PT-2025-47311

Name of the Vulnerable Software and Affected Versions Windu CMS version 4.1 Windu CMS affected versions not specified Description Windu CMS has a weak client-side brute-force protection mechanism. The system utilizes the loginError parameter, but does not store attempt counts or timeouts...

CVE-2025-58410

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource...

CVE-2025-58410 GPU DDK - Multiple calls into PhysmemGEMPrimeExport can inherit write access permission for an existing read-only dma_buf import PMR

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource...

EUVD-2025-197806

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permissions to memory buffers exported as read-only. This is caused by improper handling of the memory protections for the buffer resource...

CVE-2025-13283

TenderDocTransfer developed by Chunghwa Telecom has a Arbitrary File Copy and Paste vulnerability. The application sets up a simple local web server and provides APIs for communication with the target website. Due to the lack of CSRF protection in the APIs, unauthenticated remote attackers could...

CVE-2025-13282

TenderDocTransfer (Chunghwa Telecom) exposes a combination of flaws: (1) an Absolute Path Traversal within one API that could allow deletion of arbitrary files on the user’s system, and (2) APIs with no CSRF protection, enabling unauthenticated remote attackers to trigger actions via phishing. Th...

Imagination Graphics DDK 安全漏洞

Imagination Graphics DDK is a suite of GPU driver tools from Imagination UK. A security vulnerability exists in the Imagination Graphics DDK that stems from mishandling of memory protection, which could result in gaining write access to read-only memory buffers...

Digiwin EasyFlow GP 安全漏洞

Digiwin EasyFlow GP is an enterprise process management system from Digiwin Taiwan, China. A security vulnerability exists in Digiwin EasyFlow GP, which stems from insufficient credential protection and could allow a privileged remote attacker to gain access to AD and system mail plaintext...

PT-2025-47124

Name of the Vulnerable Software and Affected Versions EasyFlow GP affected versions not specified Description EasyFlow GP developed by Digiwin has an issue where privileged remote attackers can obtain plaintext database account credentials from the system frontend. The issue involves insufficient...

PT-2025-47160

Name of the Vulnerable Software and Affected Versions GoSign Desktop versions through 2.4.1 Description GoSign Desktop versions through 2.4.1 disable TLS certificate validation when configured to use a proxy server. This occurs if a user selects a proxy server without verifying that outbound HTTP...

PT-2025-47111

Name of the Vulnerable Software and Affected Versions Chunghwa Telecom TenderDocTransfer affected versions not specified Description The application establishes a local web server and offers APIs for communication. A lack of CSRF protection in the APIs allows unauthenticated remote attackers to...

Digiwin EasyFlow GP 安全漏洞

Digiwin EasyFlow GP is an enterprise process management system from Digiwin Taiwan, China. A security vulnerability exists in Digiwin EasyFlow GP, which stems from insufficient credential protection and could allow a privileged remote attacker to gain access to plaintext database credentials...

It's a Feature, Not a Bug: Secure and Auditable State Rollback for Confidential Cloud Applications

Replay and rollback attacks threaten cloud application integrity by reintroducing authentic yet stale data through an untrusted storage interface to compromise application decision-making. Prior security frameworks mitigate these attacks by enforcing forward-only state transitions state continuit...

Fedora 42 : bind9-next (2025-d9f9394ecd)

The remote Fedora 42 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2025-d9f9394ecd advisory. Update to 9.21.14 rhbz2394406 Security Fixes: - DNSSEC validation fails if matching but invalid DNSKEY is found. CVE-2025-8677 - Address various...

CVE-2025-4617

An insufficient policy enforcement vulnerability in Palo Alto Networks Prisma® Browser on Windows allows a locally authenticated non-admin user to bypass the screenshot control feature of the browser. Browser self-protection should be enabled to mitigate this issue...

CVE-2025-4618

A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue...

CVE-2025-4618

A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue...

CVE-2025-4618

Technical details (affected versions, root cause, and remediation specifics) are not publicly available in the provided connected documents. Monitor for updates from vendors and security advisories.

EUVD-2025-197638

A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue...

CVE-2025-4618 Prisma Browser: Sensitive Information Disclosure Vulnerability in Prisma Browser

A sensitive information disclosure vulnerability in Palo Alto Networks Prisma® Browser allows a locally authenticated non-admin user to retrieve sensitive data from Prisma Browser. Browser self-protection should be enabled to mitigate this issue...