Liferay Portal Vulnerable to Cross-Site Request Forgery

Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows...

Link11 Highlights Growing Cybersecurity Risks and Introduces Integrated WAAP Platform

Frankfurt am Main, Germany, 20th August 2025, CyberNewsWire...

CVE-2025-43748

Insufficient CSRF protection for omni-administrator users in Liferay Portal 7.0.0 through 7.4.3.119, and Liferay DXP 2024.Q1.1 through 2024.Q1.6, 2023.Q4.0 through 2023.Q4.9, 2023.Q3.1 through 2023.Q3.9, 7.4 GA through update 92, 7.3 GA through update 36, and older unsupported versions allows...

Akamai Beats Other WAAP Vendors in Third-Party Evaluation

...

PT-2025-34105 · Undefined · Undefined

MJM Core Player likely now referred to as MJM Player 2011 is vulnerable to a stack-based buffer overflow when parsing specially crafted .s3m music files. The vulnerability arises from improper bounds checking in the file parser, allowing an attacker to overwrite memory on the stack and execute...

Intel Tiber Edge Platform Edge Orchestrator Denial of Service Vulnerability

Intel Tiber Edge Platform Edge Orchestrator is an edge computing platform from Intel designed to simplify the edge application development and deployment process by supporting modular tools to build and run edge applications. A denial of service vulnerability exists in Intel Tiber Edge Platform...

Intel Arc B-Series graphics denial of service vulnerability

Intel Arc B-Series graphics is a line of discrete graphics cards from Intel designed for desktop gaming, content creation and artificial intelligence applications. A denial of service vulnerability exists in Intel Arc B-Series graphics, which stems from a protection mechanism failure that can be...

Liferay Portal和Liferay DXP 跨站请求伪造漏洞

Liferay Portal and Liferay DXP are both products of Liferay, Inc.Liferay Portal is a J2EE-based portal solution. The solution uses technologies such as EJB as well as JMS, and can be used as a Web publishing and sharing workspace, enterprise collaboration platform, social network, etc. Liferay DX...

Bridging the Mobile Trust Gap: a Zero Trust Framework for Consumer-Facing Applications

Zero Trust Architecture ZTA has become a widely adopted model for securing enterprise environments, promoting continuous verification and minimal trust across systems. However, its application in mobile contexts remains limited, despite mobile applications now accounting for most global digital...

PT-2025-46597

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The Linux kernel contains a flaw related to Model Specific Registers MSRs access during performance monitoring. Specifically, an incorrect check in the intel pmu acr late setup helper...

DEBIAN-CVE-2025-38587

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible infinite loop in fib6infousesdev fib6infousesdev seems to rely on RCU without an explicit protection. Like the prior fix in rt6nlmsgsize, we need to make sure fib6delroute or fib6addrt2node have not removed the...

UBUNTU-CVE-2025-38587

In the Linux kernel, the following vulnerability has been resolved: ipv6: fix possible infinite loop in fib6infousesdev fib6infousesdev seems to rely on RCU without an explicit protection. Like the prior fix in rt6nlmsgsize, we need to make sure fib6delroute or fib6addrt2node have not removed the...

CVE-2025-50897

A vulnerability exists in riscv-boom SonicBOOM 1.2 BOOMv1.2 processor implementation, where valid virtual-to-physical address translations configured with write permissions PTEW in SV39 mode may incorrectly trigger a Store/AMO access fault during store instructions sd. This occurs despite the...

CVE-2025-50897

A vulnerability exists in riscv-boom SonicBOOM 1.2 BOOMv1.2 processor implementation, where valid virtual-to-physical address translations configured with write permissions PTEW in SV39 mode may incorrectly trigger a Store/AMO access fault during store instructions sd. This occurs despite the...

CVE-2025-41689

CVE-2025-41689 affects Wiesemann & Theis Motherbox 3, a measurement data centralization device. The vulnerability allows an unauthenticated remote attacker to access stored measurement data with read-only rights due to an access-control weakness. Impact per CVSS v3.1 is High (Network, no privileg...

NodeShield: Runtime Enforcement of Security-Enhanced SBOMs for Node.Js

The software supply chain is an increasingly common attack vector for malicious actors. The Node.js ecosystem has been subject to a wide array of attacks, likely due to its size and prevalence. To counter such attacks, the research community and practitioners have proposed a range of static and...

VulnCheck KEV: CVE-2023-26258

Arcserve UDP through 9.0.6034 allows authentication bypass. The method getVersionInfo at WebServiceImpl/services/FlashServiceImpl leaks the AuthUUID token. This token can be used at /WebServiceImpl/services/VirtualStandbyServiceImpl to obtain a valid session. This session can be used to execute a...

Amazon Linux 2 : edk2 (ALAS-2025-2975)

It is, therefore, affected by a vulnerability as referenced in the ALAS2-2025-2975 advisory. EDK2 contains a vulnerability in BIOS where an attacker may cause Protection Mechanism Failure by local access. Successful exploitation of this vulnerability will lead to arbitrary code execution and impa...

CIA+TA Risk Assessment for AI Reasoning Vulnerabilities

As AI systems increasingly influence critical decisions, they face threats that exploit reasoning mechanisms rather than technical infrastructure. We present a framework for cognitive cybersecurity, a systematic protection of AI reasoning processes from adversarial manipulation. Our contributions...

CVE-2025-50897

The CVE-2025-50897 entry concerns riscv-boom SonicBOOM 1.2 (BOOMv1.2). It describes a flaw in the MMU/PMP/memory enforcement where valid virtual-to-physical translations with write permissions in SV39 can trigger a Store/AMO access fault during sd store operations, despite valid PTEs. The fault o...