Recent Advisories

Severity ID Title Vendor Product Date Type
Unknown ADV-9008

Opencast still publishes global system account credentials

CVE Details Basic Information Title Opencast still publishes global system account credentials Type cve Published 2025-07-26T03:28:25.194Z Modified...

N/A N/A NEWS
Unknown ADV-9007

XWiki Platform’s searchDocuments API allows for SQL injection

CVE Details Basic Information Title XWiki Platform’s searchDocuments API allows for SQL injection Type cve Published 2025-07-26T03:28:49.269Z...

N/A N/A NEWS
Unknown ADV-9006

skops’ Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution

CVE Details Basic Information Title skops’ Inconsistent Trusted Type Validation Enables Hidden `operator` Methods Execution Type cve Publishe...

N/A N/A NEWS
Unknown ADV-9005

skops’ MethodNode can access unexpected object fields through dot notation, leading to arbitrary code execution at load time

CVE Details Basic Information Title skops’ MethodNode can access unexpected object fields through dot notation, leading to arbitrary code exe...

N/A N/A NEWS
Unknown ADV-9004

Anubis accepts crafted redirect URLs in pass-challenge ‘Try Again’ buttons

CVE Details Basic Information Title Anubis accepts crafted redirect URLs in pass-challenge ‘Try Again’ buttons Type cve Published 2025-...

N/A N/A NEWS
Unknown ADV-9003

LibTIFF tiffmedian.c get_histogram use after free

CVE Details Basic Information Title LibTIFF tiffmedian.c get_histogram use after free Type cve Published 2025-07-26T03:32:08.851Z Modified 2025-07-...

N/A N/A NEWS
Unknown ADV-9002

dag-factory’s CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration

CVE Details Basic Information Title dag-factory’s CI/CD Workflow Allows for Repository Takeover and Secret Exfiltration Type cve Published 20...

N/A N/A NEWS
Unknown ADV-9001

tj-actions/branch-names Contains Command Injection Vulnerability

CVE Details Basic Information Title tj-actions/branch-names Contains Command Injection Vulnerability Type cve Published 2025-07-26T03:34:31.288Z Mo...

N/A N/A NEWS
Unknown ADV-9000

DbGate allows Unauthorized File Access via CSV Plugin

CVE Details Basic Information Title DbGate allows Unauthorized File Access via CSV Plugin Type cve Published 2025-07-26T03:34:43.481Z Modified 2025...

N/A N/A NEWS
Unknown ADV-8999

FreeScout’s deserialization of untrusted data leads to Remote Code Execution

CVE Details Basic Information Title FreeScout’s deserialization of untrusted data leads to Remote Code Execution Type cve Published 2025-07-2...

N/A N/A NEWS