ROS-20260505-73-0054

A vulnerability in the http.cookies.Morsel component of the Python programming language interpreter is related to the failure to take measures to neutralize CRLF sequences. Exploitation of the vulnerability could allow a remote attacker to affect the availability of protected information...

ROS-20260407-73-0034

A vulnerability in the fs/buffer.c component of the Linux operating system kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability allows an intruder to affect the integrity and availability of protected information...

ROS-20260320-73-0008

A vulnerability in the SSH server of the library for the Go crypto programming language is related to unrestricted resource allocation. Exploitation of the vulnerability could allow a remote attacker to affect the availability of protected information...

ROS-20260209-73-0007

A vulnerability in the bytes.decode function of the Python programming language interpreter CPython is related to memory usage after it has been freed. Exploitation of the vulnerability could allow an attacker to affect the availability of protected information...

ROS-20251219-7303

A vulnerability in the MongoDB database management system server is related to the use of assert or a similar operator. Exploitation of the vulnerability could allow a remote attacker to affect the availability of protected information...

PT-2025-51842

Name of the Vulnerable Software and Affected Versions Cisco AsyncOS versions prior to the fix for CVE-2025-20393 Cisco Secure Email Gateway SEG versions prior to the fix for CVE-2025-20393 Cisco Secure Email and Web Manager SEWM versions prior to the fix for CVE-2025-20393 Description Cisco Async...

The vulnerability of the ELMED MIS platform, due to deficiencies in access control mechanisms, allows unauthorized access by attackers, thereby compromising the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the ELMED MIS platform is related to deficiencies in access control mechanisms. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information and compromise its confidentiality, integrity, and accessibility...

ROS-20250804-04

Vulnerability of the vsockremovesock function of the net/vmwvsock/afvsock.c module of the Linux kernel network functions implementation of Linux operating system is related to reuse of previously freed memory. Exploitation exploitation of the vulnerability could allow an intruder to affect the...

ROS-20250721-02

A vulnerability in the assert function of the GNU C Library system library is related to incorrect calculations of the the size of the allocated buffer. Exploitation of the vulnerability could allow an attacker acting remotely, affect the availability of protected information...

The vulnerability of the HPIMSGX__init() function in the sound/pci/asihpi/hpimsgx.c module of the asihpi component of the /sound/pci/asihpi/hpimsgx.c kernel of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the HPIMSGXinit function in the sound/pci/asihpi/hpimsgx.c module of the asihpi component of the /sound/pci/asihpi/hpimsgx.c kernel of the Linux operating system is related to unvalidated array indexing. Exploiting this vulnerability could allow an attacker to compromise the...

CVE-2022-49921

In the Linux kernel, the following vulnerability has been resolved: net: sched: Fix use after free in redenqueue We can't use "skb" again after passing it to qdiscenqueue. This is basically identical to commit 2f09707d0c97 "schsfb: Also store skb len before calling child enqueue"...

CVE-2025-22235

A flaw was found in the Spring Boot configuration. This vulnerability allows unauthorised access to the /null/ path via misconfigured security matchers when referencing disabled or non-exposed Spring Boot actuator endpoints. Mitigation Mitigation for this issue is either not available or the...

CVE-2025-32445

A flaw was found in the argo-events package. A user with the permission to create/modify EventSource and Sensor custom resources can gain privileged access to the host system and cluster, even without having direct administrative privileges...

The vulnerability of the Swagger UI interactive console of the SAP Commerce platform allows attackers to influence the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Swagger UI interactive console of the SAP Commerce platform is related to the lack of protective measures for the website structure. Exploiting this vulnerability allows a malicious actor to influence the confidentiality, integrity, and accessibility of the protected...

CVE-2025-21906

In the Linux kernel, the following vulnerability has been resolved: wifi: iwlwifi: mvm: clean up ROC on failure If the firmware fails to start the session protection, then we do call iwlmvmrocfinished here, but that won't do anything at all because IWLMVMSTATUSROCP2PRUNNING was never set. Set...

The vulnerability of the idx_to_offset() function in the tools/power/x86/turbostat/turbostat.c module of the Linux operating system allows a hacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the idxtooffset function in the tools/power/x86/turbostat/turbostat.c module of the Linux operating system is related to integer overflow or cyclic shift vulnerabilities. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and...

The vulnerability of the Block permissions module in the Drupal CMS system allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the Block permissions module in the Drupal CMS system is related to deficiencies in the authentication mechanism. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...

The vulnerability of the trie_get_next_key() function in the kernel/bpf/lpm_trie.c module of the Linux operating system allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the triegetnextkey function in the kernel/bpf/lpmtrie.c module of the Linux operating system is related to memory allocation beyond the allocated buffer. Exploiting this vulnerability could allow an attacker to compromise the confidentiality, integrity, and accessibility of t...

PT-2024-41136 · Ооо "Вебсофт Девелопмент" · Websoft Hcm

Уязвимость программного обеспечения автоматизации HR-процессов Websoft HCM связана с недостаточной проверкой вводимых данных. Эксплуатация уязвимости может позволить нарушителю, действующему удалённо, нарушить целостность и доступность защищаемой информации...

The vulnerability of the tcp_metrics_nl_policy structure in the Linux operating system’s kernel-based IPv4 protocol allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the tcpmetricsnlpolicy structure in the net/ipv4/tcpmetrics.c file of the Linux operating system’s IPv4 protocol implementation is related to the lack of checks on the length of input data. Exploiting this vulnerability could allow an attacker to compromise the confidentialit...