Important: runc

Issue Overview: Acceptance of some invalid Transfer-Encoding headers in the HTTP/1 client in net/http before Go 1.17.12 and Go 1.18.4 allows HTTP request smuggling if combined with an intermediate server that also improperly fails to reject the header as invalid. CVE-2022-1705 Uncontrolled...

CVE-2025-39542

Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat xelion-webchat allows Privilege Escalation.This issue affects Xelion Webchat: from n/a through = 9.1.0...

GHSA-69M9-RPRC-2X7G Moodle reveals student identities through assignment submissions search on anonymous submissions

A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities...

Moodle reveals student identities through assignment submissions search on anonymous submissions

A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities...

CVE-2025-3628

A flaw has was found in Moodle where anonymous assignment submissions can be de-anonymized via search, revealing student identities...

SUSE CVE-2025-39728

In the Linux kernel, the following vulnerability has been resolved: clk: samsung: Fix UBSAN panic in samsungclkinit With UBSANARRAYBOUNDS=y, I'm hitting the below panic due to dereferencing ctx-clkdata.hws before setting ctx-clkdata.num = nrclks. Move that up to fix the crash. UBSAN: array index...

CVE-2025-39542

Incorrect Privilege Assignment vulnerability in Jauhari Xelion Xelion Webchat xelion-webchat allows Privilege Escalation.This issue affects Xelion Webchat: from n/a through = 9.1.0...

CVE-2025-32648

Incorrect Privilege Assignment vulnerability in Projectopia Projectopia projectopia-core allows Privilege Escalation.This issue affects Projectopia: from n/a through = 5.1.24...

PT-2025-17177 · Unknown · Xelion Webchat

Name of the Vulnerable Software and Affected Versions: Xelion Webchat versions n/a through 9.1.0 Description: The issue is related to an Incorrect Privilege Assignment, which allows Privilege Escalation in Xelion Webchat. Recommendations: For versions n/a through 9.1.0, update to a version that...

WordPress plugin Xelion Webchat 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plug-in. A security vulnerability...

WordPress plugin Projectopia 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security...

CVE-2025-0758

CVE-2025-0758 affects Hitachi Vantara Pentaho Business Analytics Server. The root cause is that Karaf JMX beans are enabled and accessible by default, allowing a local-privilege user to leverage exposed functionality via these beans. Impact described across sources: read/modify a security-critica...

CVE-2025-0758 Hitachi Vantara Pentaho Business Analytics Server - Incorrect Permission Assignment for Critical Resource

Overview The product specifies permissions for a security-critical resource in a way that allows that resource to be read or modified by unintended actors. CWE-732 Description Hitachi Vantara Pentaho Business Analytics Server prior to versions 10.2.0.2, including 9.3.x and 8.3.x, is installed...

Prototype Pollution

js-object-utilities is vulnerable to Prototype Pollution. The vulnerability is due to unsanitized property assignment due to the lib.set function allowing attackers to modify the global prototype chain using crafted payloads...

CVE-2025-33022

The reporter agreed to not assign CVE ID...

aws-cdk-lib's aspect order change causes different Permissions Boundary assigned to Role

Summary The AWS Cloud Development Kit AWS CDK is an open-source software development framework for defining cloud infrastructure in code and provisioning it through AWS CloudFormation. In the CDK, developers organize their applications into reusable components called "constructs," which are...

: Double or Triple licenses are getting assigned to the same user

Multiple licenses are assigned to the the same user in the DAAS console...

CVE-2025-23391

A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4...

CVE-2025-25023

IBM Security Guardium 11.4 and 12.1 could allow a privileged user to read any file on the system due to incorrect privilege assignment...

CVE-2025-23391

A Incorrect Privilege Assignment vulnerability in SUSE rancher allows a Restricted Administrator to change the password of Administrators and take over their accounts. This issue affects rancher: from 2.8.0 before 2.8.14, from 2.9.0 before 2.9.8, from 2.10.0 before 2.10.4...