CVE-2025-43810

Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...

CVE-2025-43810

Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...

CVE-2025-43810

Insecure Direct Object Reference IDOR vulnerability with commerce order notes in Liferay Portal 7.3.5 through 7.4.3.112, and Liferay DXP 2023.Q4.0 through 2023.Q4.8, 2023.Q3.1 through 2023.Q3.10, and 7.4 GA through update 92 allows remote authenticated users to from one virtual instance to add a...

CVE-2025-43810

CVE-2025-43810 affects Liferay Portal and Liferay DXP, where an insecure direct object reference via the parameter _com_liferay_commerce_order_web_internal_portlet_CommerceOrderPortlet_commerceOrderId allows a remote authenticated user to add a note to an order in a different virtual instance. Af...

Liferay Portal和Liferay DXP 安全漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE based portal solution. The solution uses technologies such as EJB as well as JMS and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DXP...

PT-2025-39087

Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.3.5 through 7.4.3.112 Liferay DXP versions 2023.Q4.0 through 2023.Q4.8 Liferay DXP versions 2023.Q3.1 through 2023.Q3.10 Liferay versions 7.4 GA through update 92 Description An Insecure Direct Object Reference IDOR...

Vulnlab

It is an offensive tool for learning and documentation. This rep...

Fedora 42 : forgejo (2025-bac4da5419)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-bac4da5419 advisory. This is an upstream security and bugfix release. Please refer to the upstream release notes for versions 12.0.2 and 12.0.3 for details about changes...

Fedora 43 : forgejo (2025-5fc3f360cf)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-5fc3f360cf advisory. This is an upstream security and bugfix release. Please refer to the upstream release notes for versions 12.0.2 and 12.0.3 for details about changes. Tenable...

Fedora: Security Advisory (FEDORA-2025-bac4da5419)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: ipatches/packages/mozilla-firefox-140.3.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...

BIT-GITLAB-2025-6769 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.1 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed authenticated users to view administrator-only maintenance notes by accessing runner details through specific interfaces...

BIT-GITLAB-2025-1250 Allocation of Resources Without Limits or Throttling in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.1.6, 18.2 before 18.2.6, and 18.3 before 18.3.2 that could have allowed an authenticated user to stall background job processing by sending specially crafted commit messages, merge request descriptions, or not...

Moderate: Red Hat Bug Fix Advisory: OpenShift Container Platform 4.19.12 bug fix update

Red Hat OpenShift Container Platform release 4.19.12 is now available with updates to packages and images that fix several bugs. Red Hat OpenShift Container Platform is Red Hat's cloud computing Kubernetes application platform solution designed for on-premise or private cloud deployments. This...

Moderate: Red Hat Security Advisory: RHACS 4.8.4 security and bug fix update

Updated images are now available for Red Hat Advanced Cluster Security RHACS, which typically include new features, bug fixes, and/or security patches. See the release notes link in the references section for a description of the fixes and enhancements in this particular release...

Important: kernel-livepatch-6.12.35-55.103

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing CVE-2025-38386 Affected Packages: kernel-livepatch-6.12.35-55.103 Issue Correction: Please ensure you have live patching enabled. Run dnf update...

Apple iOS和Apple iPadOS 安全漏洞

Apple iOS and Apple iPadOS are both products of Apple Inc. Apple iOS is an operating system developed for mobile devices, and Apple iPadOS is an operating system for iPad tablets. A security vulnerability exists in Apple iOS and Apple iPadOS that stems from improper handling of cache and could...

Fedora 43 : forgejo (2025-210aed9692)

The remote Fedora 43 host has a package installed that is affected by a vulnerability as referenced in the FEDORA-2025-210aed9692 advisory. This is an upstream bugfix release. Please refer to the upstream release notes for details about changes in this version. Tenable has extracted the preceding...

Fedora 41 : niri / xwayland-satellite (2025-2bcbe8b09c)

The remote Fedora 41 host has packages installed that are affected by a vulnerability as referenced in the FEDORA-2025-2bcbe8b09c advisory. Update niri to version 25.08 and xwayland-satellite to version 0.7. Notably, niri now supports xwayland out-of-the-box without manual configuration, and...

Vulnerabilities fixed in GitLab CE/EE

GitLab has fixed vulnerabilities in GitLab CE/EE Versions for 18.1.6, 18.2.6, and 18.3.2. The vulnerabilities in the affected versions allow authenticated users to manipulate token management, disrupt background tasks, send multiple large SAML responses, manipulate proxy environments, access...