CVE-2025-31961

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios...

CVE-2025-31961

Technical details about CVE-2025-31961 are not publicly available in the provided documents. Monitor for updates; no confirmed affected products/versions, exploit details, or fixes are disclosed here.

CVE-2025-31961 HCL Connections is vulnerable to broken access control

HCL Connections contains a broken access control vulnerability that may allow unauthorized user to update data in certain scenarios...

Linux Distros Unpatched Vulnerability : CVE-2024-21000

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: Privileges. Supported versions that are affected are 8.0.36 and prior and...

[SECURITY] [DLA 4266-1] distro-info-data database update

Debian LTS Advisory DLA-4266-1 [email protected] https://www.debian.org/lts/security/ Stefano Rivera August 09, 2025 https://wiki.debian.org/LTS Package : distro-info-data Version : 0.51+deb11u9 This is a routine update of the distro-info-data database for Debian LTS users. It adds the...

Astra Linux – Vulnerability in Linux 6.12

In the Linux kernel, the following vulnerabilities have been resolved: ASoC: amd: acp: Fixed a NULL pointer dereference in acpi2ssettdmslot. Updated chip data using devgetdrvdatadev-parent to address the NULL pointer dereference in acpi2ssettdmSlot...

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system for resource management allows a perpetrator to gain unauthorized access to read, update, add, and delete data.

The vulnerability of the Web Runtime SEC component of the JD Edwards EnterpriseOne Tools system relates to access control errors. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to read, update, add, and delete data using the HTTP protocol...

PT-2025-23482 · Qt Company +3 · Qt +3

Name of the Vulnerable Software and Affected Versions: Qt versions 5.15.18 and earlier, 6.0.0 through 6.5.8, 6.6.0 through 6.8.3, and 6.9.0 Description: An issue was found in the private API function qDecodeDataUrl in QtCore, which is used in QTextDocument and QNetworkReply. If the function is...

CVE-2025-48875

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.181, the system's incorrect validation of lastname and firstname during profile data updates allows for the injection of arbitrary JavaScript code, which will be executed in a flesh-message when the data is deleted...

CVE-2023-0944

Bhima version 1.27.0 allows an authenticated attacker with regular user permissions to update arbitrary user session data such as username, email and password. This is possible because the application is vulnerable to IDOR, it does not correctly validate user permissions with respect to certain...

CVE-2021-2147

Vulnerability in the Oracle ZFS Storage Appliance Kit product of Oracle Systems component: Installation. The supported version that is affected is 8.8. Difficult to exploit vulnerability allows high privileged attacker with logon to the infrastructure where Oracle ZFS Storage Appliance Kit execut...

CVE-2025-37919

In the Linux kernel, the following vulnerability has been resolved: ASoC: amd: acp: Fix NULL pointer deref in acpi2ssettdmslot Update chip data using devgetdrvdatadev-parent to fix NULL pointer deref in acpi2ssettdmslot...

CVE-2025-37919

CVE-2025-37919 affects the Linux kernel (AMD SoC ASoC/ACPi2S) via a NULL pointer dereference in the function acp_i2s_set_tdm_slot . The root cause is dereferencing a NULL chip data reference when updating ACPI/I2S state. The remediation, as stated in the description, is to update chip data using ...

PT-2025-22181 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A NULL pointer dereference issue has been resolved in the Linux kernel, specifically in the ASoC: amd: acp component. The issue was fixed by updating chip data using dev get...

CVE-2023-53100

In the Linux kernel, the following vulnerability has been resolved: ext4: fix WARNING in ext4updateinlinedata Syzbot found the following issue: EXT4-fs loop0: mounted filesystem 00000000-0000-0000-0000-000000000000 without journal. Quota mode: none. fscrypt: AES-256-CTS-CBC using implementation...

[SECURITY] [DLA 4138-1] distro-info-data database update

Debian LTS Advisory DLA-4138-1 [email protected] https://www.debian.org/lts/security/ Stefano Rivera April 26, 2025 https://wiki.debian.org/LTS Package : distro-info-data Version : 0.51+deb11u8 This is a routine update of the distro-info-data database for Debian LTS users. It adds Ubunt...

CVE-2025-27631

The TRMTracker web application is vulnerable to LDAP injection attack potentially allowing an attacker to inject code into a query and execute remote commands that can read and update data on the website...

appstream-data bug fix and enhancement update

An update is available for appstream-data. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...

CVE-2025-25614

Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers...

CVE-2025-25614

Incorrect Access Control in Unifiedtransform 2.0 leads to Privilege Escalation, which allows teachers to update the personal data of fellow teachers...