CVE-2025-5715 Signal App Biometric Authentication missing critical step in authentication

A vulnerability was found in Signal App 7.41.4 on Android. It has been declared as problematic. This vulnerability affects unknown code of the component Biometric Authentication Handler. The manipulation leads to missing critical step in authentication. It is possible to launch the attack on the...

CVE-2025-5648

A vulnerability was found in Radare2 5.9.9. It has been classified as problematic. Affected is the function rconspalinit in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. An attack has to be approached locally. The complexity...

CVE-2025-5647 Radare2 radiff2 cons.c r_cons_context_break_pop memory corruption

A vulnerability was found in Radare2 5.9.9 and classified as problematic. This issue affects the function rconscontextbreakpop in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. The attack needs to be approached locally. The...

CVE-2025-5645

A vulnerability, which was classified as problematic, was found in Radare2 5.9.9. This affects the function rconspalinit in the library /libr/cons/pal.c of the component radiff2. The manipulation of the argument -T leads to memory corruption. Attacking locally is a requirement. The complexity of ...

CVE-2025-5644 Radare2 radiff2 cons.c r_cons_flush use after free

A vulnerability, which was classified as problematic, has been found in Radare2 5.9.9. Affected by this issue is the function rconsflush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to approach thi...

PT-2025-23902 · Radare2 · Radare2

Name of the Vulnerable Software and Affected Versions: Radare2 version 5.9.9 Description: A vulnerability has been found in the function r cons flush in the library /libr/cons/cons.c of the component radiff2. The manipulation of the argument -T leads to use after free. Local access is required to...

CVE-2025-27703

CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the...

CVE-2025-27706

CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator visits t...

CVE-2025-27702

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...

CVE-2025-5323

CVE-2025-5323 affects fossasia open-event-server 1.19.1, specifically the Mail Verification Handler’s function send_email_change_user_email . The issue is described as relying on obfuscation or encryption of security-relevant inputs without integrity checks, with possible remote activation and hi...

CVE-2025-27702

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...

CVE-2025-27706

CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator visits t...

CVE-2025-27703

CVE-2025-27703 is a privilege escalation vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to a specific subset of privileged features in the console can elevate their permissions to access additional features in the...

CVE-2025-27706 Cross-site scripting vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.54

CVE-2025-27706 is a cross-site scripting vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with system administrator permissions can interfere with another system administrator’s use of the management console when the second administrator visits t...

CVE-2025-27703

CVE-2025-27703 affects Absolute Secure Access prior to version 13.54, with a privilege-escalation in the management console. Attackers with administrative access to a subset of privileged features can elevate permissions to access additional console features. Reported impacts: confidentiality low...

CVE-2025-27702 Permissions bypass in the management console of Absolute Secure Access prior to version 13.54

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...

CVE-2025-27702

CVE-2025-27702 affects Absolute Secure Access prior to 13.54. The vulnerability is a permissions bypass in the management console that allows attackers with administrative access (and a specific permission set) to bypass restrictions and improperly modify settings. It has low attack complexity, r...

CVE-2025-27702 Permissions bypass in the management console of Absolute Secure Access prior to version 13.54

CVE-2025-27702 is a vulnerability in the management console of Absolute Secure Access prior to version 13.54. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly modify settings. The attack complexi...

CVE-2025-5129 Sangfor 零信任访问控制系统 aTrust MSASN1.dll uncontrolled search path

A vulnerability has been found in Sangfor 零信任访问控制系统 aTrust 2.3.10.60 and classified as critical. Affected by this vulnerability is an unknown functionality in the library MSASN1.dll. The manipulation leads to uncontrolled search path. Local access is required to approach this attack. The complexi...

CVE-2025-0575

A vulnerability has been found in Union Bank of India Vyom 8.0.34 on Android and classified as problematic. This vulnerability affects unknown code of the component Rooting Detection. The manipulation leads to protection mechanism failure. The attack needs to be approached locally. The complexity...