Filter and search through 197,511 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2025-59365 | A stack buffer overflow vulnerability has been identified in certain router models. An authenticated attacker may trigger this vulnerability by sendin... | 0.0 | 0 | Neutral | No |
| No |
| CVE-2025-59343 | ### Impact v3.1.0, v2.1.3, v1.16.5 and below ### Patches Has been patched in 3.1.1, 2.1.4, and 1.16.6 ### Workarounds You can use the ignore option... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59342 | ## Summary A path-traversal flaw in the handling of the `X-Zone-Id` HTTP header allows an attacker to cause the application to write files outside th... | 0.0 | 0 | Neutral | Yes | Yes |
| CVE-2025-59341 | ## Summary A Local File Inclusion (LFI) issue was identified in the esm.sh service URL handling. An attacker could craft a request that causes the se... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59336 | Luanox is a module host for Lua packages. Prior to 0.1.1, a file traversal vulnerability can cause potential denial of service by overwriting Phoenix ... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59331 | ### Impact On 8 September 2025, an npm publishing account for `is-arrayish` was taken over after a phishing attack. Version `0.3.3` was published, fun... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59330 | ### Impact On 8 September 2025, an npm publishing account for `error-ex` was taken over after a phishing attack. Version `1.3.3` was published, functi... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59307 | RAID Manager provided by Century Corporation registers a Windows service with an unquoted file path. A user with the write permission on the root dire... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-5922 | Access to TSplus Remote Access Admin Tool is restricted to administrators (unless "Disable UAC" option is enabled) and requires a PIN code. In version... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59163 | SafeDep `vet` is vulnerable to a DNS rebinding attack due to lack of HTTP `Host` and `Origin` header validation. To exploit this vulnerability follo... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59162 | ### Impact On 8 September 2025, the npm publishing account for `color-convert` was taken over after a phishing attack. Version `3.1.1` was published, ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59161 | Element Web is a Matrix web client built using the Matrix React SDK. Element Web and Element Desktop before version 1.11.112 have insufficient validat... | 0.0 | 0 | Neutral | No | No |
| CVE-2025-59160 | ### Impact matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in `MatrixClient::getJoinedRooms`, allowing a remote atta... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59155 | ### Impact A Server-Side Request Forgery (SSRF) vulnerability that affects all users running the HackMD MCP server in HTTP mode. Attackers could expl... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59145 | ### Impact On 8 September 2025, an npm publishing account for `color-name` was taken over after a phishing attack. Version `2.0.1` was published, func... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59144 | ### Impact On 8 September 2025, the npm publishing account for `debug` was taken over after a phishing attack. Version `4.4.2` was published, function... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59143 | ### Impact On 8 September 2025, the npm publishing account for `color` was taken over after a phishing attack. Version `5.0.1` was published, function... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59142 | ### Impact On 8 September 2025, the npm publishing account for `color-string` was taken over after a phishing attack. Version `2.1.1` was published, f... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59141 | ### Impact On 8 September 2025, the npm publishing account for `simple-swizzle` was taken over after a phishing attack. Version `0.2.3` was published,... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2025-59140 | ### Impact On 8 September 2025, the npm publishing account for `backslash` was taken over after a phishing attack. Version `0.2.1` was published, func... | 0.0 | 0 | Neutral | No | Yes |