SUSE CVE-2025-21910

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue 1 that occurs when erroneous symbols sent from userspace get through into useralpha2 via regulatoryhintuser call. Such invalid regulatory...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2025-993227)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-993227 advisory. In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue 1 that...

GHSA-R355-75HW-R8JF Magento allows incorrect authorization

Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not...

Magento vulnerable to privilege escalation due to incorrect authorization

Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileges that...

Magento allows incorrect authorization

Magento versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read access. Exploitation of this issue does not...

CVE-2025-54267

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and gain unauthorized access to elevated privileg...

CVE-2025-54263 Adobe Commerce | Incorrect Authorization (CWE-863)

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. A low-privileged attacker could leverage this vulnerability to bypass security measures and maintain unauthorized access. Exploitation of...

PT-2025-42199

Name of the Vulnerable Software and Affected Versions Adobe Commerce versions 2.4.4-p15 and earlier Adobe Commerce version 2.4.5-p14 Adobe Commerce version 2.4.6-p12 Adobe Commerce version 2.4.7-p7 Adobe Commerce version 2.4.8-p2 Adobe Commerce version 2.4.9-alpha2 Description An Incorrect...

PT-2025-42202

Adobe Commerce versions 2.4.9-alpha2, 2.4.8-p2, 2.4.7-p7, 2.4.6-p12, 2.4.5-p14, 2.4.4-p15 and earlier are affected by an Incorrect Authorization vulnerability. An attacker could leverage this vulnerability to bypass security measures and gain limited unauthorized read access. Exploitation of this...

EUVD-2025-12888

Malicious code in bioql PyPI...

CVE-2025-5115 MadeYouReset HTTP/2 vulnerability

In Eclipse Jetty, versions =9.4.57, =10.0.25, =11.0.25, =12.0.21, =12.1.0.alpha2, an HTTP/2 client may trigger the server to send RSTSTREAM frames, for example by sending frames that are malformed or that should not be sent in a particular stream state, therefore forcing the server to consume...

Linux Distros Unpatched Vulnerability : CVE-2022-49881

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: fix memory leak in queryregdbfile In the function queryregdbfile the alpha2...

Improper Ownership Management

Overview github.com/rancher/rancher/pkg/apis/management.cattle.io/v3 is a complete container management platform Affected versions of this package are vulnerable to Improper Ownership Management for projects, whose namespace defaults to being the project name, regardless of cluster. A user with...

DEBIAN-CVE-2025-21910

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue 1 that occurs when erroneous symbols sent from userspace get through into useralpha2 via regulatoryhintuser call. Such invalid regulatory...

CVE-2025-21910 wifi: cfg80211: regulatory: improve invalid hints checking

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: regulatory: improve invalid hints checking Syzbot keeps reporting an issue 1 that occurs when erroneous symbols sent from userspace get through into useralpha2 via regulatoryhintuser call. Such invalid regulatory...

GHSA-42QM-8V8M-M78C PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'

Impact A "mismatch" type InventoryTransactionPacket is sent by the client to request a resync of all currently open inventories. Since PocketMine-MP does not rate-limit these "mismatch" transactions, and the syncing of inventories is not deferred until, e.g. the end of the current tick, they can ...

PocketMine MP vulnerable to uncontrolled resource consumption via mismatched type of 'InventoryTransactionPacket'

Impact A "mismatch" type InventoryTransactionPacket is sent by the client to request a resync of all currently open inventories. Since PocketMine-MP does not rate-limit these "mismatch" transactions, and the syncing of inventories is not deferred until, e.g. the end of the current tick, they can ...

Kubernetes client-go vulnerable to Sensitive Information Leak via Log File

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.5, = v1.18.13, = v1.17.15, v1.20.0-alpha2...

Insertion of Sensitive Information into Log File

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects = v1.19.3, = v1.18.10, = v1.17.13, v1.20.0-alpha2...

CVE-2022-2053

When a POST request comes through AJP and the request exceeds the max-post-size limit maxEntitySize, Undertow's AjpServerRequestConduit implementation closes a connection without sending any response to the client/proxy. This behavior results in that a front-end proxy marking the backend worker...