PT-2025-40279

Name of the Vulnerable Software and Affected Versions Deciso OPNsense versions prior to 25.7.4 Description OPNsense versions prior to 25.7.4 are susceptible to a stored cross-site scripting issue. This occurs when creating a "Interfaces: Devices: Point-to-Point" entry, where the ptpid parameter i...

CVE-2025-34222 Vasion Print (formerly PrinterLogic) Unauthenticated Admin APIs Used to Modify SSL Certificates

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 22.0.1049 and Application prior to version 20.0.2786 VA/SaaS deployments expose four admin routes – /admin/hp/certupload, /admin/hp/certdelete, /admin/certs/ca, and /admin/certs/serviceclients/scid – without any...

Configure the iptables Policies for Loopback Properly

The loopback address 127.0.0.0/8 is a special address on a server. It is irrelevant to NICs and is mainly used for the inter-process communication of a local device. Packets with the source address 127.0.0.0/8 from NICs should be discarded. If policies related to the loopback address are improper...

CVE-2025-43806

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via improper permission checks in the import and export tasks. An attacker can gain unauthorized access to exported data by sending crafted requests to the REST APIs. Remediation Upgrade...

Liferay Portal and DXP does not properly check permission with import and export tasks

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via...

CVE-2025-43806

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via...

CVE-2025-43806

CVE-2025-43806 affects Liferay Portal 7.4.0–7.4.3.112 and Liferay DXP 2023.Q3.1–2023.Q3.10, 2023.Q4.0–2023.Q4.7, and 7.4 GA through update 92.** The Batch Engine’s import/export tasks do not properly enforce permissions, enabling remote authenticated users to access exported data via the REST API...

CVE-2025-43806

Batch Engine in Liferay Portal 7.4.0 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.7, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 does not properly check permission with import and export tasks, which allows remote authenticated users to access the exported data via...

KuppingerCole 2025: Why Thales is a Market Leader in API Security

APIs are the backbone of modern applications connecting critical microservices and enabling enterprises to turn data into context-aware business logic via AI across their digital services. As applications become more contextual, APIs expose the data, workflows, and model interactions attackers...

PT-2025-38732

Name of the Vulnerable Software and Affected Versions AiKaan IoT Platform affected versions not specified Description A missing server-side authorization check in the department admin assignment APIs within the AiKaan IoT Platform permits authenticated users to gain elevated privileges...

CVE-2024-25011

Ericsson Catalog Manager and Ericsson Order Care APIs do not have authentication enabled by default. Authentication checks can be configured to remediate the information disclosure issue...

CVE-2025-43359

A logic issue was addressed with improved state management. This issue is fixed in iOS 18.7 and iPadOS 18.7, iOS 26 and iPadOS 26, macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26, tvOS 26, visionOS 26, watchOS 26. A UDP server socket bound to a local interface may become bound to all...

Information Exposure

Overview Affected versions of this package are vulnerable to Information Exposure via the gRPC API and HTTP APIs, which allow peers to send requests that cause the recipient to create files in arbitrary file system locations and read arbitrary files. An attacker can access sensitive data or execu...

CVE-2023-53347 net/mlx5: Handle pairing of E-switch via uplink un/load APIs

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Handle pairing of E-switch via uplink un/load APIs In case user switch a device from switchdev mode to legacy mode, mlx5 first unpair the E-switch and afterwards unload the uplink vport. From the other hand, in case use...

CVE-2025-8077

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default...

CVE-2025-8077

A vulnerability exists in NeuVector versions up to and including 5.4.5, where a fixed string is used as the default password for the built-in admin account. If this password is not changed immediately after deployment, any workload with network access within the cluster could use the default...

BIT-GITLAB-2025-6769 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces...

[SECURITY] Fedora 43 Update: cups-2.4.14-1.fc43

CUPS printing system provides a portable printing layer for UNIX=C2=AE operating systems. It has been developed by Apple Inc. to promote a standard printing solution for all UNIX vendors and users. CUPS provides the System V and Berkeley command-line interfaces...

PT-2025-37915

Name of the Vulnerable Software and Affected Versions: ZTE T5400 affected versions not specified Description: An information disclosure issue exists due to an improper configuration of the access control mechanism. This allows attackers to obtain information through interfaces without...