USB: hub: Ignore non-compliant devices with too many configs or interfaces

...

AZL-59712 CVE-2025-32464 affecting package haproxy for versions less than 2.9.11-3

HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sampleconvregsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one...

CVE-2025-32464

HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sampleconvregsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one...

CVE-2025-32464

HAProxy 2.2 through 3.1.6, in certain uncommon configurations, has a sampleconvregsub heap-based buffer overflow because of mishandling of the replacement of multiple short patterns with a longer one...

How SSL Misconfigurations Impact Your Attack Surface

When assessing an organization's external attack surface, encryption-related issues especially SSL misconfigurations receive special attention. Why? Their widespread use, configuration complexity, and visibility to attackers as well as users make them more likely to be exploited. This highlights...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory: Description Medium SECURITY-3512 / CVE-2025-31720 Missing permission check allows retrieving agent configurations Description Medium SECURITY-3513 / CVE-2025-31721 Missing permission check allows retrieving secrets from agent configurations...

CVE-2025-2877

A flaw was found in the Ansible Automation Platform's Event-Driven Ansible. In configurations where verbosity is set to "debug", inventory passwords are exposed in plain text when starting a rulebook activation. This issue exists for any "debug" action in a rulebook and also affects Event Streams...

PT-2025-13591 · Onenav · Onenav

Name of the Vulnerable Software and Affected Versions: OneNav version 1.1.0 Description: The issue is related to Server-Side Request Forgery SSRF in custom headers. This means an attacker could potentially force the server to make requests to arbitrary domains, which could lead to unauthorized...

PT-2025-13554 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: This issue is an information disclosure problem that leaks sensitive details, such as API keys and system configurations, which could provide attackers with the necessary information to laun...

PT-2025-13167

Name of the Vulnerable Software and Affected Versions Synology Mail Server versions prior to DSM 7.2/7.1 Description A vulnerability in Synology Mail Server allows authenticated users to tamper with system configurations, risking mail stability. The issue can be exploited by remote attackers,...

DEBIAN-CVE-2025-23203

Icinga Director is an Icinga config deployment tool. A Security vulnerability has been found starting in version 1.0.0 and prior to 1.10.4 and 1.11.4 on several director endpoints of REST API. To reproduce this vulnerability an authenticated user with permission to access the Director is required...

Security Bulletin: IBM Robotic Process Automation is vulnerable to incorrect permission assignment

Summary IBM Robotic Process Automation is vulnerable to incorrect permission assignment which could allow access to application configurations. Vulnerability Details CVEID:CVE-2022-43574 DESCRIPTION: IBM Robotic Process Automation is vulnerable to incorrect permission assignment which could allow...

CVE-2025-29314

Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...

Hitachi Energy TRMTracker

SUMMARY Hitachi Energy is aware of the multiple vulnerabilities that affect the TRMTracker product versions listed in this document. An attacker successfully exploiting these vulnerabilities can cause confidentiality and integrity impacts. Please refer to the Recommended Immediate Actions for...

B&R Industrial Automation B&R APROL 安全漏洞

B&R Industrial Automation B&R APROL is a process control system from B&R Industrial Automation, Austria. A security vulnerability exists in B&R Industrial Automation B&R APROL versions prior to 4.4-01, which stems from a misassignment of critical resource permissions in the file system, and could...

CVE-2025-29314

Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...

CVE-2025-29314

Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...

CVE-2025-29314

Insecure Shiro cookie configurations in OpenDaylight Service Function Chaining SFC Subproject SFC Sodium-SR4 and below allow attackers to access sensitive information via a man-in-the-middle attack...

CVE-2025-29314

CVE-2025-29314 affects OpenDaylight Service Function Chaining (SFC) Sodium-SR4 and earlier. The root cause is insecure Shiro cookie configurations (e.g., _secureCookies=False, _httpOnly=False) that enable a man-in-the-middle to access sensitive data. CVSSv3.1: 8.1 (HIGH) with network attack vecto...

CVE-2024-11821

A privilege escalation vulnerability exists in langgenius/dify version 0.9.1. This vulnerability allows a normal user to modify Orchestrate instructions for a chatbot created by an admin user. The issue arises because the application does not properly enforce access controls on the endpoint...