Libopensc: uninitialized values after incorrect check or usage of apdu response values in libopensc

...

Output of "go env" does not sanitize values in cmd/go

...

Passing invalid data could have led to invalid wasm values being created, such as arbitrary integers turning into pointer values. This vulnerability affects Firefox < 124.

...

ice: always check VF VSI pointer values

...

postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table

An access control bypass flaw has been discovered in PostgreSQL. The PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide...

CVE-2025-7731

Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product...

CVE-2025-7405

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to read or write the device values of the product and stop the operation of the programs, since MODBUS/TCP in the products does not...

UUID/GUID Version 1 Detected

This is an informational plugin to inform the user that the scanner has detected a UUID/GUID version 1. UUID/GUID version 1 contains the MAC address of the computer that generated it, as well as a timestamp. This means that if an attacker can obtain a UUID/GUID version 1, they can infer host...

CVE-2024-52284

Unauthorized disclosure of sensitive data: Any user with GET or LIST permissions on BundleDeployment resources could retrieve Helm values containing credentials or other secrets...

UBUNTU-CVE-2024-52284

Unauthorized disclosure of sensitive data: Any user with GET or LIST permissions on BundleDeployment resources could retrieve Helm values containing credentials or other secrets...

CVE-2024-52284 Rancher Fleet Helm Values are stored inside BundleDeployment in plain text

Unauthorized disclosure of sensitive data: Any user with GET or LIST permissions on BundleDeployment resources could retrieve Helm values containing credentials or other secrets...

CVE-2024-52284 Rancher Fleet Helm Values are stored inside BundleDeployment in plain text

Unauthorized disclosure of sensitive data: Any user with GET or LIST permissions on BundleDeployment resources could retrieve Helm values containing credentials or other secrets...

CVE-2024-52284

CVE-2024-52284 describes unauthorized disclosure where any user with GET or LIST permissions on BundleDeployment resources can retrieve Helm values that may contain credentials or other secrets. The entry attributes a CVSS v3.1 base score of 7.7 (HIGH) with network attack vector, low attack compl...

postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table

An access control bypass flaw has been discovered in PostgreSQL. The PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide...

postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table

An access control bypass flaw has been discovered in PostgreSQL. The PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide...

Security Bulletin: Insufficiently Random Values in form-data (lib/form_data.js) Leads to HTTP Parameter Pollution (HPP) – Affects versions <2.5.4, 3.0.0–3.0.3, and 4.0.0–4.0.3

Summary Use of Insufficiently Random Values vulnerability in form-data allows HTTP Parameter Pollution HPP. This vulnerability is associated with program files lib/formdata.Js. This issue affects form-data: 2.5.4, 3.0.0 - 3.0.3, 4.0.0 - 4.0.3. Vulnerability Details CVEID:CVE-2025-7783 DESCRIPTION...

postgresql: PostgreSQL optimizer statistics can expose sampled data within a view, partition, or child table

An access control bypass flaw has been discovered in PostgreSQL. The PostgreSQL optimizer statistics allow a user to read sampled data within a view that the user cannot access. Separately, statistics allow a user to read sampled data that a row security policy intended to hide...

CVE-2025-7731

Cleartext Transmission of Sensitive Information vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to obtain credential information by intercepting SLMP communication messages, and read or write the device values of the product...

CVE-2025-7405

Missing Authentication for Critical Function vulnerability in Mitsubishi Electric Corporation MELSEC iQ-F Series CPU module allows a remote unauthenticated attacker to read or write the device values of the product and stop the operation of the programs, since MODBUS/TCP in the products does not...

PT-2025-35445

Name of the Vulnerable Software and Affected Versions: Mitsubishi Electric MELSEC iQ-F Series CPU module affected versions not specified Description: A missing authentication feature in the MODBUS/TCP implementation of the Mitsubishi Electric MELSEC iQ-F Series CPU module allows a remote,...