CVE-2025-27822

An issue was discovered in the Masquerade module before 1.x-1.0.1 for Backdrop CMS. It allows people to temporarily switch to another user account. The module provides a "Masquerade as admin" permission to restrict people who can masquerade from switching to an account with administrative...

CVE-2024-58050

Vulnerability of improper access permission in the HDC module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

CVE-2024-58050

CVE-2024-58050 describes an improper access permission in Huawei HarmonyOS HDC module that can compromise service confidentiality. According to NVD and related records, the vulnerability has a LOCAL attack vector with LOW privileges required and no user interaction, potentially affecting confiden...

SUSE CVE-2022-49444

In the Linux kernel, the following vulnerability has been resolved: module: fix eshstrndx.shsize=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if info-secstringsstrhdr-shsize - 1 != '\0' BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 10000006...

CVE-2022-49444 module: fix [e_shstrndx].sh_size=0 OOB access

In the Linux kernel, the following vulnerability has been resolved: module: fix eshstrndx.shsize=0 OOB access It is trivial to craft a module to trigger OOB access in this line: if info-secstringsstrhdr-shsize - 1 != '\0' BUG: unable to handle page fault for address: ffffc90000aa0fff PGD 10000006...

CVE-2025-1390

The PAM module pamcap.so of libcap configuration supports group names starting with “@”, during actual parsing, configurations not starting with “@” are incorrectly recognized as group names. This may result in nonintended users being granted an inherited capability set, potentially leading to...

PAM-PKCS#11 代码问题漏洞

PAM-PKCS11 is an OpenSC open source login module. A code issue vulnerability exists in PAM-PKCS11 0.6.12 and earlier versions, which stems from an incorrect handling of a user's canceled PIN entry operation, resulting in a segmentation error that could cause a daemon using PAM to crash...

Azure Linux 3.0 Security Update: ntopng / reaper (CVE-2017-18214)

The version of ntopng / reaper installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2017-18214 advisory. - The moment module before 2.19.3 for Node.js is prone to a regular expression denial of service via ...

CVE-2024-57959

Use-After-Free UAF vulnerability in the display module Impact: Successful exploitation of this vulnerability may cause features to perform abnormally...

The vulnerability of the Drupal Security Kit module in the Drupal CMS system allows attackers to trigger a service failure.

The vulnerability of the Drupal Security Kit CMS system’s module is related to access to resources through incompatible types. Exploiting this vulnerability can allow a malicious actor, operating remotely, to cause service failures...

CVE-2020-7875

DEXT5 Upload 5.0.0.117 and earlier versions contain a vulnerability, which could allow remote attacker to download and execute remote file by setting the argument, variable in the activeX module. This can be leveraged for code execution...

CVE-2024-51523

Information management vulnerability in the Gallery module Impact: Successful exploitation of this vulnerability may affect service confidentiality...

The vulnerability of the rt6_probe() function in the net/ipv6/route.c module of the Linux operating system allows a hacker to cause a service failure.

The vulnerability of the rt6probe function in the net/ipv6/route.c module of the Linux operating system is related to pointer manipulation. Exploiting this vulnerability could allow an attacker to cause a service failure...

Drupal Matomo Analytics module < 1.24.0 - Unauthenticated Cross Site Request Forgery (CSRF) vulnerability

Unauthenticated Cross Site Request Forgery CSRF vulnerability discovered by Ivo Van Geertruyen in WordPress Module Matomo Analytics versions 1.24.0...

Amazon Linux 2 : perl-Module-ScanDeps (ALAS-2025-2738)

The version of perl-Module-ScanDeps installed on the remote host is prior to 1.10-3. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2738 advisory. Qualys discovered that if unsanitized input was used with the library Modules::ScanDeps, before version 1.36 a local...

The software for creating automation projects of Schneider Electric’s Web Designer network modules BMXNOE0110H, BMENOC0311C, BMENOC0321C, and BMXNOR0200H is vulnerable due to incorrect restrictions on XML references to external objects. This vulnerability allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the software used for creating automation projects in Schneider Electric’s Web Designer for network modules BMXNOE0110H, BMENOC0311C, BMENOC0321C, and BMXNOR0200H is related to incorrect restrictions on XML references to external objects. Exploiting this vulnerability allows ...

The vulnerability of the Opigno CMS system’s module, related to errors in processing input data during syntax analysis of code, allows attackers to execute arbitrary code.

The vulnerability of the Opigno CMS system’s module is related to errors in data processing during syntax analysis of the code. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

Huawei EulerOS: Security Advisory for python3 (EulerOS-SA-2025-1027)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Important: Red Hat Security Advisory: firefox security update

An update for firefox is now available for Red Hat Enterprise Linux 8.2 Advanced Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for...

CVE-2024-13173

The CVE-2024-13173 entry describes a vulnerability in the health module where loading URLs lacks sufficient restrictions, potentially causing information leakage. Connected sources specify affected software as Vivo Health prior to version 4.1.6.33, indicating a partial information disclosure risk...