GHSA-38JW-G2QX-4286 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer

Summary Short summary of the problem. Make the impact and severity as clear as possible. A flawed implementation of the Kubernetes aggregation layer's authentication flow could enable bypassing RBAC controls. Details Give all details on the vulnerability. Pointing to the incriminated source code ...

PT-2025-45491

Name of the Vulnerable Software and Affected Versions KubeVirt versions 1.5.3 and below KubeVirt version 1.6.0 Description KubeVirt, a virtual machine management add-on for Kubernetes, has an issue in its authentication flow within the Kubernetes aggregation layer. The virt-api component does not...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-990034)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990034 advisory. In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside i...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990323)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990323 advisory. In the Linux kernel, the following vulnerability has been resolved: mlxsw: spectrumaclerp: Fix object nesting warning ACLs in Spectrum-2 and newer ASICs can reside i...

ROS-20251031-01

Vulnerability of MongoDB database management system is related to incorrect processing of certain accumulator functions when additional parameters are specified in the $group operation. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of service...

Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually

In Shopware core and platform versions before 6.6.10.7 and 6.7.3.1, media visibility restrictions applied by MediaVisibilityRestrictionSubscriber are not enforced for aggregation API requests. Authorization filters are only injected during standard entity reads; aggregation queries can be...

GHSA-M895-2HJ3-8CG9 Shopware vulnerable to MediaVisibilityRestrictionSubscriber bypass when reading media entities by aggregating fields individually

In Shopware core and platform versions before 6.6.10.7 and 6.7.3.1, media visibility restrictions applied by MediaVisibilityRestrictionSubscriber are not enforced for aggregation API requests. Authorization filters are only injected during standard entity reads; aggregation queries can be...

EUVD-2025-31835

A security flaw has been discovered in JhumanJ OpnForm up to 1.9.3. The impacted element is an unknown function of the component API Endpoint. The manipulation results in cross-site request forgery. The attack may be performed from remote. The exploit has been released to the public and may be...

EUVD-2025-31842

A vulnerability was detected in JhumanJ OpnForm up to 1.9.3. Affected by this issue is some unknown functionality of the file /answer. The manipulation results in unrestricted upload. The attack can be launched remotely. The exploit is now public and may be used. The patch is identified as...

EUVD-2005-2417

Malware in sbrugna...

EUVD-2008-2988

Malware in sbrugna...

EUVD-2021-18903

Malware in sbrugna...

EUVD-2007-6022

Malware in sbrugna...

EUVD-2008-2991

Malware in sbrugna...

EUVD-2008-2990

Malware in sbrugna...

EUVD-2020-4985

Malware in sbrugna...

EUVD-2013-1176

Malware in sbrugna...

EUVD-2015-0622

Malware in sbrugna...

EUVD-2021-18906

Malware in sbrugna...

EUVD-2008-2989

Malware in sbrugna...