Filter and search through 197,506 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2025-59331 | ### Impact On 8 September 2025, an npm publishing account for `is-arrayish` was taken over after a phishing attack. Version `0.3.3` was published, fun... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2025-59330 | ### Impact On 8 September 2025, an npm publishing account for `error-ex` was taken over after a phishing attack. Version `1.3.3` was published, functi... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59307 | RAID Manager provided by Century Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root dire... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-5922 | Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC" option is enabled) and requires a PIN code. In version... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59163 | SafeDep `vet` is vulnerable to a DNS rebinding attack due to lack of HTTP `Host` and `Origin` header validation. To exploit this vulnerability follo... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59162 | ### Impact On 8 September 2025, the npm publishing account for `color-convert` was taken over after a phishing attack. Version `3.1.1` was published, ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59161 | Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validat... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59160 | ### Impact matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in `MatrixClient::getJoinedRooms`, allowing a remote atta... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59155 | ### Impact A Server-Side Request Forgery (SSRF) vulnerability that affects all users running the HackMD MCP server in HTTP mode. Attackers could expl... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59145 | ### Impact On 8 September 2025, an npm publishing account for `color-name` was taken over after a phishing attack. Version `2.0.1` was published, func... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59144 | ### Impact On 8 September 2025, the npm publishing account for `debug` was taken over after a phishing attack. Version `4.4.2` was published, function... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59143 | ### Impact On 8 September 2025, the npm publishing account for `color` was taken over after a phishing attack. Version `5.0.1` was published, function... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59142 | ### Impact On 8 September 2025, the npm publishing account for `color-string` was taken over after a phishing attack. Version `2.1.1` was published, f... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59141 | ### Impact On 8 September 2025, the npm publishing account for `simple-swizzle` was taken over after a phishing attack. Version `0.2.3` was published,... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59140 | ### Impact On 8 September 2025, the npm publishing account for `backslash` was taken over after a phishing attack. Version `0.2.1` was published, func... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59109 | The dormakaba registration units 9002 (PIN Pad Units) have an exposed UART header on the backside. The PIN pad is sending every button press to the UA... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59108 | By default, the password for the Access Manager's web interface, is set to 'admin'. In the tested version changing the password was not enforced. | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59107 | Dormakaba provides the software FWServiceTool to update the firmware version of the Access Managers via the network. The firmware in some instances is... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59105 | With physical access to the device and enough time an attacker can desolder the flash memory, modify it and then reinstall it because of missing encry... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59104 | With physical access to the device and enough time an attacker is able to solder test leads to the debug footprint (or use the 6-Pin tag-connect cable... | 0.0 | 0 | Neutral | No | No |