CGA-G7M5-MXWC-M9W9

Bulletin has no description...

CGA-V9CH-PF44-W6G2

Bulletin has no description...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988782)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988782 advisory. In the Linux kernel, the following vulnerability has been resolved: net/tls: Fix flipped sign in tlserrabort calls sk-skerr appears to expect a positive value, a...

PT-2025-45100

Name of the Vulnerable Software and Affected Versions FunnelKit Automations – Email Marketing Automation and CRM for WordPress & WooCommerce versions up to and including 3.6.4.1 Description The software contains a flaw that allows unauthenticated attackers to extract sensitive data, including...

CVE-2025-12175

The The Events Calendar plugin for WordPress is vulnerable to unauthorized access due to a missing capability check on the 'tecqrcodemodal' AJAX endpoint in all versions up to, and including, 6.15.9. This makes it possible for authenticated attackers, with Subscriber-level access and above, to vi...

CVE-2025-12175

The Events Calendar WordPress plugin (versions up to 6.15.9) has an unauthorized access flaw due to a missing capability check on the tec_qr_code_modal AJAX endpoint. This allows authenticated users with Subscriber-level access and above to view draft event names and to generate/view QR codes. Wo...

PT-2025-44592

Name of the Vulnerable Software and Affected Versions The Events Calendar plugin for WordPress versions through 6.15.9 Description The The Events Calendar plugin for WordPress is susceptible to unauthorized access. A missing capability check on the tec qr code modal API endpoint allows...

EUVD-2025-37025

AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...

EUVD-2025-37028

Kanova Android App version 1.0.27 package name com.karelane, developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful...

CVE-2025-61119

Kanova Android App version 1.0.27 package name com.karelane, developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful...

CVE-2025-61120

AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...

GO-2025-4050 Mattermost Server is vulnerable to XSS through customizable theme color-code values in github.com/mattermost/mattermost-server

Mattermost Server is vulnerable to XSS through customizable theme color-code values in github.com/mattermost/mattermost-server...

PT-2025-44427

Name of the Vulnerable Software and Affected Versions Kanova versions 1.0.27 Description The Kanova Android App has issues with how access is controlled. An attacker could manipulate parameters in requests to the application's API and gain unauthorized access to user details and group information...

PT-2025-44430

Name of the Vulnerable Software and Affected Versions AG Life Logger versions prior to v1.0.2.72 Description The AG Life Logger Android App has issues with access control. Exposed credentials in network traffic could allow misuse of cloud resources. Predictable verification codes enable potential...

CVE-2025-61120

AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...

CVE-2025-61120

AG Life Logger Android App version v1.0.2.72 and before package name com.donki.healthy, developed by IO FIT, K.K., contains improper access control vulnerabilities. Exposed credentials in traffic may allow attackers to misuse cloud resources, and predictable verification codes make brute-force...

CVE-2025-61120

AG Life Logger Android App (v1.0.2.72 and earlier; package com.donki.healthy) by IO FIT, K.K. has an improper access control vulnerability. Traffic contains credentials exposed in transit, which may allow misuse of cloud resources. Additionally, a predictable verification code mechanism enables b...

CVE-2025-61119

CVE-2025-61119 affects Kanova Android App v1.0.27 (package com.karelane) by Karely L.L.C. The issue is improper access control that allows attackers to manipulate API request parameters to access user details and group information (including entry codes). Documented impact includes privacy breach...

PT-2025-44343

Name of the Vulnerable Software and Affected Versions Zitadel versions prior to 4.6.0 Zitadel versions 2.53.6 through 2.55.0 Zitadel versions prior to 3.4.3 Zitadel versions prior to 2.71.18 Description A flaw exists in Zitadel where multi-factor authentication MFA was not consistently enforced...

Apache Tomcat Console Manipulation Vulnerability (Oct 2025) - Linux

Apache Tomcat is prone to a console manipulation vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:apache:tomcat"; i...