Vulnerabilities

  

CVE-2025-62353 | Windsurf IDE path traversal

A vulnerability classified as critical has been found in Windsurf IDE. The impacted element is an unknown function. Performing manipulation

  

CVE-2025-58747 | langgenius dify up to 1.9.1 MCP OAuth authorization_url cross site scripting

A vulnerability classified as problematic was found in langgenius dify up to 1.9.1. This affects an unknown function of the

  

CVE-2025-26625 | Git LFS up to 3.7.0 link following

A vulnerability, which was classified as critical, has been found in Git LFS up to 3.7.0. This impacts an unknown

  

CVE-2025-49655 | Keras up to 3.11.2 TorchModuleWrapper deserialization

A vulnerability, which was classified as critical, was found in Keras up to 3.11.2. Affected is the function TorchModuleWrapper. The

  

CVE-2025-60279 | Illia Cloud illia-Builder up to 4.8.4 API server-side request forgery

A vulnerability has been found in Illia Cloud illia-Builder up to 4.8.4 and classified as problematic. Affected by this vulnerability

  

CVE-2025-62356 | Qodo Gen IDE path traversal

A vulnerability was found in Qodo Gen IDE and classified as critical. Affected by this issue is some unknown functionality.

  

CVE-2025-48087 | Jason C. Memberlite Shortcodes Plugin up to 1.4.1 on WordPress cross site scripting

A vulnerability was found in Jason C. Memberlite Shortcodes Plugin up to 1.4.1 on WordPress. It has been classified as

  

CVE-2025-60361 | Radare2 up to 5.9.8 bochs_open memory leak

A vulnerability was found in Radare2 up to 5.9.8. It has been declared as problematic. This vulnerability affects the function

openSUSE: pgadmin4 Important COOP Vulnerability Fix 2025:03625-1
  

openSUSE: pgadmin4 Important COOP Vulnerability Fix 2025:03625-1

An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More

openSUSE 15.3: Kernel Important Security Fixes for 84 Issues – 2025:03626-1
  

openSUSE 15.3: Kernel Important Security Fixes for 84 Issues – 2025:03626-1

An update that solves 84 vulnerabilities and has 15 security fixes can now be installed.LinuxSecurity – Security AdvisoriesRead More

openSUSE: expat Important Memory Amplification Issue Advisory 2025:03624-1
  

openSUSE: expat Important Memory Amplification Issue Advisory 2025:03624-1

An update that solves one vulnerability can now be installed.LinuxSecurity – Security AdvisoriesRead More

openSUSE: pgadmin4 Important Cross-Origin Security Fix CVE-2025-9636
  

openSUSE: pgadmin4 Important Cross-Origin Security Fix CVE-2025-9636

* bsc#1249151 Cross-References: * CVE-2025-9636LinuxSecurity – Security AdvisoriesRead More

Debian 11: Firefox-ESR Critical Issues Addressed DLA-4335-1 CVE-2025-11708
  

Debian 11: Firefox-ESR Critical Issues Addressed DLA-4335-1 CVE-2025-11708

Multiple security issues have been found in the Mozilla Firefox web browser, which could potentially result in the execution of

SUSE: expat Important Memory Amplification Vulnerability CVE-2025-59375
  

SUSE: expat Important Memory Amplification Vulnerability CVE-2025-59375

* bsc#1249584 Cross-References: * CVE-2025-59375LinuxSecurity – Security AdvisoriesRead More

  

CVE-2025-11908 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 FileDir.do?Action=Upload uploadFile unrestricted upload

A vulnerability, which was classified as critical, has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The affected element

  

CVE-2025-11909 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 RepairRecord.do?Action=QueryLast queryLast orderField sql injection

A vulnerability, which was classified as critical, was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. The impacted element is

  

CVE-2025-11910 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 MemoryState.do?Action=Query query orderField sql injection

A vulnerability has been found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40 and classified as critical. This affects the function

  

CVE-2025-11911 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 DeviceFault.do?Action=Query sortField sql injection

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40 and classified as critical. This impacts the function Query

  

CVE-2025-11912 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 DeviceState.do?Action=Query orderField sql injection

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. It has been classified as critical. Affected is the

  

CVE-2025-11913 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 Service.do?Action=Download download Path path traversal

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. It has been declared as critical. Affected by this

  

CVE-2025-11914 | Shenzhen Ruiming Technology Streamax Crocus 1.3.40 DeviceFileReport.do?Action=Download download FilePath path traversal

A vulnerability was found in Shenzhen Ruiming Technology Streamax Crocus 1.3.40. It has been rated as critical. Affected by this

  

CVE-2023-28815 | Hikvision iSecure Center command injection

A vulnerability classified as critical was found in Hikvision iSecure Center. Impacted is an unknown function. Such manipulation leads to

  

CVE-2023-28814 | Hikvision iSecure Center File unrestricted upload

A vulnerability classified as critical has been found in Hikvision iSecure Center. This issue affects some unknown processing of the

Mageia 9: Varnish Important DoS Threat MGASA-2025-0239 CVE-2025-8671
  

Mageia 9: Varnish Important DoS Threat MGASA-2025-0239 CVE-2025-8671

MGASA-2025-0239 – Updated varnish & lighttpd packages fix security vulnerabilityLinuxSecurity – Security AdvisoriesRead More

  

CVE-2025-55087 | Eclipse NextX Duo up to 6.4.3 snmp Addon improper validation of specified index, position, or offset in input (GHSA-v474-mv4g-v8cx)

A vulnerability categorized as critical has been discovered in Eclipse NextX Duo up to 6.4.3. Affected is an unknown function

  

CVE-2025-11902 | yanyutao0402 ChanCMS up to 3.3.2 /cms/article/findField cid sql injection

A vulnerability identified as critical has been detected in yanyutao0402 ChanCMS up to 3.3.2. Affected by this vulnerability is the

  

CVE-2025-11903 | yanyutao0402 ChanCMS up to 3.3.2 /cms/article/update cid sql injection

A vulnerability labeled as critical has been found in yanyutao0402 ChanCMS up to 3.3.2. Affected by this issue is the

  

CVE-2025-11904 | yanyutao0402 ChanCMS up to 3.3.2 /cms/model/hasUse ID sql injection

A vulnerability marked as critical has been reported in yanyutao0402 ChanCMS up to 3.3.2. This affects the function hasUse of

  

CVE-2025-11905 | yanyutao0402 ChanCMS up to 3.3.2 gather.js getArticle code injection

A vulnerability described as critical has been identified in yanyutao0402 ChanCMS up to 3.3.2. This vulnerability affects the function getArticle

Ubuntu 20.04 LTS: MuPDF Critical Memory Issues Denial of Service USN-7825-1
  

Ubuntu 20.04 LTS: MuPDF Critical Memory Issues Denial of Service USN-7825-1

Several security issues were fixed in MuPDF.LinuxSecurity – Security AdvisoriesRead More

  

CVE-2024-42192 | HCL Traveler for Microsoft Outlook 3.0.14 insufficiently protected credentials (KB0124066)

A vulnerability classified as problematic has been found in HCL Traveler for Microsoft Outlook 3.0.14. This impacts an unknown function.

  

CVE-2025-6894 | Moxa OnCell G4302-LTE4 unnecessary privileges

A vulnerability classified as critical was found in Moxa EDR-G9010, EDR-8010, EDF-G1002-BP, TN-4900, NAT-102, NAT-108 and OnCell G4302-LTE4. Affected is

  

CVE-2025-6892 | Moxa OnCell G4302-LTE4 API Endpoint authorization

A vulnerability, which was classified as very critical, has been found in Moxa EDR-G9010, EDR-8010, EDF-G1002-BP, TN-4900, NAT-102, NAT-108 and

  

CVE-2025-62506 | MinIO up to RELEASE.2025-04-03T14-56-28Z Security Token Service authorization (GHSA-jjjj-jwhf-8rgr)

A vulnerability, which was classified as critical, was found in MinIO. Affected by this issue is some unknown functionality of

  

CVE-2025-11898 | Flowring Agentflow 4.0 path traversal

A vulnerability has been found in Flowring Agentflow 4.0 and classified as problematic. This affects an unknown part. This manipulation

  

CVE-2025-11899 | Flowring Agentflow 4.0 hard-coded key

A vulnerability was found in Flowring Agentflow 4.0 and classified as critical. This vulnerability affects unknown code. Such manipulation leads

  

CVE-2025-11849 | Mammoth up to 1.10.x /dev/random path traversal (SNYK-JS-MAMMOTH-13554470)

A vulnerability was found in Mammoth up to 1.10.x. It has been classified as critical. This issue affects some unknown

  

CVE-2025-6949 | Moxa OnCell G4302-LTE4 unnecessary privileges

A vulnerability was found in Moxa EDR-G9010, EDR-8010, EDF-G1002-BP, TN-4900, NAT-102, NAT-108 and OnCell G4302-LTE4. It has been declared as

  

CVE-2025-6950 | Moxa OnCell G4302-LTE4 hard-coded credentials

A vulnerability was found in Moxa EDR-G9010, EDR-8010, EDF-G1002-BP, TN-4900, NAT-102, NAT-108 and OnCell G4302-LTE4. It has been rated as

  

CVE-2025-6893 | Moxa OnCell G4302-LTE4 /api/v1/setting/data unnecessary privileges

A vulnerability categorized as very critical has been discovered in Moxa EDR-G9010, EDR-8010, EDF-G1002-BP, TN-4900, NAT-102, NAT-108 and OnCell G4302-LTE4.

  

CVE-2025-55092 | Eclipse NetX Duo up to 6.4.3 Networking Support _nx_ipv4_option_process out-of-bounds (GHSA-vwh7-h99r-fvwq)

A vulnerability identified as problematic has been detected in Eclipse NetX Duo up to 6.4.3. This affects the function _nx_ipv4_option_process

  

CVE-2025-55093 | Eclipse NetX Duo up to 6.4.3 Networking Support _nx_ipv4_packet_receive buffer over-read (GHSA-c9pq-93jp-w649)

A vulnerability labeled as critical has been found in Eclipse NetX Duo up to 6.4.3. This impacts the function _nx_ipv4_packet_receive

  

CVE-2025-55097 | Eclipse USBX up to 6.4.2 USB Support _ux_host_class_audio_streaming_sampling_get out-of-bounds

A vulnerability marked as problematic has been reported in Eclipse USBX up to 6.4.2. Affected is the function _ux_host_class_audio_streaming_sampling_get of

  

CVE-2025-55098 | Eclipse USBX up to 6.4.2 USB Support _ux_host_class_audio_device_type_get out-of-bounds

A vulnerability described as problematic has been identified in Eclipse USBX up to 6.4.2. Affected by this vulnerability is the

  

CVE-2025-55099 | Eclipse USBX up to 6.4.2 USB Support _ux_host_class_audio_alternate_setting_locate frequency out-of-bounds

A vulnerability classified as problematic has been found in Eclipse USBX up to 6.4.2. Affected by this issue is the

  

CVE-2025-55096 | Eclipse NetX Duo up to 6.4.2 USB Support _ux_host_class_hid_report_descriptor_get integer underflow

A vulnerability classified as problematic was found in Eclipse NetX Duo up to 6.4.2. This affects the function _ux_host_class_hid_report_descriptor_get of

  

CVE-2025-55100 | Eclipse USBX up to 6.4.2 USB Support _ux_host_class_audio10_sam_parse_func out-of-bounds

A vulnerability, which was classified as problematic, has been found in Eclipse USBX up to 6.4.2. This vulnerability affects the

  

CVE-2025-11900 | HGiga iSherlock os command injection

A vulnerability, which was classified as critical, was found in HGiga iSherlock. This issue affects some unknown processing. Such manipulation

  

CVE-2025-62504 | Envoy up to 1.33.11/1.34.9/1.35.5/1.36.1 per_connection_buffer_limit_bytes use after free (GHSA-gcxr-6vrp-wff3)

A vulnerability has been found in Envoy up to 1.33.11/1.34.9/1.35.5/1.36.1 and classified as critical. Impacted is the function per_connection_buffer_limit_bytes. Performing

  

CVE-2025-55094 | Eclipse NetX Duo up to 6.4.3 Networking Support _nx_icmpv6_validate_options out-of-bounds

A vulnerability was found in Eclipse NetX Duo up to 6.4.3 and classified as problematic. The affected element is the

  

CVE-2025-60358 | Radare2 up to 5.9.8 _load_relocations memory leak

A vulnerability was found in Radare2 up to 5.9.8. It has been classified as problematic. The impacted element is the

  

CVE-2025-11896 | Xpdf up to 4.05 UseCMap recursion

A vulnerability was found in Xpdf up to 4.05. It has been declared as problematic. This affects the function UseCMap.

Debian 11: DLA-4334-1 pgpool2 Important Auth Bypass CVE-2025-46801
  

Debian 11: DLA-4334-1 pgpool2 Important Auth Bypass CVE-2025-46801

An authentication bypass was found in n pgpool-II, the connection pool server and replication proxy for PostgreSQL. For Debian 11

openSUSE Tumbleweed: python311-ldap Moderate Security Update 2025:15637-1
  

openSUSE Tumbleweed: python311-ldap Moderate Security Update 2025:15637-1

An update that solves 2 vulnerabilities can now be installed.LinuxSecurity – Security AdvisoriesRead More

  

CVE-2025-60641 | Vfront 0.99.52 mexcel.php mexcel deserialization

A vulnerability categorized as problematic has been discovered in Vfront 0.99.52. The affected element is an unknown function of the

  

CVE-2025-36128 | IBM MQ 9.1/9.2/9.3/9.4 Slowloris release of resource

A vulnerability identified as critical has been detected in IBM MQ 9.1/9.2/9.3/9.4. The impacted element is an unknown function. The

  

CVE-2025-61924 | PrestaShopCorp ps_checkout Module up to 4.4.0/5.0.4 on PrestaShop array_search incomplete blacklist (GHSA-wvpg-4wrh-5889)

A vulnerability labeled as critical has been found in PrestaShopCorp ps_checkout Module up to 4.4.0/5.0.4 on PrestaShop. This affects the

  

CVE-2025-34513 | Ilevia Srl. EVE X1 Server up to 4.7.18.0 mbus_build_from_csv.php os command injection

A vulnerability marked as critical has been reported in Ilevia Srl. EVE X1 Server up to 4.7.18.0. This impacts an

  

CVE-2025-62423 | MacWarrior clipbucket-v5 up to 5.5.2 login_as_user.php sql injection (GHSA-3wpr-jprj-52fc)

A vulnerability described as critical has been identified in MacWarrior clipbucket-v5 up to 5.5.2. Affected is an unknown function of

  

CVE-2025-34514 | Ilevia EVE X1 Server up to 4.7.18.0 exec os command injection

A vulnerability classified as critical has been found in Ilevia EVE X1 Server up to 4.7.18.0. Affected by this vulnerability

  

CVE-2025-34517 | Ilevia EVE X1 Server up to 4.7.18.0 get_file_content.php path traversal

A vulnerability classified as critical was found in Ilevia EVE X1 Server up to 4.7.18.0. Affected by this issue is

  

CVE-2025-34518 | Ilevia EVE X1 Server up to 4.7.18.0 get_file_content.php path traversal

A vulnerability, which was classified as critical, has been found in Ilevia EVE X1 Server up to 4.7.18.0. This affects

  

CVE-2025-58051 | Nextcloud Tables up to 0.7.5/0.8.7/0.9.4 behavioral workflow (GHSA-wpp5-4w35-pxq6)

A vulnerability, which was classified as problematic, was found in Nextcloud Tables up to 0.7.5/0.8.7/0.9.4. This vulnerability affects unknown code.

  

CVE-2025-61909 | Icinga icinga2 up to 2.13.12/2.14.6/2.15.0 PID File Parser unnecessary privileges (ID 10527)

A vulnerability has been found in Icinga icinga2 up to 2.13.12/2.14.6/2.15.0 and classified as problematic. This issue affects some unknown

  

CVE-2025-61330 | H3C Magic Telnet Service /etc/shadow weak password

A vulnerability was found in H3C Magic and classified as critical. Impacted is an unknown function of the file /etc/shadow

  

CVE-2025-62416 | Bagisto up to 2.3.7 Product Description code injection (GHSA-527q-4wqv-g9wj)

A vulnerability was found in Bagisto up to 2.3.7. It has been classified as critical. The affected element is an

  

CVE-2025-61907 | Icinga icinga2 up to 2.13.12/2.14.6/2.15.0 Global Variable /v1/objects information disclosure (GHSA-gg32-w9rm-vp2v)

A vulnerability was found in Icinga icinga2 up to 2.13.12/2.14.6/2.15.0. It has been declared as problematic. The impacted element is

  

CVE-2025-34512 | Ilevia EVE X1 Server up to 4.7.18.0 index.php cross site scripting

A vulnerability was found in Ilevia EVE X1 Server up to 4.7.18.0. It has been rated as problematic. This affects

  

CVE-2025-60855 | Reolink Video Doorbell WiFi DB_566128M5MP_W signature verification

A vulnerability categorized as critical has been discovered in Reolink Video Doorbell WiFi DB_566128M5MP_W. This impacts an unknown function. The

  

CVE-2025-11493 | ConnectWise Automate code download

A vulnerability identified as critical has been detected in ConnectWise Automate. Affected is an unknown function. This manipulation causes download

  

CVE-2025-62417 | Bagisto up to 2.3.7 csv injection (GHSA-jqrp-58fv-w8cq)

A vulnerability labeled as critical has been found in Bagisto up to 2.3.7. Affected by this vulnerability is an unknown

  

CVE-2025-34255 | D-Link Nuclias Connect up to 1.3.1.4 Forgot Password data.exist observable response discrepancy

A vulnerability marked as problematic has been reported in D-Link Nuclias Connect up to 1.3.1.4. Affected by this issue is

  

CVE-2025-34254 | D-Link Nuclias Connect up to 1.3.1.4 error.message observable response discrepancy

A vulnerability described as problematic has been identified in D-Link Nuclias Connect up to 1.3.1.4. This affects an unknown part.

  

CVE-2025-61908 | Icinga icinga2 up to 2.13.12/2.14.6/2.15.0 API Endpoint null pointer dereference (GHSA-v9jg-xqhj-f43g)

A vulnerability classified as problematic has been found in Icinga icinga2 up to 2.13.12/2.14.6/2.15.0. This vulnerability affects unknown code of

  

CVE-2025-62409 | Envoy up to 1.33.9/1.34.8/1.35.4/1.36.0 null pointer dereference (GHSA-pq33-4jxh-hgm3)

A vulnerability classified as problematic was found in Envoy up to 1.33.9/1.34.8/1.35.4/1.36.0. This issue affects some unknown processing. The manipulation

  

CVE-2025-61923 | PrestaShopCorp ps_checkout Module up to 4.4.0/5.0.4 on PrestaShop path traversal (GHSA-fpxp-pfqm-x54w)

A vulnerability, which was classified as critical, has been found in PrestaShopCorp ps_checkout Module up to 4.4.0/5.0.4 on PrestaShop. Impacted

  

CVE-2025-34515 | Ilevia EVE X1 Server up to 4.7.18.0 sync_project.sh unnecessary privileges

A vulnerability, which was classified as very critical, was found in Ilevia EVE X1 Server up to 4.7.18.0. The affected

  

CVE-2025-34516 | Ilevia EVE X1 Server up to 4.7.18.0 default credentials

A vulnerability has been found in Ilevia EVE X1 Server up to 4.7.18.0 and classified as very critical. The impacted

  

CVE-2025-34519 | Ilevia EVE X1 Server up to 4.7.18.0 risky encryption

A vulnerability was found in Ilevia EVE X1 Server up to 4.7.18.0 and classified as problematic. This affects an unknown

  

CVE-2025-62415 | Bagisto up to 2.3.7 TinyMCE Image Upload cross site scripting (GHSA-67px-r26w-598x)

A vulnerability was found in Bagisto up to 2.3.7. It has been classified as problematic. This impacts an unknown function

  

CVE-2025-62418 | Bagisto up to 2.3.7 TinyMCE Image Upload cross site scripting (GHSA-fg89-g389-p346)

A vulnerability was found in Bagisto up to 2.3.7. It has been declared as problematic. Affected is an unknown function

  

CVE-2025-11492 | ConnectWise Automate up to 2022.11 cleartext transmission

A vulnerability was found in ConnectWise Automate. It has been rated as problematic. Affected by this vulnerability is an unknown

  

CVE-2025-61789 | Icinga icingadb-web up to 1.1.3/1.2.2 observable response discrepancy (GHSA-w57j-28jc-8429)

A vulnerability categorized as problematic has been discovered in Icinga icingadb-web up to 1.1.3/1.2.2. Affected by this issue is some

  

CVE-2025-61922 | PrestaShopCorp ps_checkout Module up to 4.4.0/5.0.4 on PrestaShop Express Checkout improper authentication (GHSA-54hq-mf6h-48xh)

A vulnerability identified as critical has been detected in PrestaShopCorp ps_checkout Module up to 4.4.0/5.0.4 on PrestaShop. This affects an

  

CVE-2025-62425 | element-hq matrix-authentication-service up to 1.4.0 unverified password change (GHSA-6wfp-jq3r-j9xh)

A vulnerability labeled as critical has been found in element-hq matrix-authentication-service up to 1.4.0. This vulnerability affects unknown code. Executing

  

CVE-2025-62412 | LibreNMS up to 25.9.x Alert Rules Page cross site scripting (GHSA-6g2v-66ch-6xmh)

A vulnerability marked as problematic has been reported in LibreNMS up to 25.9.x. This issue affects some unknown processing of

  

CVE-2025-61554 | BitVisor VirtIO Network Device Emulation denial of service

A vulnerability described as problematic has been identified in BitVisor. Impacted is an unknown function of the component VirtIO Network

  

CVE-2025-61553 | BitVisor VirtIO Network Device Emulation out-of-bounds write (ID 48090711)

A vulnerability classified as critical has been found in BitVisor. The affected element is an unknown function of the component

  

CVE-2025-62407 | Frappe up to 14.97.x/15.82.x redirect (GHSA-j9jr-qrpj-g855)

A vulnerability classified as problematic was found in Frappe up to 14.97.x/15.82.x. The impacted element is an unknown function. Such

  

CVE-2025-62427 | angular-cli up to 19.2.17/20.3.5/21.0.0-next.7 createRequestUrl server-side request forgery (GHSA-q63q-pgmf-mxhr)

A vulnerability, which was classified as critical, has been found in angular-cli up to 19.2.17/20.3.5/21.0.0-next.7. This affects the function createRequestUrl.

  

CVE-2025-62428 | Drawing-Captcha-APP prior 1.2.5-alpha-patch Header /register Host redirect (ID 30)

A vulnerability, which was classified as problematic, was found in Drawing-Captcha-APP. This impacts an unknown function of the file /register

  

CVE-2025-61514 | SageMath CoCalc SVG File Parser unrestricted upload

A vulnerability has been found in SageMath CoCalc and classified as critical. Affected is an unknown function of the component

  

CVE-2025-62586 | OPEXUS FOIAXpress 11.1.0/11.12.3.0/11.13.1.0 missing authentication

A vulnerability was found in OPEXUS FOIAXpress 11.1.0/11.12.3.0/11.13.1.0 and classified as critical. Affected by this vulnerability is an unknown functionality.

  

CVE-2025-60639 | gsigel14 Atlas-EPIC 2025-05-26 hard-coded credentials

A vulnerability was found in gsigel14 Atlas-EPIC 2025-05-26. It has been classified as critical. Affected by this issue is some

  

CVE-2025-62413 | emqx MQTTX 1.12.0 MQTT cross site scripting (GHSA-29gf-9r9v-j4m3)

A vulnerability was found in emqx MQTTX 1.12.0. It has been declared as problematic. This affects an unknown part of

  

CVE-2025-62414 | Bagisto up to 2.3.7 Create New Customer cross site scripting (GHSA-r9xj-mvqf-jm7w)

A vulnerability was found in Bagisto up to 2.3.7. It has been rated as problematic. This vulnerability affects unknown code

  

CVE-2025-62411 | LibreNMS up to 25.9.x Alert Rules Page cross site scripting (GHSA-frc6-pwgr-c28w)

A vulnerability categorized as problematic has been discovered in LibreNMS up to 25.9.x. This issue affects some unknown processing of

  

CVE-2025-34253 | D-Link Nuclias Connect up to 1.3.1.4 Network cross site scripting

A vulnerability identified as problematic has been detected in D-Link Nuclias Connect up to 1.3.1.4. Impacted is an unknown function.

  

CVE-2025-11465 | Ashlar-Vellum Cobalt CO File Parser use after free

A vulnerability labeled as critical has been found in Ashlar-Vellum Cobalt. The affected element is an unknown function of the