Security Bulletin: Security vulnerabilities discovered in IBM Application Gateway (CVE-2023-5455, CVE-2024-37370, CVE-2024-45655)

Summary Security vulnerabilities discovered in the IBM Application Gateway have been addressed. Vulnerability Details CVEID:CVE-2023-5455 DESCRIPTION: FreeIPA is vulnerable to cross-site request forgery, caused by improper validation of user-supplied input. By persuading an authenticated user to...

IBM Application Gateway 安全漏洞

IBM Application Gateway is an application gateway from International Business Machines IBM, Inc. provides a containerized, secure Web reverse proxy that is designed to sit in front of your application and seamlessly add authentication and authorization protection to your application. An incorrect...

Vulnerabilities of the kfree(), ucsi_resume_work(), and ucsi_unregister() functions in the Linux operating system, allowing a hacker to cause a service failure

The vulnerability of the kfree, ucsiresumework, and ucsiunregister functions in the Linux operating system is related to the assignment of pointers. Exploiting this vulnerability could allow an attacker to cause a service failure...

The vulnerability of the Houzez Theme plugin of the WordPress content management system allows attackers to increase their privileges.

The vulnerability of the Houzez Theme plugin for WordPress content management systems is related to incorrect privilege assignment. Exploiting this vulnerability can allow a malicious actor to increase their privileges remotely...

CVE-2025-48482

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill method, which processes fields such as channel and channelid. However, the fill method is called with all client-provided...

CVE-2025-48476

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result...

CVE-2025-48478

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which are enumerated in the $fillable array the...

CVE-2025-4493

Improper privilege assignment in PAM JIT privilege sets in Devolutions Server allows a PAM user to perform PAM JIT requests on unauthorized groups by exploiting a user interface issue. This issue affects the following versions : Devolutions Server 2025.1.3.0 through 2025.1.7.0 Devolutions Server...

CVE-2025-48482

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill method, which processes fields such as channel and channelid. However, the fill method is called with all client-provided...

CVE-2025-48478

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which are enumerated in the $fillable array the...

CVE-2025-48476

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result...

CVE-2025-48482

CVE-2025-48482 affects FreeScout (PHP/Laravel). The issue is a mass assignment vulnerability in the Customer object where the fill() method processes client-provided data (including fields like channel and channel_id), allowing unexpected values to be accepted. The vulnerability is fixed in versi...

CVE-2025-48482 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill method, which processes fields such as channel and channelid. However, the fill method is called with all client-provided...

CVE-2025-48482 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill method, which processes fields such as channel and channelid. However, the fill method is called with all client-provided...

CVE-2025-48482 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, there is a mass assignment vulnerability. The Customer object is updated using the fill method, which processes fields such as channel and channelid. However, the fill method is called with all client-provided...

CVE-2025-48478 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which are enumerated in the $fillable array the...

CVE-2025-48478 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which are enumerated in the $fillable array the...

CVE-2025-48478

CVE-2025-48478 affects FreeScout; the vulnerability is a mass assignment issue caused by insufficient input validation during user creation, allowing manipulation of all fields in the User object (as defined in $fillable). It was fixed in version 1.8.180. Affected versions are prior to 1.8.180. R...

CVE-2025-48478 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, insufficient input validation during user creation has resulted in a mass assignment vulnerability, allowing an attacker to manipulate all fields of the object, which are enumerated in the $fillable array the...

CVE-2025-48476 FreeScout Has Business Logic Errors

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.180, when adding and editing user records using the fill method, there is no check for the absence of the password field in the data coming from the user, which leads to a mass-assignment vulnerability. As a result...