CVE-2025-49082 Permissions bypass vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56

CVE-2025-49082 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read other settings. The attack...

CVE-2025-54085 Elevation of privilege vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56

CVE-2025-54085 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access to the console and who have been assigned a certain set of permissions can bypass those permissions to improperly read or change other settings. The...

CVE-2025-49084 Elevation of privilege vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56

CVE-2025-49084 is a vulnerability in the management console of Absolute Secure Access prior to version 13.56. Attackers with administrative access can overwrite policy rules without the requisite permissions. The attack complexity is low, attack requirements are present, privileges required are...

CVE-2025-49083 Data deserialization vulnerability in the Secure Access administrative console of Absolute Secure Access prior to version 13.56

CVE-2025-49083 is a vulnerability in the management console of Absolute Secure Access after version 12.00 and prior to version 13.56. Attackers with administrative access to the console can cause unsafe content to be deserialized and executed in the security context of the console. The attack...

CVE-2025-8205

A vulnerability, which was classified as problematic, has been found in Comodo Dragon up to 134.0.6998.179. Affected by this issue is some unknown functionality of the component IP DNS Leakage Detector. The manipulation leads to cleartext transmission of sensitive information. The attack may be...

CVE-2025-8204

A vulnerability classified as problematic was found in Comodo Dragon up to 134.0.6998.179. Affected by this vulnerability is an unknown functionality of the component HSTS Handler. The manipulation leads to security check for standard. The attack can be launched remotely. The complexity of an...

CVE-2025-8182

A vulnerability has been found in Tenda AC18 15.03.05.19 and classified as problematic. This vulnerability affects unknown code of the file /etcro/smb.conf of the component Samba. The manipulation leads to weak password requirements. The attack can be initiated remotely. The complexity of an atta...

CVE-2025-8263

Rejected reason: REJECT DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: This candidate was withdrawn by its CNA. Further investigation showed that it was not a security issue. Notes: none...

CVE-2025-8263

...

CVE-2025-8262

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...

UBUNTU-CVE-2025-8262

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...

CVE-2025-8262 yarnpkg Yarn hosted-git-resolver.js explodeHostedGitFragment redos

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...

CVE-2025-8262

The IBM Watsonx BI bulletin confirms CVE-2025-8262 affects yarnpkg Yarn up to 1.22.22, specifically the function explodeHostedGitFragment in src/resolvers/exotics/hosted-git-resolver.js. The issue arises from inefficient regular expression complexity, enabling a remote attack. A patch exists (com...

CVE-2025-8262 yarnpkg Yarn hosted-git-resolver.js explodeHostedGitFragment redos

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...

CVE-2025-8262

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...

CVE-2025-8262

A vulnerability was found in yarnpkg Yarn up to 1.22.22. It has been classified as problematic. Affected is the function explodeHostedGitFragment of the file src/resolvers/exotics/hosted-git-resolver.js. The manipulation leads to inefficient regular expression complexity. It is possible to launch...

CVE-2025-8260

CVE-2025-8260 affects Vaelsys 4.1.0, specifically code in /grid/vgrid_server.php of the MD4 Hash Handler. Manipulating the argument xajaxargs leads to use of a weak hash. The vulnerability is exploitable remotely with network access; attack complexity is described as high, and exploitation is con...

CVE-2025-8260 Vaelsys VaelsysV4 Web interface vgrid_server.php weak hash

A security flaw has been discovered in Vaelsys VaelsysV4 up to 5.1.0/5.4.0. This affects an unknown part of the file /grid/vgridserver.php of the component Web interface. Performing a manipulation of the argument xajaxargs results in use of weak hash. The attack is possible to be carried out...

PT-2025-32445 · Vsftpd +1 · Vsftpd +1

Name of the Vulnerable Software and Affected Versions: TRENDnet TEW-822DRE version FW103B02 Description: A vulnerability exists in TRENDnet TEW-822DRE FW103B02, affecting an unknown part of the vsftpd component. The issue results in a least privilege violation. Local access is required for...

PT-2025-31054 · Prettier · Prettier

Name of the Vulnerable Software and Affected Versions: prettier versions up to 3.6.2 Description: A vulnerability exists in prettier due to inefficient regular expression complexity within the parseNestedCSS function of the src/language-css/parser-postcss.js file. The manipulation of the node...