[ News | Newsletters | Blogs | Reddits | Lists | Media | Jobs ] HoneyDB
  [ vulnerabilities | tools ]
CISA Advisories
US-CERT
FullDisclosure
Multi-Protocol Traceroute
SEC Consult SA-20250728-0 :: Stored Cross-Site-Scripting in Optimizely Episerver CMS
SEC Consult SA-20250807-0 :: Race Condition in Shopware Voucher Submission
Insufficient Resource Allocation Limits in nopCommerce v4.10 and v4.80.3 Excel Import Functionality
CSV Injection in nopcommerce v4.10 and 4.80.3
Insufficient Session Cookie Invalidation in nopCommerce v4.10 and 4.80.3
Session Fixation Vulnerability in iDempiere WebUI v 12.0.0.202508171158
CSV Injection in iDempiere WebUI 12.0.0.202508171158
liblcf v0.8.1 liblcf/lcf2xml: Untrusted LCF data triggers uncaught std::length_error via negative vector resize (DoS)
liblcf v0.8.1 Integer Overflow in liblcf `ReadInt()` Leads to Out-of-Bounds Reads and Denial of Service
US CERT Weekly
Open Source Security
CVE-2025-30001: Apache StreamPark: Authenticated users can trigger remote command execution
Multiple vulnerabilities in Jenkins plugins
CVE-2025-57833: Django: Potential SQL injection in FilteredRelation column aliases
CVE-2024-43166: Apache DolphinScheduler: CWE-276 Incorrect Default Permissions
CVE-2024-43115: Apache DolphinScheduler: Alert Script Attack
Re: CVE-2025-8067 - UDisks
CVE-2025-58047: DoS in Volto (Plone CMS)
Xen Security Advisory 471 v2 (CVE-2024-36350,CVE-2024-36357) - x86: Transitive Scheduler Attacks
CVE-2025-8067 - UDisks
ISC has disclosed one vulnerability in Kea (CVE-2025-40779)
© 2025 RiskDiscovery | Sponsored by: Deception Logic