91 matches found
CVE-2025-24816
Technical details about CVE-2025-24816 are not publicly available in the provided documents; monitor for updates from Nokia and vulnerability databases.
The vulnerability of the dst_count_dec() function in the net/core/dst.c module, a support for network functions in the Linux kernel, allows a hacker to cause a service failure.
The vulnerability of the dstcountdec function in the net/core/dst.c module, part of the Linux kernel’s networking functions support, involves disclosing confidential information. Exploiting this vulnerability could allow an attacker to cause service failures...
Server-side Request Forgery (SSRF)
Overview Affected versions of this package are vulnerable to Server-side Request Forgery SSRF via the webhooks process. An attacker can access internal network resources and extract sensitive information by submitting crafted webhook URLs that resolve to internal IP addresses, causing the server ...
CVE-2025-11598 Exposure of Confidential Information in mObywatel application
In mObywatel iOS application an unauthorized user can use the App Switcher to view the account owner's personal information in the minimized app window, even after the login session has ended reopening the app would require the user to log in. The data exposed depends on the last application view...
Huawei HarmonyOS Memo Module Privilege Control Vulnerability
Huawei HarmonyOS is an operating system from Huawei China. It provides a full-scenario distributed operating system based on a microkernel. A privilege control vulnerability exists in the Huawei HarmonyOS memo module, which can be exploited by an attacker to compromise confidentiality...
PT-2025-86: Disclosure of confidential data via controller configuration request in Fastwel PLC web server
The vulnerability was identified in Fastwel programmable controllers, versions 3.4.5.0 CPM810-03, 3.4.9.1 СPM723-01. The discovered vulnerability can be exploited by an attacker to obtain administrator‑level privileges. Vulnerability status: Confirmed by vendor Date of vulnerability remediation:...
Tenda AC9 安全漏洞
Tenda AC9 is a dual-band wireless router launched by Shenzhen Jixiang Tenda Technology Co. in 2016. The Tenda AC9 suffers from a hard-coded vulnerability that originates from an unknown function in the file /etcro/shadow of the component management interface, which can be exploited by an attacker...
PT-2025-30698 · Hcl · Hcl Iautomate
Name of the Vulnerable Software and Affected Versions: HCL iAutomate affected versions not specified Description: HCL iAutomate includes hardcoded credentials, which could lead to the exposure of confidential data if intercepted or accessed by unauthorized parties. Recommendations: At the moment,...
Improper Certificate Validation
Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the SCT extension parsing process. An attacker can access confidential information by providing a specially crafted certificate containing a malformed SCT extension during X.509 certificate verificatio...
Vulnerability of the ipoctal_port_activate() function in the drivers/ipack/devices/ipoctal.c module – The IndustryPack device support driver for the Linux operating system allows attackers to compromise the confidentiality and accessibility of protected information.
Vulnerability of the ipoctalportactivate function in the drivers/ipack/devices/ipoctal.c module – The IndustryPack device support driver for the Linux operating system contains a vulnerability that may lead to the disclosure of confidential information. Exploiting this vulnerability could allow a...
Vulnerability of the vmbus_connect() function in the drivers/hv/connection.c module – Microsoft Hyper-V guest mode support driver for Linux operating systems. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of protected information.
Vulnerability of the vmbusconnect function in the drivers/hv/connection.c module – Microsoft’s Linux-based Hyper-V guest mode driver has a vulnerability that exposes confidential system information due to unprocessed debugging information. Exploitation of this vulnerability could allow an attacke...
PT-2025-17913
Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A security issue was found in Moodle where confidential information that prevents cross-site request forgery CSRF attacks was shared publicly through the site's URL. This issue occurred...
The vulnerability of the __inet_hash_connect() function in the net/ipv4/inet_hashtables.c module, which is part of the IPv4 protocol implementation in Linux kernel, allows a attacker to access protected information.
The vulnerability of the inethashconnect function in the net/ipv4/inethashtables.c module of the Linux operating system’s IPv4 protocol implementation involves the exposure of confidential information. Exploiting this vulnerability could allow a remote attacker to gain access to protected...
SAP NetWeaver AS Java Multiple Vulnerabilities (Feb 2025)
SAP NetWeaver Application Server for Java is affected by multiple vulnerabilities, including the following: - The User Admin application of SAP NetWeaver AS for Java insufficiently validates and improperly encodes the incoming URL parameters before including them into the redirect URL. This resul...
The vulnerability of the Puppet infrastructure automation tool and its startup application, Puppet Agent, relates to the insecure transfer of credentials. This allows a malicious individual to access confidential information.
The vulnerability of the Puppet infrastructure automation tool and its startup application, Puppet Agent, is related to the insecure transfer of credentials. Exploiting this vulnerability can allow a malicious actor, operating remotely, to gain access to confidential information...
RHEL 8 : haproxy (RHSA-2024:10267)
The remote Redhat Enterprise Linux 8 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2024:10267 advisory. The haproxy packages provide a reliable, high-performance network load balancer for TCP and HTTP-based applications. Security Fixes: haproxy:...
The vulnerability of the /xml/info.xml file of the HTTP GET Request Handler component in D-Link routers such as DNS-320, DNS-320LW, DNS-325, and DNS-340L microprogrammed software systems allows a hacker to disclose confidential information.
The vulnerability of the /xml/info.xml file of the HTTP GET Request Handler component in D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L microprogrammed software routers is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to disclose...
The vulnerability of the ImageOverlay::parse() function in the decoder and encoder for video and photo files in the libheif library allows a hacker to access confidential information.
The vulnerability of the ImageOverlay::parse function, used by the decoder and encoder for video and photo files in the libheif library, involves reading beyond the memory boundaries. Exploiting this vulnerability could allow a malicious actor to gain access to confidential information...
The vulnerability of the SCSI component in the Linux operating system allows a hacker to gain access to confidential information.
The vulnerability of the Linux operating system’s SCSI kernel component is related to excessive data output in the scsihostdevrelease function. Exploiting this vulnerability can allow an attacker to gain access to confidential information...
The vulnerability of the Linux operating system’s kernel, which allows a hacker to obtain encryption keys
The vulnerability of the Linux operating system’s kernel is related to the storage of confidential information in an open manner during the processing of DCP keys. Exploiting this vulnerability can allow a perpetrator to obtain encryption keys...