7.5

CVSS3.1

CVE-2025-59942 - go-f3 module vulnerable to integer overflow leading to panic

go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.6 and below, go-f3 panics when it validates a "poison" messages causing Filecoin nodes consuming F3 messages to become vulnerable. A "poison" message can can cause integer overflow in the signer index validation, w…

📅 Published: Sept. 29, 2025, 10:50 p.m. 🔄 Last Modified: Oct. 18, 2025, 1:15 a.m.

5.9

CVSS3.1

CVE-2025-59941 - go-f3 is Vulnerable to Cached Justification Verification Bypass

go-f3 is a Golang implementation of Fast Finality for Filecoin (F3). In versions 0.8.8 and below, go-f3's justification verification caching mechanism has a vulnerability where verification results are cached without properly considering the context of the message. An attacker can bypass justificat…

📅 Published: Sept. 29, 2025, 10:38 p.m. 🔄 Last Modified: Oct. 18, 2025, 1:21 a.m.

4.8

CVSS4.0

CVE-2025-43817 -

Multiple reflected cross-site scripting (XSS) vulnerabilities in Liferay Portal 7.4.3.74 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.6, 2023.Q3.1 through 2023.Q3.8, and 7.4 update 74 through update 92 allow remote attackers to inject arbitrary web script or HTML via the `redirect` …

📅 Published: Sept. 29, 2025, 10:30 p.m. 🔄 Last Modified: Dec. 11, 2025, 9:48 p.m.

8.8

CVSS3.1

CVE-2025-36245 - IBM InfoSphere Information Server command execution

IBM InfoSphere 11.7.0.0 through 11.7.1.6 Information Server could allow an authenticated user to execute arbitrary commands with elevated privileges on the system due to improper validation of user supplied input.

📅 Published: Sept. 29, 2025, 10:29 p.m. 🔄 Last Modified: Feb. 26, 2026, 5:47 p.m.

6.5

CVSS3.1

CVE-2025-59940 - mkdocs-include-markdown-plugin susceptible to unvalidated input colliding with substitution placeho…

mkdocs-include-markdown-plugin is an Mkdocs Markdown includer plugin. In versions 7.1.7 and below, there is a vulnerability where unvalidated input can collide with substitution placeholders. This issue is fixed in version 7.1.8.

📅 Published: Sept. 29, 2025, 10:27 p.m. 🔄 Last Modified: April 15, 2026, 12:35 a.m.

8.2

CVSS4.0

CVE-2025-59937 - go-mail has insufficient address encoding when passing mail addresses to the SMTP client

go-mail is a comprehensive library for sending mails with Go. In versions 0.7.0 and below, due to incorrect handling of the mail.Address values when a sender- or recipient address is passed to the corresponding MAIL FROM or RCPT TO commands of the SMTP client, there is a possibility of wrong addres…

📅 Published: Sept. 29, 2025, 10:21 p.m. 🔄 Last Modified: Oct. 16, 2025, 3:55 p.m.

6.9

CVSS4.0

CVE-2025-43813 -

Possible path traversal vulnerability and denial-of-service in the ComboServlet in Liferay Portal 7.4.0 through 7.4.3.107, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, 7.4 GA through update 92, 7.3 GA through update 35, and older unsuppor…

📅 Published: Sept. 29, 2025, 10:19 p.m. 🔄 Last Modified: Dec. 11, 2025, 9:57 p.m.

4.8

CVSS4.0

CVE-2025-43812 -

Cross-site scripting (XSS) vulnerability in web content template in Liferay Portal 7.4.3.4 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.8, and 7.4 GA through update 92 allows remote authenticated users to inject arbitrary web script or HTML via a crafted…

📅 Published: Sept. 29, 2025, 10:09 p.m. 🔄 Last Modified: Dec. 11, 2025, 9:58 p.m.

5.1

CVSS4.0

CVE-2025-59933 - libvips is vulnerable to Buffer Over-Read in poppler-based pdfload

libvips is a demand-driven, horizontally threaded image processing library. For versions 8.17.1 and below, when libvips is compiled with support for PDF input via poppler, the pdfload operation is affected by a buffer read overflow when parsing the header of a crafted PDF with a page that defines a…

📅 Published: Sept. 29, 2025, 10:04 p.m. 🔄 Last Modified: Dec. 24, 2025, 3:16 p.m.

4.8

CVSS4.0

CVE-2025-43811 -

Multiple stored cross-site scripting (XSS) vulnerability in the related asset selector in Liferay Portal 7.4.3.50 through 7.4.3.111, and Liferay DXP 2023.Q4.0 through 2023.Q4.4, 2023.Q3.1 through 2023.Q3.7, and 7.4 update 50 through update 92 allows remote authenticated attackers to inject arbitrar…

📅 Published: Sept. 29, 2025, 9:59 p.m. 🔄 Last Modified: Dec. 11, 2025, 10:06 p.m.
Total resulsts: 349182
Page 3638 of 34,919
« previous page » next page
Filters