The vulnerability of the FreeScout support service management system lies in the lack of measures to protect the website structure. This allows attackers to disclose confidential information and gain control over user sessions.

The vulnerability of the FreeScout support service management system lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability can allow a malicious actor to disclose confidential information and gain control over user sessions...

The vulnerability of the FreeScout support service management system lies in the lack of measures to protect the website structure. This allows attackers to disclose confidential information and gain control over user sessions.

The vulnerability of the FreeScout support service management system lies in the lack of measures taken to protect the website structure. Exploiting this vulnerability can allow a malicious actor to disclose confidential information and gain control over user sessions...

PT-2025-27894 · Unknown · Sharable Password Protected Posts

Name of the Vulnerable Software and Affected Versions: Sharable Password Protected Posts version 1.1.1 and earlier Description: The issue allows access to password protected posts by providing a secret key in a GET parameter. However, the key is exposed by the REST API. Recommendations: For...

Dell NetWorker Algorithm Downgrade Vulnerability

Dell NetWorker is data protection software provided by Dell. Dell NetWorker suffers from an algorithm degradation vulnerability that can be exploited by an attacker to cause information disclosure...

SUSE CVE-2025-38150

In the Linux kernel, the following vulnerability has been resolved: afpacket: move notifier's packetdevmc out of rcu critical section Syzkaller reports the following issue: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578 mutexlock+0x106/0xe80...

CBP Wants New Tech to Search for Hidden Data on Seized Phones

Customs and Border Protection is asking companies to pitch tools for performing deep analysis on the contents of devices seized at the US border...

AZL-70645 CVE-2025-38162 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: netfilter: nftsetpipapo: prevent overflow in lookup table allocation When calculating the lookup table size, ensure the following multiplication does not overflow: - desc-fieldlen maximum value is U8MAX multiplied by...

CVE-2025-38142

In the Linux kernel, the following vulnerability has been resolved: hwmon: asus-ec-sensors check sensor index in readstring Prevent a potential invalid memory access when the requested sensor is not found. findecsensorindex may return a negative value e.g. -ENOENT, but its result was used without...

CVE-2025-38117

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Protect mgmtpending list with its own lock This uses a mutex to protect from concurrent access of mgmtpending list which can cause crashes like: ==================================================================...

DEBIAN-CVE-2025-38117

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Protect mgmtpending list with its own lock This uses a mutex to protect from concurrent access of mgmtpending list which can cause crashes like: ==================================================================...

UBUNTU-CVE-2025-38150

In the Linux kernel, the following vulnerability has been resolved: afpacket: move notifier's packetdevmc out of rcu critical section Syzkaller reports the following issue: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578 mutexlock+0x106/0xe80...

CVE-2025-38150 af_packet: move notifier's packet_dev_mc out of rcu critical section

In the Linux kernel, the following vulnerability has been resolved: afpacket: move notifier's packetdevmc out of rcu critical section Syzkaller reports the following issue: BUG: sleeping function called from invalid context at kernel/locking/mutex.c:578 mutexlock+0x106/0xe80...

CVE-2025-38117

Summary: CVE-2025-38117 affects the Linux kernel Bluetooth MGMT path, specifically the mgmt_pending list. The root cause is a concurrency issue where the list access could lead to a slab-use-after-free in hci_sock_get_channel, triggering a crash under KASAN reports. The vulnerability is mitigated...

CVE-2025-38117 Bluetooth: MGMT: Protect mgmt_pending list with its own lock

In the Linux kernel, the following vulnerability has been resolved: Bluetooth: MGMT: Protect mgmtpending list with its own lock This uses a mutex to protect from concurrent access of mgmtpending list which can cause crashes like: ==================================================================...

CVE-2025-38112 net: Fix TOCTOU issue in sk_is_readable()

In the Linux kernel, the following vulnerability has been resolved: net: Fix TOCTOU issue in skisreadable sk-skprot-sockisreadable is a valid function pointer when sk resides in a sockmap. After the last skpsockput which usually happens when socket is removed from sockmap, sk-skprot gets restored...

Hitachi Energy MicroSCADA X SYS600

RISK EVALUATION Successful exploitation of these vulnerabilities could allow an attacker to tamper with the system file, overwrite files, create a denial-of-service condition, or leak file content. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of...

AlmaLinux 9 : kernel (ALSA-2025:8333)

The remote AlmaLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALSA-2025:8333 advisory. kernel: Use after Free in grusetcontextoption leading to kernel panic CVE-2022-3424 kernel: ndisc: use RCU protection in ndiscallocskb CVE-2025-21764...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of website structures, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of website structures, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...

The vulnerability of the Adobe Experience Manager (AEM) content and media data management system lies in the insufficient protection of website structures, allowing attackers to execute arbitrary code.

The vulnerability of the Adobe Experience Manager AEM content and media data management system is related to insufficient protection of the website structure. Exploiting this vulnerability could allow a malicious actor to execute arbitrary code remotely...