40442 matches found
CVE-2025-6526
A vulnerability, which was classified as problematic, has been found in 70mai M300 up to 20250611. This issue affects some unknown processing of the component HTTP Server. The manipulation leads to insufficiently protected credentials. The attack can only be done within the local network. The...
CVE-2025-52576
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine vali...
CVE-2025-52576 Kanboard vulnerable to Username Enumeration via Login Behavior and Bruteforce Protection Bypass
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine vali...
CVE-2025-52576 Kanboard vulnerable to Username Enumeration via Login Behavior and Bruteforce Protection Bypass
Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, Kanboard is vulnerable to username enumeration and IP spoofing-based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can determine vali...
CVE-2025-52576
Kanboard prior to version 1.2.46 is vulnerable to username enumeration and IP spoofing–based brute-force protection bypass. By analyzing login behavior and abusing trusted HTTP headers, an attacker can enumerate valid usernames and bypass rate-limiting or IP-based blocking mechanisms, increasing ...
CVE-2025-50179
Summary: CVE-2025-50179 affects Tuleap. The vulnerability is a cross-site request forgery (CSRF) that could allow an attacker to trick victims into changing canned responses. Affected products are Tuleap Community Edition prior to 16.8.99.1749830289 and Tuleap Enterprise Edition prior to 16.9-1. ...
CVE-2025-48991
CVE-2025-48991 describes a cross-site request forgery vulnerability in Tuleap that could allow an attacker to trick victims into changing canned tracker responses. Affected versions: Tuleap Community Edition prior to 16.8.99.1748845907; Tuleap Enterprise Edition prior to 16.8-3 and prior to 16.7-...
CVE-2025-48991 Tuleap missing CSRF protection on tracker canned responses administration
Tuleap is an Open Source Suite to improve management of software developments and collaboration. An attacker could use a vulnerability present in Tuleap Community Edition prior to version 16.8.99.1748845907 and Tuleap Enterprise Edition prior to versions 16.8-3 and 16.7-5 to trick victims into...
Important: Red Hat Security Advisory: OpenShift API for Data Protection (OADP) 1.3.7 security and bug fix update
OpenShift API for Data Protection OADP 1.3.7 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE...
Many data brokers are failing to register with state consumer protection agencies
Hundreds of data brokers haven't registered with state consumer protection agencies, according to The Electronic Frontier Foundation EFF and Privacy Rights Clearinghouse PRC. There are different kinds of data brokers, but what they all have in common is that they gather personally identifiable...
kernel: ndisc: use RCU protection in ndisc_alloc_skb()
A vulnerability was found in the Linux kernel's IPv6 Neighbor Discovery NDISC subsystem, which manages network neighbor information. The issue arises from improper synchronization mechanisms when allocating socket buffers skbuff in the ndiscallocskb function. Specifically, the function can be...
wildfly-elytron: possible timing attacks via use of unsafe comparator
A flaw was found in Wildfly-elytron. Wildfly-elytron uses java.util.Arrays.equals in several places, which is unsafe and vulnerable to timing attacks. To compare values securely, use java.security.MessageDigest.isEqual instead. This flaw allows an attacker to access secure information or...
Generative AI for Vulnerability Detection in 6G Wireless Networks: Advances, Case Study, and Future Directions
The rapid advancement of 6G wireless networks, IoT, and edge computing has significantly expanded the cyberattack surface, necessitating more intelligent and adaptive vulnerability detection mechanisms. Traditional security methods, while foundational, struggle with zero-day exploits, adversarial...
Pioneer DMH-WT7600NEX 数据伪造问题漏洞
The Pioneer DMH-WT7600NEX is a multimedia digital media receiver from Pioneer. The Pioneer DMH-WT7600NEX suffers from a Data Forgery Issue vulnerability that stems from insufficient root filesystem protection, which could lead to authentication bypass...
Kanboard 安全漏洞
Kanboard is a suite of open source visual task board software from Kanboard Open Source. The software has the ability to customize the panels to suit your business. A security vulnerability exists in Kanboard versions prior to 1.2.46 that stems from username enumeration and IP spoofing could lead...
XNU VM_BEHAVIOR_ZERO_WIRED_PAGES Read-Only Write
XNU VMBEHAVIORZEROWIREDPAGES suffers from a flaw that allows writing to read-only pages...
PT-2025-26861 · Kanboard · Kanboard
Name of the Vulnerable Software and Affected Versions: Kanboard versions prior to 1.2.46 Description: Kanboard is project management software that focuses on the Kanban methodology. Prior to version 1.2.46, it is vulnerable to username enumeration and IP spoofing-based brute-force protection...
CodeGuard: a Generalized and Stealthy Backdoor Watermarking for Generative Code Models
Generative code models GCMs significantly enhance development efficiency through automated code generation and code summarization. However, building and training these models require computational resources and time, necessitating effective digital copyright protection to prevent unauthorized lea...
Empowering Digital Agriculture: a Privacy-Preserving Framework for Data Sharing and Collaborative Research
Data-driven agriculture, which integrates technology and data into agricultural practices, has the potential to improve crop yield, disease resilience, and long-term soil health. However, privacy concerns, such as adverse pricing, discrimination, and resource manipulation, deter farmers from...
Moderate: kernel security update
The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: cifs: fix double free race when mount fails in cifsgetroot CVE-2022-48919 kernel: security/keys: fix slab-out-of-bounds in keytaskpermission CVE-2024-50301 kernel: idpf: fix idpfvccoreini...