498 matches found
CVE-2026-22042 RustFS has IAM Incorrect Authorization in ImportIam that Allows Privilege Escalation
RustFS is a distributed object storage system built in Rust. Prior to version 1.0.0-alpha.79, he ImportIam admin API validates permissions using ExportIAMAction instead of ImportIAMAction, allowing a principal with export-only IAM permissions to perform import operations. Since importing IAM data...
CVE-2025-43473
This issue was addressed with improved state management. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2025-43471
The issue was addressed with improved checks. This issue is fixed in macOS Tahoe 26.1. An app may be able to access sensitive user data...
CVE-2025-43517
A privacy issue was addressed with improved private data redaction for log entries. This issue is fixed in macOS Tahoe 26.2, macOS Sequoia 15.7.3, macOS Sonoma 14.8.3. An app may be able to access protected user data...
CVE-2025-65681
An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...
PT-2025-45431
Name of the Vulnerable Software and Affected Versions Notification Center versions prior to 2.1.0.3443 Notification Center versions prior to 1.9.2.3163 Notification Center versions prior to 3.0.0.3466 Description A cross-site scripting XSS issue exists in Notification Center. An attacker who...
SUSE SLES15: java-1_8_0-ibm / java-1_8_0-ibm-32bit / java-1_8_0-ibm-alsa / etc (SUSE-SU-2025:3965-1)
The remote SUSE Linux SLES15 / SLESSAP15 / openSUSE 15 host has packages installed that are affected by multiple vulnerabilities as referenced in the SUSE-SU-2025:3965-1 advisory. - CVE-2025-53057: Fixed an issue where an unauthenticated attacker can achieve unauthorized creation, deletion or...
CVE-2025-41337 Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarSSOParametros.php'...
CVE-2025-41336 Missing Authorization vulnerability in CanalDenuncia.app
A lack of authorisation vulnerability has been detected in CanalDenuncia.app. This vulnerability allows an attacker to access other users' information by sending a POST through the parameter 'web' in '/backend/api/buscarConfiguracionParametros.php'...
CVE-2025-43469
A permissions issue was addressed with additional restrictions. This issue is fixed in macOS Sequoia 15.7.2, macOS Sonoma 14.8.2, macOS Tahoe 26.1. An app may be able to access sensitive user data...
PHPGurukul News Portal 安全漏洞
News Portal is a news portal. News Portal has a hard-coded vulnerability that stems from the use of a fixed encryption key for the handling of the SECRETKEY parameter in the file /onps/settings.py. An attacker could exploit this vulnerability to obtain sensitive system information...
PT-2025-44811
Name of the Vulnerable Software and Affected Versions macOS versions prior to Sonoma 14.8.2 macOS versions prior to Sequoia 15.7.2 Description A logic issue existed due to insufficient checks, potentially allowing an application to access user-sensitive data. Recommendations Update to macOS Sonom...
CVE-2025-62592
Vulnerability in the Oracle VM VirtualBox product of Oracle Virtualization component: Core. Supported versions that are affected are 7.1.12 and 7.2.2. Easily exploitable vulnerability allows high privileged attacker with logon to the infrastructure where Oracle VM VirtualBox executes to compromis...
CVE-2025-43313
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data...
CVE-2025-43313
A logic issue was addressed with improved restrictions. This issue is fixed in macOS Sequoia 15.6, macOS Sonoma 14.7.7, macOS Ventura 13.7.7. An app may be able to access sensitive user data...
PT-2025-41511
Name of the Vulnerable Software and Affected Versions Contacts versions prior to SMR Oct-2025 Release 1 Description An improper input validation issue exists in Contacts prior to the SMR Oct-2025 Release 1. This allows local attackers to access data across multiple user profiles. The vulnerabilit...
EUVD-2020-17930
Malware in sbrugna...
EUVD-2017-2540
Malware in sbrugna...
EUVD-2020-26173
Malware in sbrugna...
EUVD-2017-6414
Malware in sbrugna...