CVE-2025-9521

CVE-2025-9521 concerns a Password Confirmation Bypass in Omada Controllers. The trusted-source documents indicate that an attacker with a valid session token can bypass secondary verification and change a user’s password without proper confirmation, weakening account security. Affected product is...

CVE-2025-9521 Password Confirmation Bypass in Omada Controller

Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...

CVE-2025-9521 Password Confirmation Bypass in Omada Controller

Password Confirmation Bypass vulnerability in Omada Controllers, allowing an attacker with a valid session token to bypass secondary verification, and change the user’s password without proper confirmation, leading to weakened account security...

CVE-2025-9520

Technical details (affected products, specific component, root cause, versions, or exploits) are not publicly provided in the connected documents. Monitor for updates from vendors and security advisories.

CVE-2025-9520 IDOR Leading to Owner Account Hijacking in Omada Controller

An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account...

CVE-2025-9520 IDOR Leading to Owner Account Hijacking in Omada Controller

An IDOR vulnerability exists in Omada Controllers that allows an attacker with Administrator permissions to manipulate requests and potentially hijack the Owner account...

SUSE CVE-2026-22998

In the Linux kernel, the following vulnerability has been resolved: nvme-tcp: fix NULL pointer dereferences in nvmettcpbuildpduiovec Commit efa56305908b "nvmet-tcp: Fix a kernel panic when host sends an invalid H2C PDU length" added ttag bounds checking and dataoffset validation in...

SUSE CVE-2026-23009

In the Linux kernel, the following vulnerability has been resolved: xhci: sideband: don't dereference freed ring when removing sideband endpoint xhcisidebandremoveendpoint incorrecly assumes that the endpoint is running and has a valid transfer ring. Lianqin reported a crash during suspend/wake-u...

Dormakaba Access Manager security vulnerabilities

The Dormakaba Access Manager is a smart hardware controller developed by the Dormakaba company in the United States. There is a security vulnerability in the Dormakaba Access Manager, which stems from the Web server binary running with root privileges, potentially leading to an increase in...

PT-2026-4831

Name of the Vulnerable Software and Affected Versions Skipper versions prior to 0.24.0 Description Skipper is an HTTP router and reverse proxy for service composition. When operating as an Ingress controller, users with the ability to create Ingress resources and Services of type ExternalName can...

PT-2026-4810

Name of the Vulnerable Software and Affected Versions Omada Controllers affected versions not specified Description A flaw exists in Omada Controllers related to the webhook functionality, allowing for Blind Server-Side Request Forgery SSRF. This issue enables crafted requests to be sent to...

CVE-2026-22998

CVE-2026-22998 affects the Linux kernel’s NVMe over Fabrics NVMe-TCP path. The issue is a NULL pointer dereference in nvmet_tcp_build_pdu_iovec triggered by H2C_DATA PDUs when command data structures are uninitialized or partially initialized. Specifically, nvmet_tcp_handle_h2c_data_pdu() could p...

Linux Distros Unpatched Vulnerability : CVE-2026-23009

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - xhci: sideband: don't dereference freed ring when removing sideband endpoint xhcisidebandremoveendpoint incorrecly assumes that the endpoint is running and has ...

RLSA-2026:0793 Important: kernel security update

The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: drm/xe: Make dma-fences compliant with the safe access rules CVE-2025-38703 kernel: smb: client: let recvdone verify dataoffset, datalength and remainingdatalength CVE-2025-39933 kernel:...

CVE-2026-24422

Summary: CVE-2026-24422 affects phpMyFAQ prior to 4.0.17, where public API endpoints improperly expose sensitive user information due to insufficient access controls. The OpenQuestionController::list() uses Question::getAll() with showAll=true by default, returning non-public records (isVisible=f...

CVE-2025-32056

The anti-theft protection mechanism can be bypassed by attackers due to weak response generation algorithms for the head unit. It is possible to reveal all 32 corresponding responses by sniffing CAN traffic or by pre-calculating the values, which allow to bypass the protection. First identified o...

CVE-2026-23959

CoreShop is a Pimcore enhanced eCommerce solution. An error-based SQL Injection vulnerability was identified in versions prior to 4.1.9 in the CustomerTransformerController within the CoreShop admin panel. The affected endpoint improperly interpolates user-supplied input into a SQL query, leading...

"iRMC S5/S6" implemented in PRIMERGY vulnerable to incorrect authorization

Overview Remote Management Controller "iRMC S5/S6" implemented in PRIMERGY provided by Fsas Technologies Inc. contains the following vulnerability. Incorrect authorization CWE-863 - CVE-2025-65002 Fsas Technologies Inc. reported this vulnerability to JPCERT/CC to notify users of its solution...

PT-2026-4357

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the Linux kernel related to a device reference imbalance within the ISP1301 USB PHY driver. A recent fix for a device reference leak in a UDC driver introduced a potenti...

CVE-2025-25051 AutomationDirect CLICK Programmable Logic Controller Plaintext Storage of a Password

An attacker could decrypt sensitive data, impersonate legitimate users or devices, and potentially gain access to network resources for lateral attacks...