PT-2025-51698

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel’s io uring/net functionality. Specifically, the import process for vectored registered buffers incorrectly uses 'req' instead of the correct io kiocb,...

Linux Distros Unpatched Vulnerability : CVE-2025-68317

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - iouring/zctx: check chained notif contexts Send zc only links ubufinfo for requests coming from the same context. There are some ambiguous syz reports, so let's...

Weblate has Systematic User and Project Enumeration via Broken Authorization in REST API (IDOR)

Impact It was possible to retrieve user notification settings or list all users via API. Patches https://github.com/WeblateOrg/weblate/pull/17256 References Thanks to Hector Ruiz Ruiz & NaxusAI for responsibly disclosing this vulnerability to Weblate...

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the REST API. An attacker can access user notification settings or enumerate all users by sending crafted API requests. Remediation Upgrade Weblate to version 5.15 or higher. References - GitHub Commit - GitHu...

CVE-2025-13950

The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings handling functionality in all versions up to, and including, 3.6.1. This is due to the plugin processing POST requests without verifying...

CVE-2025-13950

The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings handling functionality in all versions up to, and including, 3.6.1. This is due to the plugin processing POST requests without verifying...

CVE-2025-13950 OneSignal – Web Push Notifications <= 3.6.1 - Missing Authorization to Unauthenticated Plugin Settings Update

The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings handling functionality in all versions up to, and including, 3.6.1. This is due to the plugin processing POST requests without verifying...

CVE-2025-13950 OneSignal – Web Push Notifications <= 3.6.1 - Missing Authorization to Unauthenticated Plugin Settings Update

The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings handling functionality in all versions up to, and including, 3.6.1. This is due to the plugin processing POST requests without verifying...

CVE-2025-14020

LINE client for Android versions prior to 14.20 contains a UI spoofing vulnerability in the in-app browser where the full-screen security Toast notification is not properly re-displayed when users return from another application, potentially allowing attackers to conduct phishing attacks by...

SGWBox N3 授权问题漏洞

SGWBox N3 is a network storage device from China's Pickup Dock SGWBox. An authorization issue vulnerability exists in SGWBox N3 version 2.0.25, which stems from incorrect manipulation of the parameter token in the file/fsnotify, which could lead to improper authentication...

PT-2025-51227

The OneSignal – Web Push Notifications plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the settings handling functionality in all versions up to, and including, 3.6.1. This is due to the plugin processing POST requests without verifying...

kernel security update

An update is available for kernel. This update affects Rocky Linux 10. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list The kernel packages contain the Linux kernel, the core of any Linux operating...

RLSA-2025:22865 Moderate: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: can: j1939: implement NETDEVUNREGISTER notification handler CVE-2025-39925 kernel: net/mlx5: fs, fix UAF in flow counter release CVE-2025-39979 For more details about the security issues,...

Improper Input Validation

mantisbt/mantisbt is vulnerable to improper input validation. The vulnerability is due to lack of email ownership verification during profile updates, which allows an attacker to register an unauthorized email address and potentially cause information disclosure by redirecting notifications...

Cross-site Scripting (XSS)

Magento-lts is vulnerable to Cross-Site Scripting XSS. The vulnerability is due to unescaped translation strings and URLs rendered in the admin notification grid, which allows an attacker with database or feed access to inject malicious scripts into vulnerable fields...

CVE-2025-13052

CVE-2025-13052 describes improper TLS/SSL certificate validation in ADM notifications when sending emails via msmtp, enabling potential MITM disclosure of SMTP data. Affected: ADM 4.1.0–4.3.3.RKD2 and 5.0.0–5.1.0.RN42. Root cause: TLS/SSL validation weakness between SMTP client and server. Impact...

CVE-2025-13052 An improper certificates validation vulnerability was found in the Notification settings of ADM

When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can intercept network traffic between the SMTP client and server to execute a man-in-the-middle MITM attack, which may obtain the sensitive...

CVE-2025-13052 An improper certificates validation vulnerability was found in the Notification settings of ADM

When the user set the Notification's sender to send emails to the SMTP server via msmtp, an improper validated TLS/SSL certificates allows an attacker who can intercept network traffic between the SMTP client and server to execute a man-in-the-middle MITM attack, which may obtain the sensitive...

PT-2025-50802

Name of the Vulnerable Software and Affected Versions ADM versions 4.1.0 through 4.3.3.RKD2 ADM versions 5.0.0 through 5.1.0.RN42 Description An improperly validated TLS/SSL certificate when sending emails to an SMTP server via msmtp allows an attacker intercepting network traffic to execute a...

CVE-2025-62993

Missing Authorization vulnerability in rainafarai Notification for Telegram notification-for-telegram allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Notification for Telegram: from n/a through = 3.5.1...