Common Vulnerabilities and Exposures (CVE)

CVE-2025-61020

Jul 15, 2026 01:25:43 UTC

An issue in the sqlo_strip_in_join component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2025-61023

Jul 15, 2026 01:25:41 UTC

An issue in the st_compare component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2025-61028

Jul 15, 2026 01:25:38 UTC

An issue in the time_t_to_dt component of openlink virtuoso-opensource v7.2.11 allows attackers to cause a Denial of Service (DoS) via crafted SQL statements.

CVE-2025-61140

Jul 15, 2026 01:25:36 UTC

The value function in jsonpath 1.1.1 lib/index.js is vulnerable to Prototype Pollution.

CVE-2025-61686

Jul 15, 2026 01:25:34 UTC

React Router is a router for React. In @react-router/node versions 7.0.0 through 7.9.3, @remix-run/deno prior to version 2.17.2, and @remix-run/node prior to version 2.17.2, if createFileSessionStorage() is being used from @react-router/nod...

CVE-2025-61731

Jul 15, 2026 01:25:30 UTC

Building a malicious file with cmd/go can cause can cause a write to an attacker-controlled file with partial control of the file content. The "#cgo pkg-config:" directive in a Go source file provides command-line arguments to provide to th...

CVE-2025-61732

Jul 15, 2026 01:25:25 UTC

A discrepancy between how Go and C/C++ comments were parsed allowed for code smuggling into the resulting cgo binary.

CVE-2025-62718

Jul 15, 2026 01:25:20 UTC

Axios is a promise based HTTP client for the browser and Node.js. Prior to 1.15.0 and 0.31.0, Axios does not correctly handle hostname normalization when checking NO_PROXY rules. Requests to loopback addresses like localhost. (with a traili...

CVE-2025-65518

Jul 15, 2026 01:25:17 UTC

Plesk Obsidian versions 8.0.1 through 18.0.73 are vulnerable to a Denial of Service (DoS) condition. The vulnerability exists in the get_password.php endpoint, where a crafted request containing a malicious payload can cause the affected we...

CVE-2025-67030

Jul 15, 2026 01:25:14 UTC

Directory Traversal vulnerability in the extractFile method of org.codehaus.plexus.util.Expand in plexus-utils before 6d780b3378829318ba5c2d29547e0012d5b29642. This allows an attacker to execute arbitrary code

CVE-2025-67268

Jul 15, 2026 01:25:11 UTC

gpsd before commit dc966aa contains a heap-based out-of-bounds write vulnerability in the drivers/driver_nmea2000.c file. The hnd_129540 function, which handles NMEA2000 PGN 129540 (GNSS Satellites in View) packets, fails to validate the us...

CVE-2025-67269

Jul 15, 2026 01:25:09 UTC

An integer underflow vulnerability exists in the `nextstate()` function in `gpsd/packet.c` of gpsd versions prior to commit `ffa1d6f40bca0b035fc7f5e563160ebb67199da7`. When parsing a NAVCOM packet, the payload length is calculated using `le...

CVE-2025-67733

Jul 15, 2026 01:25:07 UTC

Valkey is a distributed key-value database. Prior to versions 9.0.2, 8.1.6, 8.0.7, and 7.2.12, a malicious user can use scripting commands to inject arbitrary information into the response stream for the given client, potentially corrupting...

CVE-2025-68428

Jul 15, 2026 01:25:04 UTC

jsPDF is a library to generate PDFs in JavaScript. Prior to version 4.0.0, user control of the first argument of the loadFile method in the node.js build allows local file inclusion/path traversal. If given the possibility to pass unsanitiz...

CVE-2025-68493

Jul 15, 2026 01:25:02 UTC

Missing XML Validation vulnerability in Apache Struts, Apache Struts. This issue affects Apache Struts: from 2.0.0 before 2.2.1; Apache Struts: from 2.2.1 through 6.1.0. Users are recommended to upgrade to version 6.1.1, which fixes the i...