CVE-2025-27773

CVE-2025-27773 affects the SimpleSAMLphp SAML2 library. A signature confusion attack exists in the HTTPRedirect binding where an attacker who has any signed SAMLResponse can cause the application to accept an unsigned message. This impacts versions prior to 4.17.0 and 5.0.0-alpha.20. The issue is...

CVE-2025-27773

The SimpleSAMLphp SAML2 library is a PHP library for SAML2 related functionality. Prior to versions 4.17.0 and 5.0.0-alpha.20, there is a signature confusion attack in the HTTPRedirect binding. An attacker with any signed SAMLResponse via the HTTP-Redirect binding can cause the application to...

CVE-2025-27601 Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality

Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...

GHSA-6FFG-MJG7-585X Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality

Impact An improper API access control issue has been identified, allowing low-privilege, authenticated users to create and update data type information that should be restricted to users with access to the settings section. Patches Will be patched in 14.3.3 and 15.2.3. Workarounds None available...

CVE-2025-27395

Siemens SCALANCE LPE9403 (6GK5998-3GS00-2AC2) is affected. All versions prior to V4.0 expose SFTP file access with insufficient scope/privilege restrictions, enabling an authenticated, highly-privileged remote attacker to read and write arbitrary files. Root cause: inadequate restriction of file ...

March 11, 2025—Hotpatch KB5053638 (OS Build 20348.3270)

March 11, 2025—Hotpatch KB5053638 OS Build 20348.3270 Improvements and fixes This security update includes quality improvements. The following summary outlines key issues addressed by the KB update after you install it. Also, included are available new features. The bold text within the brackets...

February 11, 2025—KB5051987 (OS Build 26100.3194)

February 11, 2025—KB5051987 OS Build 26100.3194 For information about Windows update terminology, see the article about the types of Windows updates and the monthly quality update types. For an overview of Windows 11, version 24H2, see its update history page. Note Follow @WindowsUpdate to find o...

CVE-2025-27433

The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and...

CVE-2025-27433 Broken Access Control vulnerabilities in SAP S/4HANA (Manage Bank Statements)

The Manage Bank Statements in SAP S/4HANA allows authenticated attacker to bypass certain functionality restrictions of the application and upload files to a reversed bank statement. This vulnerability has a low impact on the application's integrity, with no effect on confidentiality and...

Microsoft Management Console 安全漏洞

Microsoft Management Console is a general-purpose management console framework from Microsoft Corporation USA that hosts and manages a variety of system management tools called console plug-ins or management units. A security vulnerability exists in Microsoft Management Console. An attacker...

GHSA-PVMX-MJMH-JFCX Concrete CMS affected by a stored XSS in Folder Function.The "Add Folder" functionality

Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...

CVE-2025-0660

Concrete CMS versions 9.0.0 through 9.3.9 are affected by a stored XSS in Folder Function.The "Add Folder" functionality lacks input sanitization, allowing a rogue admin to inject XSS payloads as folder names. The Concrete CMS security team gave this vulnerability a CVSS 4.0 Score of 4.8 with...

CVE-2024-12604 Improper Authentication in Tapandsign Technologies Tap and Sign App

Cleartext Storage of Sensitive Information in an Environment Variable, Weak Password Recovery Mechanism for Forgotten Password vulnerability in Tapandsign Technologies Tap&Sign App allows Password Recovery Exploitation, Functionality Misuse. This issue affects Tap&Sign App: before V.1.025...

K000150300: json-c vulnerability CVE-2013-6370 and CVE-2013-6371

Security Advisory Description CVE-2013-6370 Buffer overflow in the printbuf APIs in json-c before 0.12 allows remote attackers to cause a denial of service via unspecified vectors. CVE-2013-6371 The hash functionality in json-c before 0.12 allows context-dependent attackers to cause a denial of...

Termius Installed (Windows)

Binary data termiuswininstalled.nbin...

CVE-2025-2040 zhijiantianya ruoyi-vue-pro deploy special elements used in a template engine

A vulnerability classified as critical was found in zhijiantianya ruoyi-vue-pro 2.4.1. Affected by this vulnerability is an unknown functionality of the file /admin-api/bpm/model/deploy. The manipulation leads to improper neutralization of special elements used in a template engine. The attack ca...

CVE-2024-58072 wifi: rtlwifi: remove unused check_buddy_priv

In the Linux kernel, the following vulnerability has been resolved: wifi: rtlwifi: remove unused checkbuddypriv Commit 2461c7d60f9f "rtlwifi: Update header file" introduced a global list of private data structures. Later on, commit 26634c4b1868 "rtlwifi Modify existing bits to match vendor versio...

Linux Distros Unpatched Vulnerability : CVE-2024-50255

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: hci: fix null-ptr-deref in hcireadsupportedcodecs Fix hcicmdsyncsk to return not...

PT-2025-9968 · Linux +3 · Linux Kernel +3

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A vulnerability in the Linux kernel's Bluetooth functionality has been resolved. The issue was related to the Mediatek btusb code, which did not properly claim the device lock when...

Linux Distros Unpatched Vulnerability : CVE-2024-57988

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: Bluetooth: btbcm: Fix NULL deref in btbcmgetboardname devmkstrdup can return a NULL pointer ...