The vulnerability of the HPE Aruba Networking Virtual Intranet Access Client (VIA) VPN service arises from the improper assignment of permissions to critical resources. This allows a perpetrator to trigger a service failure.

The vulnerability of the HPE Aruba Networking Virtual Intranet Access Client VIA VPN service is related to the improper assignment of permissions for critical resources. Exploiting this vulnerability could allow a attacker to cause a service failure...

php: Reference counting in php_request_shutdown causes Use-After-Free

A flaw was found in PHP. This vulnerability allows remote code execution via a crafted code path involving the set magic method or the null coalescing assignment ??= operator, in combination with exception handling. Attackers can trigger a use-after-free condition by controlling the memory layout...

php: Reference counting in php_request_shutdown causes Use-After-Free

A flaw was found in PHP. This vulnerability allows remote code execution via a crafted code path involving the set magic method or the null coalescing assignment ??= operator, in combination with exception handling. Attackers can trigger a use-after-free condition by controlling the memory layout...

kernel: vhost_vdpa: assign irq bypass producer token correctly

A use-after-free flaw was found in drivers/vhost/vdpa.c in the Linux kernel...

Intel Tiber Edge Platform Edge Orchestrator 安全漏洞

Intel Tiber Edge Platform Edge Orchestrator is an enterprise-class edge computing orchestration management platform from Intel Corporation USA. A security vulnerability exists in Intel Tiber Edge Platform Edge Orchestrator that stems from improper privilege assignment and could lead to elevation ...

Intel Tiber Edge Platform Edge Orchestrator 安全漏洞

Intel Tiber Edge Platform Edge Orchestrator is an enterprise-class edge computing orchestration management platform from Intel Corporation USA. A security vulnerability exists in Intel Tiber Edge Platform Edge Orchestrator that stems from improper privilege assignment and could lead to elevated...

Intel Tiber Edge Platform Edge Orchestrator 安全漏洞

Intel Tiber Edge Platform Edge Orchestrator is an enterprise-class edge computing orchestration management platform from Intel Corporation USA. A security vulnerability exists in Intel Tiber Edge Platform Edge Orchestrator that stems from improper privilege assignment and could lead to elevated...

Siemens SCALANCE LPE9403 安全漏洞

Siemens SCALANCE LPE9403 is a local processing engine for industrial field data processing from Siemens. It is used to capture, collect and pre-process industrial field data. A security bypass vulnerability exists in the Siemens SCALANCE LPE9403 that stems from improper assignment of critical...

PT-2025-23248 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: The issue is related to a mass assignment vulnerability in the Customer object, which is updated using the fill method. This method processes fields such as channel and channel id, but it is...

PT-2025-23242 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: FreeScout is a free self-hosted help desk and shared mailbox. The issue arises from the lack of verification for the absence of the password field in user data when adding and editing user...

PT-2025-23244 · Freescout · Freescout

Name of the Vulnerable Software and Affected Versions: FreeScout versions prior to 1.8.180 Description: The issue is related to insufficient input validation during user creation, resulting in a mass assignment vulnerability. This vulnerability allows an attacker to manipulate all fields of the...

PT-2025-26717

Name of the Vulnerable Software and Affected Versions Safari versions prior to 18.5 macOS Sequoia versions prior to 15.5 Description A flaw allows a website to potentially spoof the domain name displayed in a pop-up window's title bar. This occurs due to improved truncation when displaying the...

DEBIAN-CVE-2025-37878

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARNON!ctx in freeevent for partial init Move the getctxchildctx call and the childevent-ctx assignment to occur immediately after the child event is allocated. Ensure that childevent-ctx is non-NULL before any...

UBUNTU-CVE-2025-37878

In the Linux kernel, the following vulnerability has been resolved: perf/core: Fix WARNON!ctx in freeevent for partial init Move the getctxchildctx call and the childevent-ctx assignment to occur immediately after the child event is allocated. Ensure that childevent-ctx is non-NULL before any...

CVE-2025-37878

CVE-2025-37878 (Linux kernel) : The vulnerability arises in perf/core during partial initialization of a child event. The fix defers the refcount update and the assignment of child_event->ctx until after child_event->pmu_ctx is set and immediately after the initial validation, ensuring chil...

The vulnerability of the IBM Guardium Data Protection platform regarding data security protection, which stems from improper privilege assignment, allows attackers to gain unauthorized access to protected information.

The vulnerability of the IBM Guardium Data Protection platform for data security protection is related to improper privilege assignment. Exploiting this vulnerability may allow an attacker, operating remotely, to gain unauthorized access to protected information...

firefox security update

An update is available for firefox. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Mozilla Firefox is an open-source web browser, designed for standards...

Moodle Information Disclosure Vulnerability

Moodle is Moodle open source set of free e-learning software platform, also known as course management system, learning management system or virtual learning environment. Moodle suffers from an information disclosure vulnerability that stems from the fact that anonymous assignment submissions can...

CVE-2025-4374 Quay: incorrect privilege assignment

A flaw was found in Quay. When an organization acts as a proxy cache, and a user or robot pulls an image that hasn't been mirrored yet, they are granted "Admin" permissions on the newly created repository...

CVE-2025-4374

CVE-2025-4374 affects Quay: when an organization acts as a proxy cache and a user/robot pulls an unmapped image, the newly created repository may be granted Admin privileges due to an improper privilege assignment in the proxy cache flow. Impact described as elevated (Admin) access on the new rep...