CVE-2025-40667

CVE-2025-40667 describes a missing authorization vulnerability in TCMAN’s GIM v11. An authenticated attacker can access functions not exposed via the UI by modifying the HTTP response status from ‘302 Found’ to ‘200 OK’ and tampering with hidden fields hdnReadOnly and hdnUserLogin. The CVE docume...

CVE-2025-40667 Missing authorization vulnerability in TCMAN GIM v11

Missing authorization vulnerability in TCMAN's GIM v11. This allows an authenticated attacker to access any functionality of the application even when they are not available through the user interface. To exploit the vulnerability the attacker must modify the HTTP code of the response from ‘302...

CVE-2019-17561

The "Apache NetBeans" autoupdate system does not fully validate code signatures. An attacker could modify the downloaded nbm and include additional code. "Apache NetBeans" versions up to and including 11.2 are affected by this vulnerability...

CVE-2024-58100

CVE-2024-58100 concerns the Linux kernel BPF verifier and how it handles the changes_pkt_data property for extension/global programs. The available details describe a commit that: adds a changes_pkt_data flag to struct bpf_prog_aux, sets this flag for the main sub-program in check_cfg() and for o...

Controller Code Modification Detected (Low)

The system detected a change in the controller code that was made via the network. An attacker may use code changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...

Controller Code Modification Detected (Critical)

The system detected a change in the controller code that was made via the network. An attacker may use code changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...

Controller Code Modification Detected (Medium)

The system detected a change in the controller code that was made via the network. An attacker may use code changes to disrupt normal operations, to cause production losses, or to create a security threat. This plugin only works with Tenable.ot. Please visit...

CVE-2025-37798

In the Linux kernel, the following vulnerability has been resolved: codel: remove sch-q.qlen check before qdisctreereducebacklog After making all -qlennotify callbacks idempotent, now it is safe to remove the check of qlen!=0 from both fqcodeldequeue and codelqdiscdequeue...

CVE-2022-49199

In the Linux kernel, the following vulnerability has been resolved: RDMA/nldev: Prevent underflow in nldevstatsetcounterdynamicdoit This code checks "index" for an upper bound but it does not check for negatives. Change the type to unsigned to prevent underflows. Mitigation To mitigate this issue...

Important: Red Hat Security Advisory: kpatch-patch-5_14_0-284_52_1, kpatch-patch-5_14_0-284_79_1, and kpatch-patch-5_14_0-284_92_1 security update

An update for kpatch-patch-5140-284521, kpatch-patch-5140-284791, and kpatch-patch-5140-284921 is now available for Red Hat Enterprise Linux 9.2 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

CVE-2024-28241

The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which...

PT-2025-8898

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A use-after-free bug was reported in the Linux kernel, specifically in the workqueue module. The issue arises from a commit that reaps normal workers but fails to handle the rescuer,...

Important: Red Hat Security Advisory: kpatch-patch-4_18_0-305_120_1 and kpatch-patch-4_18_0-305_138_1 security update

An update for kpatch-patch-4180-3051201 and kpatch-patch-4180-3051381 is now available for Red Hat Enterprise Linux 8.4 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score...

Important: Red Hat Security Advisory: kpatch-patch-5_14_0-70_112_1 and kpatch-patch-5_14_0-70_85_1 security update

An update for kpatch-patch-5140-701121 and kpatch-patch-5140-70851 is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score,...

ROS-20240812-11

The GLPI Agent universal control agent vulnerability involves modifying GLPI-Agent code or allows a DLL to be used to modify the agent's logic. Exploitation of the vulnerability could allow an attacker to privilege escalation...

AccPack Khanepani 1.0 Cross Site Request Forgery

============================================================================================================================================= | Title : AccPack Khanepani v1.0 CSRF Vulnerability | | Author : indoushka | | Tested on : windows 10 FrPro / browser : Mozilla firefox 128.0.3 64 bits | |...

kernel: arm64: ftrace: consistently handle PLTs.

In the Linux kernel, the following vulnerability has been resolved: arm64: ftrace: consistently handle PLTs. Sometimes it is necessary to use a PLT entry to call an ftrace trampoline. This is handled by ftracemakecall and ftracemakenop, with each having almost identical logic, but this is not...

CVE-2024-28241

The CVE-2024-28241 entry concerns GLPI Agent. Before version 1.7.2, a local user can modify GLPI-Agent code or DLLs to alter agent logic and gain higher privileges. A patch is available in GLPI-Agent 1.7.2; as a workaround, use the default installation folder, which is automatically secured by th...

CVE-2024-28241 GlPI-Agent MSI package installation doesn't update folder security profile when using non default installation folder

The GLPI Agent is a generic management agent. Prior to version 1.7.2, a local user can modify GLPI-Agent code or used DLLs to modify agent logic and even gain higher privileges. Users should upgrade to GLPI-Agent 1.7.2 to receive a patch. As a workaround, use the default installation folder which...

Important: Red Hat Security Advisory: kpatch-patch security update

An update for kpatch-patch is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...