DEBIAN-CVE-2025-38350

In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thus make an in-flight...

UBUNTU-CVE-2025-38350

In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thus make an in-flight...

CVE-2025-38350 net/sched: Always pass notifications when child class becomes empty

In the Linux kernel, the following vulnerability has been resolved: net/sched: Always pass notifications when child class becomes empty Certain classful qdiscs may invoke their classes' dequeue handler on an enqueue operation. This may unexpectedly empty the child qdisc and thus make an in-flight...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from improper notification delivery when a subclass becomes null, which could lead to reuse after release...

PYSEC-2025-181

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation mutations of OpenCTI allows an authenticated...

PYSEC-2025-181

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation mutations of OpenCTI allows an authenticated...

CVE-2025-46732

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation mutations of OpenCTI allows an authenticated...

CVE-2025-46732 OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation mutations of OpenCTI allows an authenticated...

CVE-2025-46732

OpenCTI prior to 6.6.6 is affected by an IDOR in GraphQL mutations NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation. An authenticated user can read, modify, or delete another user’s notifications if they know the notification UUID; changing read status m...

CVE-2025-46732 OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation mutations of OpenCTI allows an authenticated...

CVE-2025-46732 OpenCTI's GraphQL IDOR enables authenticated users to modify or delete notifications of other users

OpenCTI is an open source platform for managing cyber threat intelligence knowledge and observables. Prior to version 6.6.6, an IDOR vulnerability in the GrapQL NotificationLineNotificationMarkReadMutation and NotificationLineNotificationDeleteMutation mutations of OpenCTI allows an authenticated...

PT-2025-30046 · Opencti · Opencti

Name of the Vulnerable Software and Affected Versions: OpenCTI versions prior to 6.6.6 Description: OpenCTI is a platform for managing cyber threat intelligence knowledge and observables. An IDOR vulnerability exists in the GraphQL NotificationLineNotificationMarkReadMutation and...

CVE-2025-53909 mailcow: dockerized vulnerable to SSTI in Quota and Quarantine Notification Template

mailcow: dockerized is an open source groupware/email suite based on docker. A Server-Side Template Injection SSTI vulnerability exists in versions prior to 2025-07 in the notification template system used by mailcow for sending quota and quarantine alerts. The template rendering engine allows...

CVE-2025-53909

CVE-2025-53909 affects mailcow: dockerized. A Server-Side Template Injection (SSTI) exists in the quota/quarantine notification template rendering system, allowing template expressions to be abused to execute code in certain contexts. The issue requires admin-level access to configure templates, ...

PT-2025-29910 · Mailcow · Mailcow

Name of the Vulnerable Software and Affected Versions: mailcow: dockerized versions prior to 2025-07 Description: A Server-Side Template Injection SSTI vulnerability exists in the notification template system used for sending quota and quarantine alerts. The template rendering engine allows...

CVE-2025-7574

A vulnerability, which was classified as critical, was found in LB-LINK BL-AC1900, BL-AC2100AZ3, BL-AC3600, BL-AX1800, BL-AX5400P and BL-WR9000 up to 20250702. Affected is the function reboot/restore of the file /cgi-bin/lighttpd.cgi of the component Web Interface. The manipulation leads to...

GHSA-3X8X-79M2-3W2W

creationtimestamp| type| source ---|---|--- 2025-07-16 04:34:54+00:00| seen| https://gist.github.com/safer-bot/65364abe7e289d78f57fa1a0a681a35a 2025-07-16 07:18:43+00:00| seen| https://gist.github.com/safer-bot/5e13e76a11d80f2378b1b43029c98dfc 2025-07-16 08:32:34+00:00| seen|...

The vulnerability of the Windows Notification Service (WNS), a notification service for Windows operating systems, allows a perpetrator to escalate their privileges.

The vulnerability of the Windows Notification Service WNS on Windows operating systems relates to the possibility of memory exploitation after deallocation. Exploiting this vulnerability can allow an attacker to increase their privileges...

MINI-M7M2-W8H9-X632

Bulletin has no description...

Malicious code in ringcentral-google-drive-notification-add-in (npm)

--- -= Per source details. Do not edit below this line.=- Source: ossf-package-analysis afbe2fb4071ec030a6a51319f5f0b9d45664bf8caba681cfac58bb60bd001cf0 The OpenSSF Package Analysis project identified 'ringcentral-google-drive-notification-add-in' @ 2.2.2 npm as malicious. It is considered...