CVE-2025-59923

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the...

CVE-2025-59923

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the...

EUVD-2025-202277

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.4, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the...

CVE-2025-59923

Fortinet FortiAuthenticator is affected by an improper access control vulnerability (CVE-2025-59923). Affected versions include FortiAuthenticator 6.6.0–6.6.6, and 6.5, 6.4, 6.3 all versions. The issue allows an authenticated attacker with at least read-only admin privileges to obtain the credent...

CVE-2025-59923

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the...

CVE-2023-53825

CVE-2023-53825 affects the Linux kernel’s kcm_sendmsg() for SOCK_DGRAM. A memory-leak in the error path could corrupt the MSG_MORE queue when a partial copy occurs; the fix updates kcm_tx_msg(head)->last_skb and adds purge behavior on failure (like UDP via udp_flush_pending_frames) to avoid qu...

PT-2025-50122

An improper access control vulnerability in Fortinet FortiAuthenticator 6.6.0 through 6.6.6, FortiAuthenticator 6.5 all versions, FortiAuthenticator 6.4 all versions, FortiAuthenticator 6.3 all versions may allow an authenticated attacker with at least read-only admin permission to obtain the...

‘Signalgate’ Inspector General Report Wants Just One Change to Avoid a Repeat Debacle

The United States Inspector General report reviewing Secretary of Defense Pete Hegseth’s text messaging mess recommends a single change to keep classified material secure...

India Orders Messaging Apps to Work Only With Active SIM Cards to Prevent Fraud and Misuse

India's Department of Telecommunications DoT has issued directions to app-based communication service providers to ensure that the platforms cannot be used without an active SIM card linked to the user's mobile number. To that end, messaging apps like WhatsApp, Telegram, Snapchat, Arattai,...

​​Spyware Allows Cyber Threat Actors to Target Users of Messaging Applications​

CISA is aware of multiple cyber threat actors actively leveraging commercial spyware to target users of mobile messaging applications apps.1 These cyber actors use sophisticated targeting and social engineering techniques to deliver spyware and gain unauthorized access to a victim’s messaging app...

EUVD-2025-198547

Malicious code in airbnb-luxury-messaging npm...

Malicious code in airbnb-luxury-messaging (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3721ccc0b94a8795edd99efa6ea640102c705346c6270a7ac203911797eaa7e The package airbnb-luxury-messaging was found to contain malicious code. Source: ossf-package-analysis...

MAL-2025-190602 Malicious code in airbnb-luxury-messaging (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector c3721ccc0b94a8795edd99efa6ea640102c705346c6270a7ac203911797eaa7e The package airbnb-luxury-messaging was found to contain malicious code. Source: ossf-package-analysis...

Python-Based WhatsApp Worm Spreads Eternidade Stealer Across Brazilian Devices

Cybersecurity researchers have disclosed details of a new campaign that leverages a combination of social engineering and WhatsApp hijacking to distribute a Delphi-based banking trojan named Eternidade Stealer as part of attacks targeting users in Brazil. "It uses Internet Message Access Protocol...

CVE-2025-64749 Directus Vulnerable to Information Leakage in Existing Collections

Directus is a real-time API and App dashboard for managing SQL database content. An observable difference in error messaging was found in the Directus REST API in versions of Directus prior to version 11.13.0. The /items/collection API returns different error messages for two cases: when a user...

Cross-site Scripting (XSS)

Overview ph7software/ph7builder is a pH7Builder. Social Dating Web App Site Builder Affected versions of this package are vulnerable to Cross-site Scripting XSS via the message content field in the application's messaging system. An attacker can execute arbitrary scripts in the context of another...

CVE-2025-40168

CVE-2025-40168 : In the Linux kernel, smc_clc_prfx_match() was using sk_dst_get(sk)->dev, which could trigger a use-after-free since smc_listen_work() is not under RCU/RTNL. The fix switches to __sk_dst_get() and dst_dev_rcu() to safely obtain the device. Note: the function’s return value is n...

thunderbird: firefox: Cross-process information leaked due to malicious IPC messages

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: A compromised web process using malicious IPC messages could have caused the privileged browser process to reveal blocks of its memory to the compromised process...

pH7 Social Dating Builder 安全漏洞

pH7 Social Dating Builder is an open source social dating system from pH7 Social Dating CMS pH7CMS. A security vulnerability exists in pH7 Social Dating Builder version 17.9.1, which stems from the messaging system not cleaning up user submissions and could lead to a stored cross-site scripting...

Security Bulletin: WebSphere Application Server Liberty is affected by a security bypass in JMS messaging ( CVE-2025-36124)

Summary WebSphere Application Server Liberty is affected by a security bypass in JMS messaging CVE-2025-36124 Vulnerability Details CVEID:CVE-2025-36124 DESCRIPTION: IBM WebSphere Application Server Liberty 17.0.0.3 through 25.0.0.8 could allow a remote attacker to bypass security restrictions...