PT-2026-46890

Summary This is a vertical authorization bypass in the Admin API affecting order state transition features /api/ action/order/orderId/state/transition and similar transaction/delivery transition routes. The root cause is that the transition action routes do not declare required server-side ACL...

Linux kernel 安全漏洞

The Linux kernel is the kernel used by the Linux operating system developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from the SELinux socket permission helper function directly dereferencing sk-sksecurity. Assuming that the...

libvirt: Denial of service in XML parsing

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

SUSE-SU-2026:0375-1 Security update for libvirt

This update for libvirt fixes the following issues: Security fixes: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278 Other fixes: - libvirt-supportconfig: Add support...

SUSE-SU-2026:0279-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed check ACLs before parsing the whole domain XML bsc1253278...

SUSE-SU-2026:0068-1 Security update for libvirt

This update for libvirt fixes the following issues: - CVE-2025-13193: Fixed umask for 'qemu-img' when creating external inactive snapshots bsc1253703 - CVE-2025-12748: Fixed Check ACLs before parsing the whole domain XML bsc1253278...

CVE-2025-12748 Libvirt: denial of service in xml parsing

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

CVE-2025-12748 Libvirt: denial of service in xml parsing

A flaw was discovered in libvirt in the XML file processing. More specifically, the parsing of user provided XML files was performed before the ACL checks. A malicious user with limited permissions could exploit this flaw by submitting a specially crafted XML file, causing libvirt to allocate too...

EUVD-2013-0437

Malware in sbrugna...

EUVD-2013-0436

Malware in sbrugna...

EUVD-2024-39995

Malicious code in bioql PyPI...

CVE-2025-49584

XWiki is a generic wiki platform. In XWiki Platform versions 10.9 through 16.4.6, 16.5.0-rc-1 through 16.10.2, and 17.0.0-rc-1, the title of every single page whose reference is known can be accessed through the REST API as long as an XClass with a page property is accessible, this is the default...

CVE-2025-49584

XWiki is a generic wiki platform. In XWiki Platform versions 10.9 through 16.4.6, 16.5.0-rc-1 through 16.10.2, and 17.0.0-rc-1, the title of every single page whose reference is known can be accessed through the REST API as long as an XClass with a page property is accessible, this is the default...

CVE-2025-49584 XWiki makes title of inaccessible pages available through the class property values REST API

XWiki is a generic wiki platform. In XWiki Platform versions 10.9 through 16.4.6, 16.5.0-rc-1 through 16.10.2, and 17.0.0-rc-1, the title of every single page whose reference is known can be accessed through the REST API as long as an XClass with a page property is accessible, this is the default...

CVE-2024-12305

An object-level access control vulnerability in Unifiedtransform version 2.0 and potentially earlier versions allows unauthorized access to student grades. A malicious student user can view grades of other students by manipulating the studentid parameter in the marks viewing endpoint. The...

CVE-2024-5128

An Insecure Direct Object Reference IDOR vulnerability was identified in lunary-ai/lunary, affecting versions up to and including 1.2.2. This vulnerability allows unauthorized users to view, update, or delete any datasetprompt or datasetpromptvariation within any dataset or project. The issue ste...

CVE-2024-42169 HCL MyXalytics is affected by insecure direct object references

HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data...

CVE-2024-42169

CVE-2024-42169 affects HCL DRYiCE MyXalytics (MyXalytics) with an insecure direct object reference caused by missing access control checks. The CVE entry and multiple connected sources (NVD, CVE List, CIRCL, PT Security) consistently describe unauthorized access to data due to insufficient verifi...

CVE-2024-42169 HCL MyXalytics is affected by insecure direct object references

HCL MyXalytics is affected by insecure direct object references. It occurs due to missing access control checks, which fail to verify whether a user should be allowed to access specific data...

Huawei EulerOS: Security Advisory for samba (EulerOS-SA-2024-2659)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...