development.zfood.co.uk Cross Site Scripting vulnerability OBB-4037004

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

payacuisine.zfood.co.uk Cross Site Scripting vulnerability OBB-4036982

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

steelrevolution.com.au Cross Site Scripting vulnerability OBB-4036540

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-27601

Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...

SUSE CVE-2025-20051

Mattermost versions 10.4.x = 10.4.1, 9.11.x = 9.11.7, 10.3.x = 10.3.2, 10.2.x = 10.2.2 fail to properly validate input when patching and duplicating a board, which allows a user to read any arbitrary file on the system via duplicating a specially crafted block in Boards...

SUSE CVE-2025-21866

In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VMALLOC Erhard reported the following KASAN hit while booting his PowerMac G4 with a KASAN-enabled kernel 6.13-rc6: BUG: KASAN: vmalloc-out-of-bounds in...

CISA and Partners Release Cybersecurity Advisory on Medusa Ransomware

Today, CISA—in partnership with the Federal Bureau of Investigation FBI and Multi-State Information Sharing and Analysis Center MS-ISAC—released joint Cybersecurity Advisory, StopRansomware: Medusa Ransomware. This advisory provides tactics, techniques, and procedures TTPs, indicators of compromi...

DEBIAN-CVE-2025-21866

In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VMALLOC Erhard reported the following KASAN hit while booting his PowerMac G4 with a KASAN-enabled kernel 6.13-rc6: BUG: KASAN: vmalloc-out-of-bounds in...

UBUNTU-CVE-2025-21866

In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VMALLOC Erhard reported the following KASAN hit while booting his PowerMac G4 with a KASAN-enabled kernel 6.13-rc6: BUG: KASAN: vmalloc-out-of-bounds in...

CVE-2025-21866 powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VM_ALLOC

In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VMALLOC Erhard reported the following KASAN hit while booting his PowerMac G4 with a KASAN-enabled kernel 6.13-rc6: BUG: KASAN: vmalloc-out-of-bounds in...

CVE-2025-21866

CVE-2025-21866 : In the Linux kernel, PowerPC text patching infrastructure allocated a virtual area and marked it VM_ALLOC, which is inappropriate since that memory is not vmalloc’d and isn’t initialized until __vmalloc_node_range() is called. This caused KASAN: vmalloc-out-of-bounds when booting...

CVE-2025-21866

In the Linux kernel, the following vulnerability has been resolved: powerpc/code-patching: Fix KASAN hit by not flagging text patching area as VMALLOC Erhard reported the following KASAN hit while booting his PowerMac G4 with a KASAN-enabled kernel 6.13-rc6: BUG: KASAN: vmalloc-out-of-bounds in...

iona.uk.com Cross Site Scripting vulnerability OBB-4035740

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CVE-2025-27602 Umbraco Allows a Restricted Editor User to Delete Media Item or Access Unauthorized Content

Umbraco is a free and open source .NET content management system. In versions of Umbraco's web backoffice program prior to versions 10.8.9 and 13.7.1, via manipulation of backoffice API URLs, it's possible for authenticated backoffice users to retrieve or delete content or media held within folde...

CVE-2025-27601 Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality

Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...

pgagbi.bluegolf.com Cross Site Scripting vulnerability OBB-4035377

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

disco-heart.cz Cross Site Scripting vulnerability OBB-4035366

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...

CBL Mariner 2.0 Security Update: kernel (CVE-2024-56593)

The version of kernel installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-56593 advisory. - In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Fix oops due to NULL...

CVE-2024-13892

Smartwares cameras CIP-37210AT and C724IP, as well as others which share the same firmware in versions up to 3.3.0, are vulnerable to command injection. During the initialization process, a user has to use a mobile app to provide devices with Access Point credentials. This input is not properly...

arena-international.com Cross Site Scripting vulnerability OBB-4033700

Following the coordinated and responsible vulnerability disclosure guidelines of the ISO 29147 standard, Open Bug Bounty has: a. verified the vulnerability and confirmed its existence; b. notified the website operator about its existence. Technical details of the vulnerability are currently hidde...