CVE-2025-46175

Ruoyi v4.8.0 is vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the authRole method of SysUserController.java...

Security Bulletin: Vulnerability in IBM Java affects IBM SAN Volume Controller, IBM Storwize, IBM Storage Virtualize and IBM FlashSystem products

Summary A vulnerability in IBM® Runtime Environment Java™ Technology Edition affect the product's management GUI and could cause a confidentiality impact. The Command Line Interface is unaffected. CVE-2025-30754. Vulnerability Details CVEID:CVE-2025-30754 DESCRIPTION: Vulnerability in the Oracle...

CVE-2025-46174

Ruoyi v4.8.0 vulnerable to Incorrect Access Control. There is a missing checkUserDataScope permission check in the resetPwd Method of SysUserController.java...

PT-2025-48150

Name of the Vulnerable Software and Affected Versions Ruoyi version 4.8.0 Description The software contains an incorrect access control issue. Specifically, a permission check is missing in the resetPwd method of the SysUserController.java file. This allows for potential privilege escalation...

CVE-2025-46174

CVE-2025-46174 affects Ruoyi v4.8.0. The issue is an Incorrect Access Control due to a missing checkUserDataScope permission check in the resetPwd method of SysUserController.java. This could allow unauthorized password resets without proper data-scope validation, enabling potential privilege esc...

PT-2025-48161

Name of the Vulnerable Software and Affected Versions Frappe CRM version 1.53.1 Description The Frappe CRM Dashboard Controller contains multiple SQL injection flaws. These flaws are due to the unsafe concatenation of user-controlled parameters into dynamic SQL statements. The issue allows for...

VulnCheck KEV: CVE-2025-52207

PBXCoreREST/Controllers/Files/PostController.php in MikoPBX through 2024.1.114 allows uploading a PHP script to an arbitrary directory...

kernel: Bluetooth: Fix potential use-after-free when clear keys

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: Fix potential use-after-free when clear keys Similar to commit c5d2b6fa26b5 "Bluetooth: Fix use-after-free in hciremoveltk/hciremoveirk". We can not access k after kfreercu call...

Important: Red Hat Security Advisory: RHTAS 1.3.1 - Tech Preview Release Of the Policy Controller Operator

The Tech Preview release of the RHTAS Policy Controller Operator. For more details please visit the product documentation at https://access.redhat.com/documentation/en-us/redhattrustedartifactsigner/1.3 The RHTAS Policy Controller Operator can be used with OpenShift Container Platform 4.15, 4.16,...

ROS-20251125-01

A vulnerability in the cross-platform software development framework Qt is related to a bug in the data boundary checking when reading data from Bluetooth L2CAP socket in processUnsolicitedReply and processReply in bluetooth/qlowenergycontrollerbluez.cpp. Exploitation of the vulnerability could...

EUVD-2025-199172

Malicious code in bestgpiocontroller npm...

CVE-2025-13564

A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible to be carried out...

CVE-2025-13564 SourceCodester Pre-School Management System FilehelperController.php removefile denial of service

A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible to be carried out...

CVE-2025-13564 SourceCodester Pre-School Management System FilehelperController.php removefile denial of service

A security flaw has been discovered in SourceCodester Pre-School Management System 1.0. Impacted is the function removefile of the file app/controllers/FilehelperController.php. Performing manipulation of the argument filepath results in denial of service. The attack is possible to be carried out...

CLSA-2025-1763722365 kernel: Fix of 62 CVEs

wifi: mwifiex: Fix OOB and integer underflow when rx packets CVE-2023-53226 CVE-2023-53226 - wifi: mac80211: check S1G action frame size CVE-2023-53257 CVE-2023-53257 - wifi: cfg80211: fix use-after-free in cmpbss CVE-2025-39864 CVE-2025-39864 - partitions: mac: fix handling of bogus partition...

GHSA-F6X5-JH6R-WRFV vulnerabilities

Vulnerabilities for packages: kafka-proxy, sftpgo-plugin-pubsub, promxy, dgraph, kube-state-metrics, crossplane-provider-aws-kinesis, sftpgo-plugin-auth, vault-k8s, kserve-modelmesh-serving, eksctl, crossplane-provider-aws-iam, skopeo, cluster-api-gcp-controller, openbao-k8s, flannel,...

CVE-2025-47914 vulnerabilities

Vulnerabilities for packages: kafka-proxy, sftpgo-plugin-pubsub, promxy, dgraph, kube-state-metrics, crossplane-provider-aws-kinesis, sftpgo-plugin-auth, vault-k8s, kserve-modelmesh-serving, eksctl, crossplane-provider-aws-iam, skopeo, cluster-api-gcp-controller, openbao-k8s, flannel,...

CVE-2025-58181 vulnerabilities

Vulnerabilities for packages: kafka-proxy, sftpgo-plugin-pubsub, promxy, kubernetes-event-exporter, dgraph, kube-state-metrics, crossplane-provider-aws-kinesis, sftpgo-plugin-auth, pdfcpu, kserve-modelmesh-serving, eksctl, crossplane-provider-aws-iam, wal-g, skopeo, cluster-api-gcp-controller,...

GHSA-J5W8-Q4QC-RX2X vulnerabilities

Vulnerabilities for packages: kafka-proxy, sftpgo-plugin-pubsub, promxy, kubernetes-event-exporter, dgraph, kube-state-metrics, crossplane-provider-aws-kinesis, sftpgo-plugin-auth, pdfcpu, kserve-modelmesh-serving, eksctl, crossplane-provider-aws-iam, wal-g, skopeo, cluster-api-gcp-controller,...

Vulnerabilities fixed in Arista EOS

Arista has fixed vulnerabilities in the Arista EOS platform. The vulnerabilities are related to the processing of malformed messages, which can lead to system crashes and denial-of-service conditions. High-privileged attackers can exploit these vulnerabilities, leading to severe operational...