior to 134.0.6998.177/.178.
|
26 Mar 2025 | VULN173 | Rack : Local file inclusion in `Rack::Static` | Systems running rack (RubyGems) versions prior to 2.2.13, 3.0.14, 3.1.12.
|
25 Mar 2025 | VULN172 | Tenable : [R1] Nessus Agent Version 10.8.3 Fixes One Vulnerability | Systems running Nessus Agent versions prior to 10.8.3.
|
25 Mar 2025 | VULN171 | Synology : Synology-SA-25:04 SRM | Systems running SRM versions 1.3 prior to 1.3.1-9346-13.
|
25 Mar 2025 | VULN170 | Mercurial : Mercurial 6.9.4 tagged (CVE-2025-2361) | Systems running Mercurial versions prior to 6.9.4.
|
25 Mar 2025 | VULN169 | Kubernetes : Multiple vulnerabilities in ingress-nginx | Systems running kubernetes with ingress-nginx versions prior to 1.11.5, 1.12.1.
|
25 Mar 2025 | VULN168 | Apache : SQL injection and XSS vulnerabilities fixed in Apache VCL | Systems running Apache VCL versions prior to 2.5.2.
|
25 Mar 2025 | VULN167 | VMware : VMware Tools for Windows update addresses an authentication bypass vulnerability (CVE-2025-22230) | Windows running VMware Tools versions prior to 12.5.1.
|
24 Mar 2025 | VULN166 | Qnap : Vulnerability in NAKIVO Backup & Replication | Systems running NAKIVO Backup & Replication versions up to and including 10.11.3.86570.
|
24 Mar 2025 | VULN165 | Apache : Possible path traversal and Exposure of Sensitive Information issues fixed | Systems running Apache Commons VFS versions prior to 2.10.0.
|
21 Mar 2025 | VULN164 | Mattermost : Multiple vulnerabilities fixed in Mattermost | Systems running Mattermost versions prior to 10.6.0, 10.5.2, 10.4.4, 9.11.10.
|
21 Mar 2025 | VULN163 | Next.js : Authorization Bypass in Next.js Middleware | Systems running Next.js versions prior to 14.2.25, 15.2.3.
|
21 Mar 2025 | VULN162 | HPE Aruba Networking : HPE Aruba Networking AOS-CX Multiple Vulnerabilities | Systems running HPE Aruba Networking AOS-CX versions prior to AOS-CX 10.15.1005, 10.14.1040, 10.13.1080, 10.10.1150.
|
21 Mar 2025 | VULN161 | nuxt : DOS via cache poisoning with payload rendering response | Systems running nuxt versions prior to 3.16.0.
|
21 Mar 2025 | VULN160 | Kubernetes : CVE-2024-7598 Network restriction bypass via race condition during namespace termination | Systems running kube-apiserver versions prior to 1.3.
|
21 Mar 2025 | VULN159 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2025-0002 | Systems running WebKitGTK, WPE WebKit versions prior to 2.48.0, WPE WebKit versions prior to 2.46.7.
|
21 Mar 2025 | STAT08 | |
|
20 Mar 2025 | VULN158 | Google Chrome : Chrome 134.0.6998.117/.118 fixes vulnerabilities | Systems running Google Chrome versions prior to 134.0.6998.117/.118.
|
20 Mar 2025 | VULN157 | Drupal : Drupal core - Moderately critical - Cross Site Scripting - SA-CORE-2025-004 | Systems running Drupal core versions prior to 10.3.14, 10.4.5, 11.0.13, 11.1.5.
|
20 Mar 2025 | VULN156 | Spring : Vulnerabilities fixed in Spring Security 6.4.4 | Systems running Spring Security versions prior to 6.4.4.
|
20 Mar 2025 | VULN155 | Veeam : remote code execution (RCE) vulnerability fixed in Veeam Backup & Replication | Systems running Veeam Backup & Replication versions prior to 12.3.1 (build 12.3.1.1139).
|
20 Mar 2025 | VULN154 | Apache : CVE-2025-27888 Apache Druid Server-Side Request Forgery and Cross-Site Scripting | Systems running Apache Druid versions prior to 31.0.2, 32.0.1.
|
19 Mar 2025 | VULN153 | vllm : Remote Code Execution via Mooncake Integration and DoS vulnerability fixed | Systems running vllm versions prior to 0.8.0.
|
19 Mar 2025 | VULN152 | Apache : CVE-2025-27018 Apache Airflow MySQL Provider SQL injection in MySQL provider core function | Systems running Apache Airflow MySQL Provider versions prior to 6.2.0.
|
19 Mar 2025 | VULN151 | Jenkins : Jenkins Security Advisory 2025-03-19 | Systems running AnchorChain Plugin for Jenkins, EDDSA API Plugin for Jenkins, Zoho QEngine Plugin for Jenkins.
|
19 Mar 2025 | VULN150 | glpi : Multiple vulnerabilities fixed in glpi | Systems running glpi versions prior to 10.0.18.
|
19 Mar 2025 | VULN149 | Expat : Stack overflow vulnerability fixed in libexpat 2.7.0 | Systems running libexpat versions prior to 2.7.0.
|
19 Mar 2025 | VULN148 | tj-actions : tj-action/changed-files GitHub action compromised | Systems running tj-actions/changed-files (GitHub Actions) versions prior to 46.0.1.
|
18 Mar 2025 | VULN147 | PHP : Multiple vulnerabilities fixed in PHP 8.1.32, 8.2.28, 8.3.19, 8.4.5 | Systems running PHP versions prior to 8.1.32, 8.2.28, 8.3.19, 8.4.5.
|
18 Mar 2025 | VULN146 | Shibboleth : Shibboleth Service Provider Security Advisory [13 March 2025] | Systems running Shibboleth SP with OpenSAML library package versions prior to 3.3.1.
|
14 Mar 2025 | VULN145 | Kubernetes : CVE-2025-1767 GitRepo Volume Inadvertent Local Repository Access | Systems running Kubernetes.
|
14 Mar 2025 | VULN144 | Apple : Webkit vulnerability fixed in Safari, iOS, iPadOS, macOS, visionOS | Systems running Safari versions prior to 18.3.1, iOS, iPadOS versions prior to 18.3.2, macOS Sequoia 15.3.2 versions prior to 15.3.2, visionOS versions prior to 2.3.2.
|
18 Mar 2025 | VULN143 | Joomla! : [20250301] - Core - Malicious file uploads via Media Manager | Systems running Joomla! versions prior to 4.4.12, 5.2.5.
|
14 Mar 2025 | VULN142 | Apache : CVE-2025-27017 Apache NiFi Potential Insertion of MongoDB Password in Provenance Record | Systems running Apache NiFi versions prior to 2.3.0.
|
14 Mar 2025 | VULN141 | Apache : CVE-2025-29891 Apache Camel: Camel Message Header Injection through request parameters | Systems running Apache Camel versions prior to 4.10.2 for 4.10.x LTS, 4.8.5 for 4.8.x LTS, 3.22.4 for 3.x releases.
|
14 Mar 2025 | VULN140 | Apache : CVE-2025-24813 Potential RCE and/or information disclosure and/or information corruption with partial PUT | Systems running Apache Tomcat versions prior to 11.0.3, 10.1.35, 9.0.99.
|
14 Mar 2025 | VULN139 | graphql-ruby : Remote code execution when loading a crafted GraphQL schema | Systems running graphql versions prior to 1.11.11, 1.12.25, 1.13.24, 2.0.32, 2.1.15, 2.2.17, 2.3.21, 2.4.13.
|
14 Mar 2025 | VULN138 | GitLab : GitLab Critical Patch Release: 17.9.2, 17.8.5, 17.7.7 | Systems running GitLab versions prior to 17.9.2, 17.8.5, 17.7.7.
|
14 Mar 2025 | VULN137 | Elastic : Kibana 8.17.3 Security Update (ESA-2025-06) | Systems running Kibana versions prior to 8.17.3.
|
14 Mar 2025 | VULN136 | Golang : [security] Go 1.24.1 and Go 1.23.7 are released | Systems running Go versions prior to 1.24.1, 1.23.7.
|
10 Mar 2025 | VULN135 | Django : Django security releases issued: 5.1.7, 5.0.13 and 4.2.20 | Systems running Django versions prior to 5.1.7, 5.0.13, 4.2.20.
|
10 Mar 2025 | VULN134 | Xen : Xen Security Notice 2 (CVE-2024-35347) AMD CPU Microcode Signature Verification Vulnerability | Systems running Xen.
|
10 Mar 2025 | VULN133 | Jenkins : Jenkins Security Advisory 2025-03-05 | Systems running Jenkins versions prior to weekly 2.500, LTS 2.492.1.
|
4 Mar 2025 | STAT07 | |
|
3 Mar 2025 | VULN132 | MongoDB : Character injection vulnerabilities fixed in MongoDB Shell | Systems running mongosh versions prior to 2.3.9.
|
3 Mar 2025 | VULN131 | Vim : potential code execution with tar.vim and special crafted tar files | Systems running Vim versions prior to 9.1.1164.
|
28 Feb 2025 | VULN130 | GitLab : GitLab Patch Release: 17.9.1, 17.8.4, 17.7.6 | Systems running GitLab versions prior to 17.9.1, 17.8.4, 17.7.6.
|
28 Feb 2025 | VULN129 | Apache : CVE-2025-27531 Apache InLong: An arbitrary file read vulnerability for JDBC | Systems running Apache InLong versions prior to 2.1.0.
|
28 Feb 2025 | VULN128 | Xen : deadlock potential with VT-d and legacy PCI device pass-through | Systems running Xen.
|
28 Feb 2025 | VULN127 | Rancher : Multiple vulnerabilities fixed in Rancher | Systems running rancher versions prior to 2.8.13, 2.9.7, 2.10.3.
|
26 Feb 2025 | VULN126 | Google Chrome : Stable channel for Chrome updated to 133.0.6943.141/.142 | Systems running Google Chrome versions prior to 133.0.6943.141/.142.
|
26 Feb 2025 | VULN125 | LibreOffice : Executable hyperlink Windows path targets executed unconditionally on activation | Systems running LibreOffice versions prior to 24.8.5.
|
26 Feb 2025 | VULN124 | Cisco : Cisco Security Advisories Published on February 26, 2025 | Systems running Cisco Nexus 3000 and 9000 Series Switches Health Monitoring Diagnostics, Cisco Application Policy Infrastructure Controller, Cisco Nexus 3000 and 9000 Series Switches software.
|
26 Feb 2025 | VULN123 | GLPI : Mulltiple security vulnerabilities fixed in GLPI 10.0.18 | Systems running glpi versions prior to 10.0.18.
|
26 Feb 2025 | VULN122 | LTI JupyterHub Authenticator : LTI JupyterHub Authenticator does not properly validate JWT Signature | Systems running jupyterhub-ltiauthenticator (pip) versions prior to 1.4.0.
|
26 Feb 2025 | VULN121 | X.Org : multiple security issues X.Org X server and Xwayland | Systems running X.Org versions prior to 21.1.16, Xwayland versions prior to 24.1.6.
|
25 Feb 2025 | STAT06 | |
|
25 Feb 2025 | VULN120 | Exiv2 : Use After Free in TiffSubIfd | Systems running Exiv2 versions prior to 0.28.5.
|
25 Feb 2025 | VULN119 | Mattermost : Multiple security vulnerabilities fixed in Mattermost | Systems running Mattermost versions prior to 10.5.0, 10.4.3, 10.3.4, 9.11.9.
|
24 Feb 2025 | VULN118 | CERT.PL : Vulnerability in DocsGPT software | Systems running DocsGPT versions 0.8.1 up to and including 0.12.0.
|
24 Feb 2025 | VULN117 | OpenH264 : OpenH264 Decoding Functions Heap Overflow Vulnerability | Systems running OpenH264 versions prior to 2.6.0.
|
24 Feb 2025 | VULN116 | Exim : SQL injection fixed in Exim | Systems running Exim versions prior to 4.98.1.
|
20 Feb 2025 | VULN115 | Atlassian : DoS (Denial of Service) com.google.protobuf:protobuf-java Dependency in Jira Software Data Center and Server | Systems running Jira Software Data Center and Server versions prior to 9.4.28, 9.12.15, 9.17.4, 10.1.2.
|
20 Feb 2025 | VULN114 | Atlassian : RCE (Remote Code Execution) org.apache.tomcat:tomcat-catalina Dependency in Confluence Data Center and Server | Systems running Confluence Data Center, Confluence Server versions prior to 9.2.1, 8.5.19.
|
20 Feb 2025 | VULN113 | Google Chrome : Stable channel for Chrome updated to 133.0.6943.126/.127 | Systems running Google Chrome versions prior to 133.0.6943.126/.127.
|
20 Feb 2025 | VULN112 | Wireshark : wnpa-sec-2025-01 =?UTF-8?Q?=C2=B7?= Bundle Protocol and CBOR dissector crash | Systems running Wireshark.
|
20 Feb 2025 | VULN111 | Drupal : Security Vulnerabilities fixed in Drupal core | Systems running Drupal core versions prior to 135.0.1, 10.4.3, 11.0.12, 11.1.3.
|
20 Feb 2025 | VULN110 | JSONPath : JSONPath Plus allows Remote Code Execution | Systems running JSONPath Plus versions prior to 10.3.0.
|
20 Feb 2025 | VULN109 | Nokogiri : Nokogiri updates packaged libxml2 to 2.13.6 to resolve CVE-2025-24928 and CVE-2024-56171 | Systems running Nokogiri versions prior to 1.18.3.
|
20 Feb 2025 | VULN108 | libxml2 : stack-based buffer overflow in libxml2 before 2.12.10 and 2.13.x before 2.13.6 | Systems running libxml2 versions prior to 2.12.10, 2.13.6.
|
19 Feb 2025 | VULN107 | Mozilla : Security Vulnerabilities fixed in Firefox 135.0.1 | Systems running Mozilla Firefox versions prior to 135.0.1.
|
19 Feb 2025 | VULN106 | Citrix : Citrix Secure Access Client for Mac Security Bulletin for CVE-2025-1222 and CVE-2025-1223 | Systems running Citrix Secure Access Client for Mac versions prior to 25.01.2.
|
19 Feb 2025 | VULN105 | Citrix : NetScaler Console and NetScaler Agent Security Bulletin for CVE-2024-12284 | Systems running NetScaler Console, NetScaler Agent versions prior to 14.1-38.53, 13.1-56.18.
|
19 Feb 2025 | VULN104 | Joomla! : Core - SQL injection vulnerability in Scheduled Tasks component | Systems running Joomla! versions prior to 4.4.11, 5.2.4.
|
19 Feb 2025 | VULN103 | GRUB: [SECURITY PATCH 00/73] GRUB2 vulnerabilities | Systems running GRUB2.
|
19 Feb 2025 | VULN102 | Vega : XSS via vlSelectionTuples function | Systems running vega (npm) versions prior to 5.26.0, vega-selections (npm) versions prior to 5.4.2.
|
18 Feb 2025 | VULN101 | OpenSSH: OpenSSH 9.9p2 fix MITM and DoS vulnerabilities | Systems running OpenSSH versions prior to 9.9p2.
|
18 Feb 2025 | VULN100 | Moodle : Multiple vulnerabilities fixed in Moodle | Systems running Moodle versions prior to 4.5.2, 4.4.6, 4.3.10, 4.1.16.
|
18 Feb 2025 | VULN099 | Apache : Apache EventMesh raft Hessian Deserialization Vulnerability allowing remote code execution | Systems running Apache EventMesh versions prior to 1.11.0-release.
|
18 Feb 2025 | VULN098 | Vim : heap use-after-free in str_to_reg() in Vim prior to 9.1.1115 | Systems running Vim versions prior to 9.1.1115.
|
18 Feb 2025 | VULN097 | Apache : Apache Ignite Possible RCE when deserializing incoming messages by the server node | Systems running Apache Ignite versions prior to 2.17.0.
|
18 Feb 2025 | STAT05 | |
|
14 Feb 2025 | VULN096 | PostgreSQL : PostgreSQL 17.3, 16.7, 15.11, 14.16, and 13.19 Released! | Systems running PostgreSQL versions prior to 17.3, 16.7, 15.11, 14.16, 13.19.
|
14 Feb 2025 | VULN095 | AMD : AMD =?UTF-8?Q?Ryzen=E2=84=A2?= Master Utility DLL Hijacking Vulnerability | Systems running AMD Ryzenâ„¢ Master Utility versions prior to 2.14.0.3205.
|
13 Feb 2025 | VULN094 | Google : Chrome Stable channel updated to 133.0.6943.98/.99 | Systems running Google Chrome versions prior to 133.0.6943.98/.99.
|
13 Feb 2025 | VULN093 | Kubernetes : CVE-2025-0426 Node Denial of Service via kubelet Checkpoint API | Systems running kubelet versions prior to 1.32.2, 1.31.6, 1.30.10, 1.29.14.
|
13 Feb 2025 | VULN092 | koa : Inefficient Regular Expression Complexity in koa | Systems running koa (npm) versions prior to 2.15.4, 3.0.0-alpha.3, 1.7.1, 0.21.2.
|
13 Feb 2025 | VULN091 | Apache : Apache Atlas An authenticated user can perform XSS and potentially impersonate another user | Systems running Apache Atlas versions prior to 2.4.0.
|
13 Feb 2025 | VULN090 | elliptic : Private key extraction in ECDSA upon signing a malformed input (e.g. a string) | Systems running elliptic versions prior to 6.6.1.
|
12 Feb 2025 | VULN089 | CERT/CC : PandasAI interactive prompt function can be exploited to run arbitrary Python code through prompt injection | Systems running PandasAI, Sinaptik AI.
|
12 Feb 2025 | VULN088 | Apache : CVE-2024-32838 Apache Fineract: SQL injection vulnerabilities in offices API endpoint | Systems running Apache Fineract versions 1.10.1.
|
12 Feb 2025 | VULN087 | OpenSSL : RFC7250 handshakes with unauthenticated servers don't abort as expected (CVE-2024-12797) | Systems running OpenSSL versions prior to 3.4.1, 3.3.3, 3.2.4.
|
12 Feb 2025 | VULN086 | Gitlab : GitLab Patch Release: 17.8.2, 17.7.4, 17.6.5 | Systems running GitLab versions 17.8.2, 17.7.4, 17.6.5
|
12 Feb 2025 | VULN085 | (SPIP : Mise =?UTF-8?Q?=C3=A0?= jour critique de =?UTF-8?Q?s=C3=A9curit=C3=A9?= pour le plugin =?UTF-8?Q?=C2=AB?= Saisies pour formulaire =?UTF-8?Q?=C2=BB=29?= | Systems running « Saisies pour formulaire » pour SPIP versions 5.11.1.
|
12 Feb 2025 | VULN084 | Ivanti : Security Advisory Ivanti Cloud Services Application (CSA) | Systems running Ivanti Cloud Services Application versions prior to 5.0.5.
|
12 Feb 2025 | VULN083 | Ivanti : Ivanti Connect Secure (ICS),Ivanti Policy Secure (IPS) and Ivanti Secure Access Client (ISAC) (Multiple CVEs) | Systems running Ivanti Connect Secure (ICS) versions prior to 22.7R2.6, Ivanti Policy Secure (IPS) versions prior to 22.7R1.3, Ivanti Secure Access Client (ISAC) versions prior to 22.8R1.
|
11 Feb 2025 | VULN082 | Apache : Apache Cassandra User with MODIFY permission on ALL KEYSPACES can escalate privileges to superuser via unsafe actions (4.0.16 only) | Systems running Apache Cassandra versions 4.0.16.
|
11 Feb 2025 | VULN081 | SAP : SAP Security Patch Day - February 2025 | Systems running SAP products.
|
11 Feb 2025 | STAT04 | |
|
11 Feb 2025 | VULN080 | APPLE : iOS 18.3.1, iPadOS 18.3.1 and iPadOS 17.7.5 | Systems running iOS, iPadOS versions prior to 18.3.1, iPadOS versions prior to 17.7.5.
|
10 Feb 2025 | VULN079 | Zimbra : Patch for Zimbra Classic Web Client Vulnerability =?UTF-8?Q?=E2=80=93?= Stay Secure by Updating | Systems running Zimbra versions prior to 9.0.0 P44, Daffodil 10.1.5, 10.0.13.
|
10 Feb 2025 | VULN078 | WebKit : WebKitGTK and WPE WebKit Security Advisory WSA-2025-0001 | Systems running WebKitGTK, WPE WebKit versions prior to 2.46.6, 2.44.0.
|
10 Feb 2025 | VULN077 | Apache : CVE-2025-25247 Apache Felix Webconsole XSS in services console | Systems running Apache Felix versions prior to 3.8.2, 3.7.6.
|
10 Feb 2025 | VULN076 | Apache : CVE-2025-25069 Apache Kvrocks Cross-Protocol Scripting Vulnerability | Systems running Apache Kvrocks versions prior to 2.11.1.
|
6 Feb 2025 | VULN075 | Apache : Apache James Server 3.8.2 and 3.7.6 fix DoS vulnerabilities | Systems running Apache James versions prior to 3.8.2, 3.7.6.
|
6 Feb 2025 | VULN074 | nginx : nginx security advisory (CVE-2025-23419) | Systems running nginx versions prior to 1.26.3, 1.27.4.
|
6 Feb 2025 | VULN073 | Cacti : Multiple security vulnerabilities fixed in Cacti 1.2.29 | Systems running Cacti versions prior to 1.2.29.
|
5 Feb 2025 | VULN072 | Mozilla : Multiple vulnerabilities fixed in Thunderbird 135, ESR 128.7 | Systems running Thunderbird versions prior to 135, ESR 128.7.
|
5 Feb 2025 | VULN071 | Mozilla : Multiple vulnerabilities fixed in Firefox ESR 128.7, ESR 115.20, 135 | Systems running Firefox versions prior to ESR 128.7, ESR 115.20, 135.
|
5 Feb 2025 | VULN070 | Cisco : Cisco Security Advisories Published on February 05, 2025 | Systems running Cisco Identity Services Engine, Cisco IOS, Cisco IOS XE, Cisco IOS XR, Cisco Secure Email and Web Manager, Secure Email Gateway, and Secure Web Appliance, Cisco Expressway Series.
|
5 Feb 2025 | VULN069 | Veeam : CVE-2025-23114 fixed in Veeam Backup's Veeam Updater component | Systems running Veeam Backup products.
|
5 Feb 2025 | VULN068 | Apache : CVE-2024-48019 Apache Doris allows admin users to read arbitrary files through the REST API | Systems running Apache Doris versions prior to 2.1.8, 3.0.3.
|
5 Feb 2025 | VULN067 | Curl : Multiple vulnerabilities fixed in Curl and libcurl 8.12.0 | Systems running curl versions prior to 8.12.0.
|
4 Feb 2025 | VULN066 | SonicWall : SonicWall NetExtender Local Privilege Escalation via Arbitrary SYSTEM File Read | Windows running SonicWall NetExtender versions prior to 10.3.1.
|
4 Feb 2025 | VULN065 | Python : CVE-2025-0938 URL parser allowed square brackets in domain names | Systems running CPython.
|
4 Feb 2025 | VULN064 | Apache : Multiple vulnerabilities fixed in Apache Cassandra | Systems running Apache Cassandra versions prior to 4.0.16, 4.1.8, 5.0.3.
|
3 Feb 2025 | STAT03 | |
|
3 Feb 2025 | VULN063 | Grafana : Grafana Alerting VictorOps integration exposed to Viewers | Systems running Grafana versions prior to 11.5.0, 11.4.1, 11.3.3, 11.2.6, 11.1.11, 11.0.11, 10.4.15.
|
31 Jan 2025 | VULN062 | TeamViewer : Improper Neutralization of Argument Delimiters in TeamViewer Clients | Windows running TeamViewer Full Client, TeamViewer Host.
|
31 Jan 2025 | VULN061 | Twig : Fix a security issue where escaping was missing | Systems running twig (Composer) versions prior to 3.19.0.
|
31 Jan 2025 | VULN060 | VMware : VMware Aria Operations for Logs and VMware Aria Operations updates address multiple vulnerabilities | Systems running VMware Aria Operations for logs, VMware Aria Operations versions prior to 8.18.3, VMware Cloud Foundation.
|
30 Jan 2025 | VULN059 | Snowflake Connector for Python : Multiple Vulnerabilities in Snowflake Connector for Python | Systems running Snowflake Connector for Python versions prior to 3.13.1.
|
30 Jan 2025 | VULN058 | Deep Java Library : Deep Java Library path traversal issue | Systems running Deep Java Library versions prior to 0.31.1.
|
29 Jan 2025 | VULN057 | TYPO3 : Account Takeover in extension 'OpenID Connect Authentication' (oidc) | Systems running "OpenID Connect Authentication" (oidc) for TYPO3.
|
29 Jan 2025 | VULN056 | Bind : Vulnerabilities fixed in Bind | Systems running BIND versions prior to 9.18.33, 9.20.5, 9.21.4, 9.18.33-S1.
|
29 Jan 2025 | VULN055 | VMware : VMware Avi Load Balancer addresses an unauthenticated blind SQL Injection vulnerability | Systems running VMware Avi Load Balancer versions prior to 30.1.2-2p2, 30.2.1-2p5, 30.2.2-2p2.
|
29 Jan 2025 | VULN054 | codeql-action : GitHub PAT written to debug artifacts | Systems running CodeQL CLI versions prior to 2.20.3, codeql-action versions prior to 3.28.3.
|
28 Jan 2025 | VULN053 | vllm : Malicious model to RCE by torch.load in hf_model_weights_iterator | Systems running vllm versions prior to 0.7.0.
|
28 Jan 2025 | VULN052 | Apache : Vulnerabilities fixed in Apache Solr | Systems Apache Solr versions prior to 9.8.0.
|
28 Jan 2025 | VULN051 | Qnap : Multiple Vulnerabilities in Rsync | Systems running HBS 3 Hybrid Backup Sync versions 25.1.x prior to 25.1.4.952.
|
28 Jan 2025 | VULN050 | Apache : CVE-2025-24783 Apache Cocoon continuations may not be private | Systems running Apache Cocoon.
|
28 Jan 2025 | VULN049 | Apache : CVE-2024-23953 Apache Hive: Timing Attack Against Signature in LLAP util | Systems running Apache Hive versions prior to 4.0.0.
|
28 Jan 2025 | VULN048 | APPLE : APPLE-SA-01-27-2025-4, 5 macOS Sequoia 15.3, Sonoma 14.7.3 | macOS versions prior to Sequoia 15.3, Sonoma 14.7.3.
|
28 Jan 2025 | VULN047 | APPLE : APPLE-SA-01-27-2025-2 and 3, iOS 18.3, 17.7.4 and iPadOS 18.3, 17.7.4 | iOS, iPadOS versions prior to 18.3, 17.7.4.
|
27 Jan 2025 | STAT02 | |
|
23 Jan 2025 | VULN046 | Debian : Multiple vulnerabilities fixed in 389-ds-base LDAP server | Debian running 389-ds-base LDAP server versions prior to 1.4.4.11-2+deb11u1.
|
23 Jan 2025 | VULN045 | SonicWall : SMA1000 Pre-Authentication Remote Command Execution Vulnerability | Systems running SMA1000 Appliance Management Console (AMC) and Central Management Console (CMC) versions prior to 12.4.3-02854 (platform-hotfix).
|
23 Jan 2025 | VULN044 | GitLab : GitLab Patch Release 17.8.1, 17.7.3, 17.6.4 | Systems running GitLab versions prior to 17.8.1, 17.7.3, 17.6.4.
|
23 Jan 2025 | VULN043 | GLIBC : assert Buffer overflow when printing assertion failure message | Systems running GNU C Library.
|
23 Jan 2025 | VULN042 | Openvswitch : Open Virtual Network egress access control list bypass | Systems running OVN (Open Virtual Network) versions prior to 22.03.8, 24.03.5, 24.09.2.
|
23 Jan 2025 | VULN041 | Apache : CVE-2024-53299 Apache Wicket: An attacker can intentionally trigger a memory leak | Systems running Apache Wicket versions prior to 9.19.0, 10.3.0.
|
23 Jan 2025 | VULN040 | Oracle : January 2025 Critical Patch Update Released | Systems running Oracle products.
|
23 Jan 2025 | VULN039 | Jenkins : Jenkins Security Advisory 2025-01-22 | Systems running Azure Service Fabric Plugin for Jenkins, Bitbucket Server Integration Plugin for Jenkins, Eiffel Broadcaster Plugin for Jenkins, Folder-based Authorization Strategy Plugin for Jenkins, GitLab Plugin for Jenkins, OpenId Connect Authentication Plugin for Jenkins, for Jenkins, Zoom Plugin for Jenkins, Zoom Plugin for Jenkins.
|
23 Jan 2025 | VULN038 | Cisco : Cisco Security Advisories Published on January 22, 2025 | Systems running Cisco Meeting Management versions prior to 3.9.1, Cisco BroadWorks versions prior to RI.2024.11, Secure Endpoint Connector for Linux versions prior to 1.25.1, Secure Endpoint Connector for Mac versions prior to 1.24.4, Secure Endpoint Connector for Windows versions prior to 7.5.20, 8.4.3, Secure Endpoint Private Cloud versions prior to 4.2.0 with updated connectors.
|
23 Jan 2025 | VULN037 | phpMyAdmin : Multiple vulnerabilities fixed in phpMyAdmin 5.2.2 | Systems running phpMyAdmin versions prior to 5.2.2.
|
22 Jan 2025 | VULN036 | HashiCorp : HashiCorp go-slug Vulnerable to Zip Slip Attack | Systems running HashiCorp’s go-slug library versions prior to HashiCorp’s 0.16.3.
|
22 Jan 2025 | VULN035 | Buildah : Build breakout using malicious Containerfiles and concurrent builds | Systems running Buildah versions prior to 1.38.1, 1.37.6, 1.35.5, 1.33.12.
|
22 Jan 2025 | VULN034 | Elastic : Elastic Defend 8.13.3 Security Update (ESA-2024-24) | Systems running Elastic Defend versions prior to 8.13.3.
|
22 Jan 2025 | VULN033 | Elastic : Kibana 7.17.23 and 8.14.2 Security Update (ESA-2024-26) | Systems running Kibana versions prior to 7.17.23, 8.14.2.
|
22 Jan 2025 | VULN032 | Elastic : Elasticsearch 7.17.21 and 8.13.3 Security Update (ESA-2024-25) | Systems running Elasticsearch versions prior to 7.17.21, 8.13.3.
|
22 Jan 2025 | VULN031 | Apache : Apache Ambari Code Injections and XML External Entity (XXE) Vulnerabilities fixed | Systems running Apache Ambari versions prior to 2.7.9.
|
22 Jan 2025 | VULN030 | Apache : Apache Ranger SSRF and Stored XSS fixed | Systems running Apache Ranger versions prior to 2.5.0.
|
22 Jan 2025 | VULN029 | Node.js : Tuesday, January 21, 2025 Security Releases | Systems running Node.js versions prior to 18.20.6, 20.18.2, 22.13.1, 23.6.1.
|
21 Jan 2025 | VULN028 | Palo Alto : Multiple Vulnerabilities in Expedition Migration Tool Lead to Exposure of Firewall Credentials | Systems running Palo Alto Networks Expedition migration tool versions prior to 1.2.101.
|
21 Jan 2025 | VULN027 | Samsung Mobile : Samsung Mobile January 2025 Security Maintenance Release | Android 12, 13, 14 devices.
|
21 Jan 2025 | VULN026 | Veeam : Veeam Backup for Microsoft Azure Vulnerability CVE-2025-23082 | Systems running Veeam Backup for Microsoft Azure versions prior to 7.1.0.59.
|
21 Jan 2025 | VULN025 | Apache : CVE-2025-23184 Apache CXF Denial of Service vulnerability with temporary files | Systems running Apache CXF versions prior to 3.5.10, 3.6.5, 4.0.6.
|
21 Jan 2025 | VULN024 | Vim : segmentation fault in win_line() in Vim < 9.1.1043 | Systems running Vim versions prior to 9.1.1043.
|
21 Jan 2025 | VULN023 | OpenSSL : Timing side-channel in ECDSA signature computation (CVE-2024-13176) | Systems running OpenSSL versions prior to 3.4.1, 3.3.3, 3.2.4, 3.1.8, 3.0.16, 1.1.1zb, 1.0.2zl.
|
21 Jan 2025 | VULN022 | Fortinet : Path traversal in csfd daemon | Systems running FortiManager versions prior to 7.6.2, 7.4.4, FortiManager Cloud versions prior to 7.4.4, FortiOS versions prior to 7.4.5, 7.2.10, 7.0.16, FortiProxy versions prior to 7.4.6, 7.2.12, 7.0.19, FortiRecorder versions prior to 7.2.2, 7.0.5, FortiVoice versions prior to 7.0.5, 6.4.10, FortiWeb versions prior to versions prior to ,7.4.5.
|
21 Jan 2025 | VULN021 | Fortinet : Vulnerabilities fixed in FortiAnalyzer, FortiManager | Systems running FortiAnalyzer versions prior to 7.4.4, 7.2.6, 7.0.13, FortiAnalyzer Cloud, FortiManager Cloud versions prior to 7.4.3, FortiManager versions prior to 7.4.4, 7.2.6, 7.0.13.
|
21 Jan 2025 | VULN020 | Fortinet : Vulnerabilities fixed in FortiSwitch | Systems running FortiSwitch versions prior to 7.4.1, 7.2.6, 7.0.8, 6.4.14, 6.2.8.
|
20 Jan 2025 | VULN019 | Fortinet : Multiple and some critical Vulnerabilities fixed in FortiOS, FortiProxy | Systems running FortiOS versions prior to 7.0.17, 7.2.10, 7.4.5, 7.6.1, 6.4.16, 6.2.16, 6.0.18, FortiProxy versions prior to 7.2.13, 7.0.20.
|
20 Jan 2025 | VULN018 | Redis : Lua library commands may lead to remote code execution | Systems running redis-server versions prior to 6.2.X, 7.2.X, 7.4.X.
|
20 Jan 2025 | VULN017 | Gradio : Gradio Blocked Path ACL Bypass Vulnerability | Systems running Gradio versions up to and including 5.6.0.
|
20 Jan 2025 | VULN016 | Mongoose : Mongoose search injection vulnerability | Systems running Mongoose versions prior to 8.9.5, 7.8.4, 6.13.6.
|
20 Jan 2025 | VULN015 | Go : [security] Go 1.23.5 and Go 1.22.11 are released | Systems running Go versions prior to 1.23.5, 1.22.11.
|
20 Jan 2025 | STAT01 | |
|
17 Jan 2025 | VULN014 | Git : Vulnerabilities fixed in git | Systems running git versions prior to 2.48.1, 2.47.1, 2.46.3, 2.45.3, 2.44.3, 2.43.6, 2.42.4, 2.41.3, 2.40.4.
|
17 Jan 2025 | VULN013 | Joomla! : Multiple vulnerabilities fixed in Joomla! CMS | Systems running Joomla! CMS versions prior to 3.10.20-elts, 4.4.10, 5.2.3.
|
17 Jan 2025 | VULN012 | GitLab : GitLab Patch Release 17.7.1, 17.6.3, 17.5.5 | Systems running GitLab versions prior to 17.7.1, 17.6.3, 17.5.5.
|
17 Jan 2025 | VULN011 | Google Chrome : Chrome 132.0.6834.83/84 fix multiple security vulnerabilities | Systems running Google Chrome versions prior to 132.0.6834.83/84.
|
17 Jan 2025 | VULN010 | TYPO3 : Multiple security vulnerabilities fixed in TYPO3 | Systems running TYPO3 versions prior to 9.5.49 ELTS, 10.4.48 ELTS, 11.5.42 ELTS, 12.4.25 LTS, 13.4.3 LTS.
|
17 Jan 2025 | VULN009 | SPIP : Mise =?UTF-8?Q?=C3=A0?= jour de =?UTF-8?Q?s=C3=A9curit=C3=A9?= sortie de SPIP 4.3.6, SPIP 4.2.17, SPIP 4.1.20 | Systems running SPIP versions prior to 4.3.6, 4.2.17, 4.1.20.
|
17 Jan 2025 | VULN008 | Kubernetes : CVE-2024-9042 Command Injection affecting Windows nodes via nodes/*/logs/query API | Systems running Kubelet versions prior to 1.32.1, 1.31.5, 1.30.9, 1.29.13.
|
16 Jan 2025 | VULN007 | git-lfs : Git LFS permits retrieval of credentials via crafted HTTP URLs | Systems running git-lfs versions prior to 3.6.1.
|
16 Jan 2025 | VULN006 | Rancher : Stored XSS in Rancher UI | Systems running Rancher versions prior to 2.9.4, 2.10.0.
|
16 Jan 2025 | VULN005 | Apache : CVE-2024-54676: Apache OpenMeetings Deserialisation of untrusted data in cluster mode | Systems running Apache OpenMeetings versions prior to 8.0.0.
|
16 Jan 2025 | VULN004 | Go-git: Vulnerabilities fixed in go-git | Systems running go-git versions prior to 5.13.
|
16 Jan 2025 | VULN003 | Next.js : Denial of Service (DoS) with Server Actions | Systems running Next.js versions prior to 15.1.2, 14.2.21, 13.5.8.
|
16 Jan 2025 | VULN001 | Django : Django security releases issued: 5.1.5, 5.0.11, and 4.2.18 | Systems running Django versions prior to 5.1.5, 5.0.11, 4.2.18.
|