Pulse Connect Secure is a virtual private network (VPN) solution that allows businesses to secure their data communications. It provides secure, streamlined access to corporate resources and applications from any device.

Ivanti Connect Secure

Ivanti Policy Secure is a cloud-based security solution that offers reliable access control for networks and applications. It ensures consistent enforcement of compliance by automating authentication and compliance checks across enterprise networks. The software combines user profiling, device assessment, and network access policy implementation for comprehensive security control.

Ivanti Policy Secure

A stack-based buffer overflow in Ivanti Connect Secure before version 22.7R2.6, Ivanti Policy Secure before version 22.7R1.4, and Ivanti ZTA Gateways before version 22.8R2.2 allows a remote unauthenticated attacker to achieve remote code execution.

CVE-2025-22457

Linux

Linux Kernel

NGINX Ingress Controller for Kubernetes (community-driven) is an Ingress Controller that manages the routing of external traffic to services inside a Kubernetes cluster, acting as a reverse proxy and load balancer. Developed and maintained by the Kubernetes community, this controller offers a wide range of features for traffic routing, SSL termination, and load balancing.

Ingress NGINX Controller (community-driven)

Wolfi is a community Linux OS designed for the container and cloud-native era; it is a Linux distribution based on Alpine.

Wolfi

Chainguard is a Linux distribution based on Alpine. It's the commercial version of the Wolfi distro.

Chainguard

A security issue was discovered in Kubernetes where under certain conditions, an unauthenticated attacker with access to the pod network can achieve arbitrary code execution in the context of the ingress-nginx controller. This can lead to disclosure of Secrets accessible to the controller. (Note that in the default installation, the controller can access all Secrets cluster-wide.)

CVE-2025-1974

GoLang

GitHub Advisory Database

Windows

Windows Cumulative Update

FortiOS is Fortinet's operating system. It is the foundation of the Fortinet Security Fabric, consolidating many technologies and use cases into a single policy and management framework. FortiOS provides the ability to control all the security and networking capabilities in all FortiGate devices across the entire network with one operating system.

FortiOS

FortiProxy is a secure web proxy that protects employees against internet-borne attacks by incorporating multiple detection techniques such as web and video filtering, DNS filtering, data loss prevention, antivirus, intrusion prevention, browser isolation, and advanced threat protection.

Fortinet FortiProxy

FortiGate Next Generation Firewall is a network security appliance by Fortinet.

FortiGate Next Generation Firewall (Virtual Appliance)

A buffer underwrite ('buffer underflow') vulnerability in the administrative interface of Fortinet FortiOS version 7.2.0 through 7.2.3, version 7.0.0 through 7.0.6, version 6.4.0 through 6.4.11 and version 6.2.12 and below, FortiProxy version 7.2.0 through 7.2.2, version 7.0.0 through 7.0.8, version 2.0.12 and below and FortiOS-6K7K version 7.0.5, version 6.4.0 through 6.4.10 and version 6.2.0 through 6.2.10 and below allows a remote unauthenticated attacker to execute arbitrary code or commands via specifically crafted requests.

CVE-2023-25610

JavaScript is a high-level, interpreted programming language essential for creating interactive web applications, running directly in web browsers to enable dynamic content and user interface enhancements. It is integral to the web development stack, working seamlessly with HTML and CSS to build responsive and feature-rich websites.

JavaScript

Next.js is a popular React-based framework for building server-side rendered and statically generated web applications. It provides a powerful set of features including automatic code splitting, optimized performance, and built-in routing.

Next.js

Next.js is a React framework for building full-stack web applications. Prior to 14.2.25 and 15.2.3, it is possible to bypass authorization checks within a Next.js application, if the authorization check occurs in middleware. If patching to a safe version is infeasible, it is recommend that you prevent external user requests which contain the x-middleware-subrequest header from reaching your Next.js application. This vulnerability is fixed in 14.2.25 and 15.2.3.

CVE-2025-29927

Anaconda

GitHub is a web-based Git repository hosting service, which offers all of the distributed revision control and source code management (SCM) functionality of Git, as well as adding its own features. Unlike Git, which is strictly a command-line tool, GitHub provides a web-based graphical interface and desktop as well as mobile integration.

GitHub

reviewdog/action-setup is a GitHub action that installs reviewdog. reviewdog/action-setup@v1 was compromised March 11, 2025, between 18:42 and 20:31 UTC, with malicious code added that dumps exposed secrets to Github Actions Workflow Logs. Other reviewdog actions that use `reviewdog/action-setup@v1` that would also be compromised, regardless of version or pinning method, are reviewdog/action-shellcheck, reviewdog/action-composite-template, reviewdog/action-staticcheck, reviewdog/action-ast-grep, and reviewdog/action-typos.

CVE-2025-30154

Debian GNU/Linux is a Linux distribution composed of free and open-source software.

Linux Debian

quickjs-ng through 0.9.0 has an incorrect size calculation in JS_ReadBigInt for a BigInt, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

CVE-2025-46688

Debian

Debian Security Tracker

quickjs-ng through 0.9.0 has a missing length check in JS_ReadString for a string, leading to a heap-based buffer overflow. QuickJS before 2025-04-26 is also affected.

CVE-2025-46687

LibreOffice is a free and open-source office suite, developed by The Document Foundation. It was forked from OpenOffice.org in 2010. The suite comprises programs to do word processing, spreadsheets, slideshows, diagrams and drawings, maintain databases, and compose mathematical formulae.

LibreOffice

Red Hat Enterprise Linux is a Linux distribution developed by Red Hat for the commercial market.

Linux Red Hat

Improper Verification of Cryptographic Signature vulnerability in LibreOffice allows PDF Signature Spoofing by Improper Validation.




In the affected versions of LibreOffice a flaw in the verification code for adbe.pkcs7.sha1 signatures could cause invalid signatures to be accepted as valid




This issue affects LibreOffice: from 24.8 before < 24.8.6, from 25.2 before < 25.2.2.

CVE-2025-2866

Red Hat

Red Hat Errata

VulnCheck NVD++

Formidable (aka node-formidable) 2.1.0 through 3.x before 3.5.3 relies on hexoid to prevent guessing of filenames for untrusted executable content; however, hexoid is documented as not "cryptographically secure." (Also, there is a scenario in which only the last two characters of a hexoid string need to be guessed, but this is not often relevant.) NOTE: this does not imply that, in a typical use case, attackers will be able to exploit any hexoid behavior to upload and execute their own content.

CVE-2025-46653

Ghostscript is a PostScript and PDF interpreter and rendering engine with a set of page description languages and technology conversion capabilities covering PDF, PostScript, PCL, and XPS languages.

Ghostscript

In Artifex Ghostscript before 10.05.0, decode_utf8 in base/gp_utf8.c mishandles overlong UTF-8 encoding. NOTE: this issue exists because of an incomplete fix for CVE-2024-46954.

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-22457	CRITICAL	9.8	Ivanti Connect Secure	cpe:2.3:a:ivanti:connect_secure	Yes	Yes	Apr 03, 2025
CVE-2025-1974	CRITICAL	9.8	Ingress NGINX Controller (community-driven)	N/A	No	Yes	Mar 25, 2025
CVE-2023-25610	CRITICAL	9.3	FortiOS	cpe:2.3:o:fortinet:fortios	No	Yes	Mar 24, 2025
CVE-2025-29927	CRITICAL	9.1	JavaScript	jitsucom-jitsu	No	Yes	Mar 21, 2025
CVE-2025-30154	HIGH	8.6	GitHub	N/A	Yes	No	Mar 19, 2025

CVE ID	Severity	Score	Technologies	Component name	CISA KEV exploit	Has fix	Published date
CVE-2025-46688	MEDIUM	N/A	Linux Debian	quickjs	No	No	Apr 27, 2025
CVE-2025-46687	MEDIUM	N/A	Linux Debian	quickjs	No	No	Apr 27, 2025
CVE-2025-2866	LOW	N/A	LibreOffice	libreoffice	No	Yes	Apr 27, 2025
CVE-2025-46653	LOW	N/A	Linux Debian	gjs	No	No	Apr 26, 2025
CVE-2025-46646	MEDIUM	N/A	Ghostscript	cpe:2.3:a:artifex:ghostscript	No	Yes	Apr 26, 2025

Wiz Vulnerability Database

Explore by technology

Popular filters

High Profile

Most Recent

Vulnerabilities by the numbers

The good, the bad, and the vulnerable

Additional Wiz resources

Cloud Vulnerability DB

Cloud threat landscape

PEACH

Ready to see Wiz in action?