11468 matches found
OESA-2025-2468 kernel security update
The Linux Kernel, the operating system core itself. Security Fixes: In the Linux kernel, the following vulnerability has been resolved: mmc: vub300: fix return value check of mmcaddhost mmcaddhost may return error, if we ignore its return value, the memory that allocated in mmcallochost will be...
EUVD-2025-34863
In NextX Duo's snmp addon versions before 6.4.4, a part of the Eclipse Foundation ThreadX, an attacker could cause an out-of-bound read by a crafted SNMPv3 security parameters...
CVE-2025-39978
In the Linux kernel, the following vulnerability has been resolved: octeontx2-pf: Fix potential use after free in otx2tcaddflow This code calls kfreercunewnode, rcu and then dereferences "newnode" and then dereferences it on the next line. Two lines later, we take a mutex so I don't think this is...
CVE-2025-39967
In the Linux kernel, the following vulnerability has been resolved: fbcon: fix integer overflow in fbcondosetfont Fix integer overflow vulnerabilities in fbcondosetfont where font size calculations could overflow when handling user-controlled font parameters. The vulnerabilities occur when: 1...
Incorrect Authorization
Overview github.com/mattermost/mattermost/server/v8/channels/api4 is a platform for secure collaboration across the entire software development lifecycle Affected versions of this package are vulnerable to Incorrect Authorization via the /api/v4/channels/channelid/members endpoint. An attacker ca...
CVE-2025-9437
A security issue exists within the Studio 5000 Logix Designer add-on profile AOP for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model COM methods...
kernel: net_sched: ets: Fix double list add in class with netem as child qdisc
A use-after-free vulnerability was found in the Linux kernel’s netem qdisc. This issue occurs when it incorrectly manages duplicated packets in classful parent qdiscs. This leads to a corrupted internal state and eventual dereferencing of freed memory, resulting in unpredictable behavior, system...
kernel: net_sched: ets: Fix double list add in class with netem as child qdisc
A use-after-free vulnerability was found in the Linux kernel’s netem qdisc. This issue occurs when it incorrectly manages duplicated packets in classful parent qdiscs. This leads to a corrupted internal state and eventual dereferencing of freed memory, resulting in unpredictable behavior, system...
RHEL 8 : kernel (RHSA-2025:18043)
The remote Redhat Enterprise Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:18043 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: drm/vkms: Fix use after free...
Simple Online Hotel Reservation System Cross-Site Scripting Vulnerability
Simple Online Hotel Reservation System is a simple online hotel reservation system. A cross-site scripting vulnerability exists in Simple Online Hotel Reservation System, which arises from unvalidated input to the Description field in the Add Room function, no details of the vulnerability are...
Courier Management System add-courier.php File SQL Injection Vulnerability
Courier Management System is a courier management system. The Courier Management System suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter Shippername in the file /add-courier.php. An attacker can exploit th...
E-Commerce Website product_add_qty.php file SQL injection vulnerability
E-Commerce Website is an e-commerce website. E-Commerce Website suffers from a SQL injection vulnerability that originates from the lack of validation of externally entered SQL statements in the parameter prodid in file /pages/productaddqty.php. An attacker can exploit this vulnerability to execu...
CVE-2025-9437
The CVE-2025-9437 entry describes a denial-of-service vulnerability in the Studio 5000 Logix Designer add-on profile (AOP) used with Rockwell Automation’s ArmorStart Classic distributed motor controller. Technical details across connected sources indicate the issue stems from inputting invalid va...
CVE-2025-9437 Rockwell Automation ArmorStart® AOP Denial-of-Service Vulnerability
A security issue exists within the Studio 5000 Logix Designer add-on profile AOP for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model COM methods...
CVE-2025-9437 Rockwell Automation ArmorStart® AOP Denial-of-Service Vulnerability
A security issue exists within the Studio 5000 Logix Designer add-on profile AOP for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model COM methods...
EUVD-2025-34179
A security issue exists within the Studio 5000 Logix Designer add-on profile AOP for the ArmorStart Classic distributed motor controller, resulting in denial-of-service. This vulnerability is possible due to the input of invalid values into Component Object Model COM methods...
CVE-2025-11667
A vulnerability was found in code-projects Automated Voting System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/addcandidatemodal.php.. The manipulation of the argument firstname results in sql injection. The attack can be executed remotely. The exploit has...
PT-2025-41893
Name of the Vulnerable Software and Affected Versions Studio 5000 Logix Designer affected versions not specified Description A security issue exists that can lead to a denial-of-service condition. This is caused by providing invalid values to Component Object Model COM methods. The vulnerability...
Authorization Bypass Through User-Controlled Key
Overview com.liferay.portal:com.liferay.portal.impl is a package part of Liferay. Affected versions of this package are vulnerable to Authorization Bypass Through User-Controlled Key via the comliferayusersadminwebportletUsersAdminPortletaddUserIds parameter. An attacker can assign an organizatio...
CVE-2025-62252
Insecure Direct Object Reference IDOR vulnerability in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.5, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions allows remote authenticated users in o...