DEBIAN-CVE-2025-38391

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pinassignments A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value, DPPINASSIGNF. In...

AZL-65687 CVE-2025-38391 affecting package kernel for versions less than 6.6.104.2-1

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pinassignments A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value, DPPINASSIGNF. In...

AZL-73007 CVE-2025-38391 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: usb: typec: altmodes/displayport: do not index invalid pinassignments A poorly implemented DisplayPort Alt Mode port partner can indicate that its pin assignment capabilities are greater than the maximum value, DPPINASSIGNF. In...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a transport assignment contention condition that could lead to the use of obsolete pointers...

Siemens SCALANCE LPE9403 Incorrect Permission Assignment For Critical Resource (CVE-2025-40574)

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions. Affected devices do not properly assign permissions to critical ressources. This could allow a non- privileged local attacker to interact with the backupmanager service. This plugin only works with Tenable.ot...

WordPress The E-Commerce ERP Elevation of Privilege Vulnerability

WordPress The E-Commerce ERP is a comprehensive management system designed for small and medium-sized enterprises, integrating financial management, human resources management, procurement management, sales management, inventory management and production management, helping enterprises to optimiz...

The vulnerability of Adobe Illustrator’s graphic editor, related to pointer naming errors, allows a hacker to trigger a service failure.

The vulnerability of Adobe Illustrator’s graphic editor is related to pointer assignment errors. Exploiting this vulnerability can allow attackers to trigger a service failure using a specially created malicious file...

LiveHelperChat 4.61 - Stored Cross Site Scripting (XSS) via Department Assignment Alias Nick Field

Exploit Title: LiveHelperChat 4. Save the changes. 5. Revist the Department Assignment settings page and edit the Alias Nick field, the cross site scripting xss will execute...

PT-2025-30334 · Unknown · Livehelperchat

Name of the Vulnerable Software and Affected Versions: Live Helper Chat version 4.60 Description: A stored cross-site scripting XSS issue exists in the department assignment editing module. Attackers can execute arbitrary web scripts or HTML by injecting a crafted payload into the Alias Nick...

The vulnerability of Palo Alto Networks Cortex, a cloud-based security platform, allows attackers to elevate their privileges to the root level.

The vulnerability of the virtual machine on Palo Alto Networks Cortex XDR Broker VM in cloud security platforms is related to improper privilege assignment. Exploiting this vulnerability can allow attackers to elevate their privileges to a root level...

Exploit for Cross-site Scripting in Livehelperchat Live_Helper_Chat

Exploit Title: LiveHelperChat...

Exploit for Incorrect Permission Assignment for Critical Resource in Facebook Below

Proof-Of-Concept Usage 1. build bash go build -o poc e...

CVE-2025-52836 WordPress The E-Commerce ERP <= 2.1.1.3 - Privilege Escalation Vulnerability

Incorrect Privilege Assignment vulnerability in Unity Business Technology Pty Ltd The E-Commerce ERP profitori allows Privilege Escalation.This issue affects The E-Commerce ERP: from n/a through = 2.1.1.3...

CVE-2025-52836

CVE-2025-52836 is an active privilege-escalation vulnerability in WordPress The E-Commerce ERP by Unity Business Technology Pty Ltd. Affected versions are listed as n/a through 2.1.1.3. The issue enables privilege escalation (CVSSv3.1 base score 9.8, critical). Public details in connected sources...

WordPress plugin The E-Commerce ERP 安全漏洞

WordPress The E-Commerce ERP is a comprehensive management system designed for small and medium-sized enterprises, integrating financial management, human resources management, procurement management, sales management, inventory management and production management, helping enterprises to optimiz...

CVE-2025-0140

An incorrect privilege assignment vulnerability in the Palo Alto Networks GlobalProtect™ App on macOS devices enables a locally authenticated non administrative user to disable the app even if the GlobalProtect app configuration would not normally permit them to do so. The GlobalProtect app on...

CVE-2025-30661

An Incorrect Permission Assignment for Critical Resource vulnerability in line card script processing of Juniper Networks Junos OS allows a local, low-privileged user to install scripts to be executed as root, leading to privilege escalation. A local user with access to the local file system can...

containerd CRI plugin: Incorrect cgroup hierarchy assignment for containers running in usernamespaced Kubernetes pods.

...

CVE-2025-38299

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMPDUMMY ETDM2INBE and ETDM1OUTBE are defined as COMPEMPTY, in the case the codec dainame will be null. Avoid a crash if the device tree is not assigning a codec to these links...

CVE-2025-38299 ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMP_DUMMY()

In the Linux kernel, the following vulnerability has been resolved: ASoC: mediatek: mt8195: Set ETDM1/2 IN/OUT to COMPDUMMY ETDM2INBE and ETDM1OUTBE are defined as COMPEMPTY, in the case the codec dainame will be null. Avoid a crash if the device tree is not assigning a codec to these links...