USN-7879-2 linux-realtime-6.14 vulnerabilities

It was discovered that improper initialization of CPU cache memory could allow a local attacker with hypervisor access to overwrite SEV-SNP guest memory resulting in loss of data integrity. CVE-2024-36331 Several security issues were discovered in the Linux kernel. An attacker could possibly use...

CVE-2025-13432

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...

CVE-2025-13432 Terraform Enterprise state versions can be created by users with specific permissions without sufficient write access

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...

CVE-2025-13432 Terraform Enterprise state versions can be created by users with specific permissions without sufficient write access

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...

CVE-2025-13432

CVE-2025-13432 affects Terraform Enterprise: state versions can be created by a user with insufficient permissions in a workspace, potentially allowing infrastructure alterations after a plan is approved or auto-applied. Affected versions (per connected sources) include Terraform Enterprise 1.1.0...

HashiCorp Terraform Enterprise 安全漏洞

HashiCorp Terraform Enterprise is a development tool from HashiCorp USA. A security vulnerability exists in HashiCorp Terraform Enterprise that stems from insufficient privileges and could result in infrastructure changes...

PT-2025-47784

Terraform state versions can be created by a user with specific but insufficient permissions in a Terraform Enterprise workspace. This may allow for the alteration of infrastructure if a subsequent plan operation is approved by a user with approval permission or auto-applied. This vulnerability,...

CISA: Suspicious Unmanned Aircraft System Activity Guidance

Suspicious Unmanned Aircraft System Activity Guidance for Critical Infrastructure Owners and Operators is intended for critical infrastructure stakeholders who are concerned with unmanned aircraft system UAS activity near or around their facilities...

The State of Security Today: Setting the Stage for 2026

As we close out 2025, one thing is clear: the security landscape is evolving faster than most organizations can keep up. From surging ransomware campaigns and AI-enhanced phishing to data extortion, geopolitical fallout, and gaps in cyber readiness, the challenges facing security teams today are ...

Desktop Alert PingAlert Server-Side Request Forgery Vulnerability

Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a server-side request forgery vulnerability, which stems from the server not...

ROS-20251117-05

A vulnerability in the LXD container and lightweight virtual machine management system is related to redundant API data output. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to potentially sensitive information The vulnerability in the LXD container and...

ROS-20251117-04

A vulnerability in the LXD container and lightweight virtual machine management system is related to redundant API data output. Exploitation of the vulnerability could allow an attacker acting remotely to gain access to potentially sensitive information The vulnerability in the LXD container and...

[SECURITY] Fedora 41 Update: opentofu-1.10.7-1.fc41

OpenTofu lets you declaratively manage your cloud infrastructure...

[SECURITY] Fedora 42 Update: opentofu-1.10.7-1.fc42

OpenTofu lets you declaratively manage your cloud infrastructure...

[SECURITY] Fedora 43 Update: opentofu-1.10.7-1.fc43

OpenTofu lets you declaratively manage your cloud infrastructure...

CVE-2025-54560

A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure...

CVE-2025-54560

A Server-side Request Forgery vulnerability was found in the Application Server of Desktop Alert PingAlert version 6.1.0.11 to 6.1.1.2 which allows Probing of internal infrastructure...

Desktop Alert PingAlert 安全漏洞

Desktop Alert PingAlert is a network status monitoring tool developed by Desktop Alert, Inc. and is mainly used to monitor the status of network devices in real time and send alerts. Desktop Alert PingAlert suffers from a server-side request forgery vulnerability, which stems from the server not...

CVE-2025-64709

Typebot is an open-source chatbot builder. In versions prior to 3.13.1, a Server-Side Request Forgery SSRF vulnerability in the Typebot webhook block HTTP Request component functionality allows authenticated users to make arbitrary HTTP requests from the server, including access to AWS Instance...

CVE-2025-64740

CVE-2025-64740 affects Zoom Workplace VDI Client for Windows prior to 6.3.14, 6.4.12, or 6.5.10. Root cause: improper verification of the installer’s cryptographic signature, enabling an authenticated local user to escalate privileges. Remediation: upgrade to the fixed versions (6.3.14+, 6.4.12+,...