PT-2025-24894 · Pure Storage · Pure Storage Flashblade

Name of the Vulnerable Software and Affected Versions: Pure Storage FlashBlade affected versions not specified Description: The issue is related to improper input validation during the authentication process, which could lead to a system Denial of Service. Recommendations: At the moment, there is...

The vulnerability of SiPass integrated software for security and access control systems lies in the lack of authentication for a critical function, allowing attackers to gain unauthorized access to confidential data.

The vulnerability of SiPass integrated software for security and access control systems is related to the lack of authentication for critical functions. Exploiting this vulnerability could allow an attacker operating remotely to gain unauthorized access to confidential data...

PT-2025-24375 · Quantenna · Quantenna Wi-Fi Chipset

Name of the Vulnerable Software and Affected Versions: Quantenna Wi-Fi chipset versions through 8.0.0.28 Description: The issue concerns an unauthenticated telnet interface that ships by default with the Quantenna Wi-Fi chips, classified as CWE-306, "Missing Authentication for Critical Function."...

Samba 4.21.x < 4.21.6 / 4.22.x < 4.22.2 Security Bypass Vulnerability

The version of Samba installed on the remote host is 4.21.x prior to 4.21.6, or 4.22.x prior to 4.22.2. It is, therefore, affected by a security bypass vulnerability. A flaw exists with smbd when using Kerberos authentication with smb, due to using the cached user group permissions when...

CVE-2025-5532

The CVE-2025-5532 issue affects the Campus Directory – Faculty, Staff & Student Directory Plugin for WordPress. It is a Stored Cross-Site Scripting vulnerability in the emd_mb_meta shortcode, present in all versions up to 1.9.0. Exploitation requires authenticated access at contributor level or h...

CVE-2025-24015

Deno (JavaScript/TypeScript/WebAssembly runtime) versions 1.46.0–2.1.6 suffer from a bug where AES-256-GCM and AES-128-GCM authentication tags are not validated, allowing tampered ciphertexts or incorrect keys to bypass integrity checks. The issue also affects AAD within GCM (set_aad), underminin...

CVE-2025-25020

IBM QRadar Suite Software 1.10.12.0 through 1.11.2.0 and IBM Cloud Pak for Security 1.10.0.0 through 1.10.11.0 could allow an authenticated user to cause a denial of service due to improperly validating API data input...

CVE-2025-46548

CVE-2025-46548 affects Pekko Management (Java DSL) where enabling Basic Authentication may cause the authenticator to not be properly applied. The issue can lead to insufficient access control if management ports are not restricted to trusted users. The advisory recommends upgrading Pekko Managem...

GHSA-95RC-WC32-GM53 Gokapi vulnerable to stored XSS via uploading file with malicious file name

Impact When using end-to-end encryption, a stored XSS vulnerability can be exploited by uploading a file with JavaScript code embedded in the filename. After upload and every time someone opens the upload list, the script is then parsed. With the affected versions v2.0, there was no user permissi...

PT-2025-23646 · Unknown · Quequnlong Shiyi-Blog

Name of the Vulnerable Software and Affected Versions: quequnlong shiyi-blog versions up to 1.2.1 Description: A critical issue was found in the Administrator Backend component, specifically in the /api/sys/user/verifyPassword/ endpoint, affecting an unknown function. This leads to improper...

Samba Missing Re-Authentication Vulnerability (CVE-2025-0620)

Samba is prone to a vulnerability when re-authenticating an expired SMB session. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

CVE-2025-31264

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with physical access to a locked device may be able to view sensitive user information...

CVE-2025-25026

IBM Security Guardium 12.0 could allow an authenticated user to obtain sensitive information due to an incorrect authentication check...

CVE-2025-48929

The TeleMessage service through 2025-05-05 implements authentication through a long-lived credential e.g., not a token with a short expiration time that can be reused at a later date if discovered by an adversary...

CVE-2025-31264

An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access to a locked device may be able to view sensitive user information...

CVE-2025-31264

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with physical access to a locked device may be able to view sensitive user information...

CVE-2025-31264

An authentication issue was addressed with improved state management. This issue is fixed in macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5. An attacker with physical access to a locked device may be able to view sensitive user information...

CVE-2025-31264

An authentication issue was addressed with improved state management. This issue is fixed in macOS Ventura 13.7.5, macOS Sequoia 15.4, macOS Sonoma 14.7.5. An attacker with physical access to a locked device may be able to view sensitive user information...

CVE-2025-31264

The CVE-2025-31264 entry concerns an authentication issue in macOS devices where improved state management fixes allow viewing sensitive user information on a locked device. Affected products and fixes identified in connected sources include macOS Ventura 13.7.5, macOS Sequoia 15.4, and macOS Son...

CVE-2025-40653

User enumeration vulnerability in M3M Printer Server Web. This issue occurs during user authentication, where a difference in error messages could allow an attacker to determine whether a username is valid or not, allowing a brute force attack on valid usernames...