1468 matches found
CVE-2019-16186
In Limesurvey before 3.17.14, admin users can access the plugin manager without proper permissions...
CVE-2025-1351
IBM Storage Virtualize 8.5, 8.6, and 8.7 products could allow a user to escalate their privileges to that of another user logging in at the same time due to a race condition in the login function...
CVE-2025-1313
The Nokri - Job Board WordPress Theme theme for WordPress is vulnerable to privilege escalation via account takeover in all versions up to, and including, 1.6.3. This is due to the plugin not properly validating a user's identity prior to updating their details like email address. This makes it...
CVE-2025-69284
CVE-2025-69284 affects the open-source project management tool Plane (plane.io). Before version 1.2.0, a guest user could access the API endpoint /api/workspaces/:slug/members/ and enumerate members of a workspace they joined. The response’s display_name is the email handler, allowing a malicious...
CVE-2023-54326
Technical details about CVE-2023-54326 are not publicly provided in the supplied documents. Further updates from vendor advisories or connected feeds should be monitored for affected products, impact, and fixes.
SUSE-SU-2025:4490-1 Security update for xen
This update for xen fixes the following issues: Update to Xen 4.17.6. Security issues fixed: - CVE-2025-58149: incorrect removal of permissions on PCI device unplug allows PV guests to access memory of devices no longer assigned to them bsc1252692. Other issues fixed: - Several upstream bug fixes...
SUSE SLED15: xen / xen-devel / xen-libs / xen-tools / xen-tools-domU / etc (SUSE-SU-2025:4419-1)
The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2025:4419-1 advisory. Update to Xen 4.20.2 jscPED-8907. Security issues fixed: - CVE-2025-58149: incorrect removal of permissions on PCI devi...
EUVD-2025-203830
The Open edX Platform is a learning management platform. Prior to commit 05d0d0936daf82c476617257aa6c35f0cd4ca060, CourseLimitedStaffRole users are able to access and edit courses in studio if they are granted the role on an org rather than on a course, and CourseLimitedStaffRole users are able t...
CVE-2025-68309 PCI/AER: Fix NULL pointer access by aer_info
In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Fix NULL pointer access by aerinfo The kzallocGFPKERNEL may return NULL, so all accesses to aerinfo-xxx will result in kernel panic. Fix it...
CVE-2025-43497
An access issue was addressed with additional sandbox restrictions. This issue is fixed in macOS Tahoe 26.1. An app may be able to break out of its sandbox...
Linux Distros Unpatched Vulnerability : CVE-2022-50666
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - RDMA/siw: Fix QP destroy to wait for all references dropped. Delay QP destroy completion until all siw references to QP are dropped. The calling RDMA core will...
Huawei EulerOS: Security Advisory for cloud-init (EulerOS-SA-2025-2380)
The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
EUVD-2025-93510
Improper link resolution before file access 'link following' for some IntelR Server Configuration Utility software and IntelR Server Firmware Update Utility software before version 16.0.12. within Ring 3: User Applications may allow an escalation of privilege. System software adversary with an...
CVE-2025-36091 IBM Business Automation Insights unverified ownership
IBM Cloud Pak For Business Automation 25.0.0, 24.0.1, and 24.0.0 could allow an authenticated user to cause dashboards to become inaccessible to legitimate users due to invalid ownership assignment...
CVE-2025-12175
The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'tecqrcodemodal' AJAX endpoint in all versions up to, and including, 6.15.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to vi...
EUVD-2022-55068
In the Linux kernel, the following vulnerability has been resolved: scsi: qla2xxx: Fix premature hw access after PCI error After a recoverable PCI error has been detected and recovered, qla driver needs to check to see if the error condition still persist and/or wait for the OS to give the resume...
EUVD-2019-3649
Malware in sbrugna...
EUVD-2021-12694
Malware in sbrugna...
EUVD-2018-3947
Malware in sbrugna...
EUVD-2017-2693
Malware in sbrugna...