Security update for salt

This update for salt fixes the following issues: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal vulnerability...

Security update for salt

This update for salt fixes the following issues: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal vulnerability...

SUSE-SU-2025:02500-1 Security update for salt

This update for salt fixes the following issues: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory traversal...

SUSE-SU-2025:02499-1 Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: - Security issues fixed: - CVE-2024-38822: Fixed Minion token validation bsc1244561 - CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 - CVE-2024-38824: Fixed directory...

Security update 5.0.5 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2024-38822: Fixed Minion token validation bsc1244561 CVE-2024-38823: Fixed server vulnerability to replay attacks when not using a TLS encrypted transport bsc1244564 CVE-2024-38824: Fixed directory traversal...

RHSA-2025:11572 Red Hat Security Advisory: kernel-rt security update

Bulletin has no description...

DSA-5964-1 firefox-esr - security update

Bulletin has no description...

NodeJS 安全漏洞

NodeJS is a JavaScript runtime environment based on the ChromeV8 engine from the OpenJS Foundation. By encapsulating the Chromev8 engine and using event-driven and non-blocking IO applications make it possible to develop high-performance backend applications in Javascript. A security vulnerabilit...

PT-2025-49011

In pkvm guest relinquish to host of mem protect.c, there is a possible configuration data leak due to a logic error in the code. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

fastapi-guard 安全漏洞

fastapi-guard is a security library for FastAPI by Renzo F Individual Developer that provides middleware to control IPs, log requests and detect penetration attempts. A security vulnerability exists in fastapi-guard version 3.0.1, which stems from an improperly restricted regular expression lengt...

CVE-2025-54139 HAX CMS' application pages are vulnerable to clickjacking

HAX CMS allows users to manage their microsite universe with a NodeJS or PHP backend. In haxcms-nodejs versions 11.0.12 and below and in haxcms-php versions 11.0.7 and below, all pages within the HAX CMS application do not contain headers to prevent other websites from loading the site within an...

RHSA-2025:11464 Red Hat Security Advisory: fence-agents security update

Bulletin has no description...

PT-2025-31629

Name of the Vulnerable Software and Affected Versions Mozilla Firefox affected versions not specified Description The vulnerability in Mozilla Firefox on Android operating systems relates to a flaw in the data protection mechanism. Remote exploitation of this issue may allow an attacker to bypass...

Building a Robust OAuth Token Based API Security: a High Level Overview

APIs Application Programming Interfaces or Web Services are the foundational building blocks that enable interconnected systems. However this proliferation of APIs has also introduced security challenges that require systematic and scalable solutions for secure authentication and authorization...

CVE-2025-41459 Insecure authentication due to missing bruteforce protection and runtime manipulation in Two App Studio Journey 5.5.6 for iOS

Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attackers to bypass biometric and PIN-based access control via repeated PIN attempts or dynamic code injection...

CVE-2025-41459 Insecure authentication due to missing bruteforce protection and runtime manipulation in Two App Studio Journey 5.5.6 for iOS

Insufficient protection against brute-force and runtime manipulation in the local authentication component in Two App Studio Journey 5.5.6 on iOS allows local attackers to bypass biometric and PIN-based access control via repeated PIN attempts or dynamic code injection...

CVE-2025-41459

CVE-2025-41459 affects Two App Studio Journey 5.5.6 on iOS. The local authentication component has insufficient brute-force protection and is vulnerable to runtime manipulation, allowing local attackers to bypass biometric and PIN controls via repeated PIN attempts or dynamic code injection. CVSS...

CommScope Ruckus Unleashed 安全漏洞

The CommScope Ruckus Unleashed is a wireless router from CommScope USA. A security vulnerability exists in CommScope Ruckus Unleashed versions prior to 200.15.6.212.14, 200.17.7.0.139, and Ruckus ZoneDirector versions prior to 10.5.1.0.279, which stems from a password requirement that can be...

PT-2025-30361 · Hax Cms · Hax Cms

Name of the Vulnerable Software and Affected Versions: HAX CMS versions 11.0.7 and below PHP HAX CMS versions 11.0.12 and below NodeJS Description: HAX CMS does not include headers to prevent websites from loading the application within an iframe. This affects both the CMS and generated sites. An...

The vulnerability of Juniper Networks’ Junos OS operating systems arises from a flaw in the data protection mechanism, allowing attackers to circumvent existing security restrictions.

The vulnerability of Juniper Networks’ Junos OS lies in the compromised data protection mechanism. Exploiting this vulnerability allows a malicious actor to bypass existing security restrictions remotely...