CVE-2025-10014

CVE-2025-10014 affects elunez eladmin up to 2.7, specifically the updateUserEmail function in the Email Address Handler at /api/users/updateEmail/. Manipulating the id/email argument can cause improper authorization, potentially allowing a remote attacker to access or modify user data. Exploitati...

CVE-2025-10014 elunez eladmin Email Address updateEmail updateUserEmail improper authorization

A flaw has been found in elunez eladmin up to 2.7. This impacts the function updateUserEmail of the file /api/users/updateEmail/ of the component Email Address Handler. Executing manipulation of the argument id/email can lead to improper authorization. The attack may be performed from remote...

CVE-2024-21977

Incomplete cleanup after loading a CPU microcode patch may allow a privileged attacker to degrade the entropy of the RDRAND instruction, potentially resulting in loss of integrity for SEV-SNP guests...

CVE-2024-21977

CVE-2024-21977 describes an AMD SEV-SNP-related issue where incomplete cleanup after loading a CPU microcode patch may degrade RDRAND entropy, potentially impacting integrity for SEV-SNP guests. Connected sources confirm this affects AMD EPYC/SEV-SNP platform components (IOMMU, SEV-SNP) and note ...

OESA-2025-2096 firefox security update

Mozilla Firefox is an open-source web browser, designed for standards compliance, performance and portability. %if 0 %global mozdebugprefix /lib/debug %global mozdebugdir /lib/debug/ %global unamem %uname -m %global symbolsfilename -.en-US.-%uname.crashreporter-symbols.zip %global symbolsfilepath...

PT-2025-36258

Name of the Vulnerable Software and Affected Versions: elunez eladmin versions up to 2.7 Description: A flaw exists in elunez eladmin that impacts the updateUserEmail function within the Email Address Handler component. Manipulation of the id/email argument in the /api/users/updateEmail/ API...

VIPER_2025

VIPER 2025 VIPER 2025 is an advanced, modular penetration...

SREC: Encrypted Semantic Super-Resolution Enhanced Communication

Semantic communication SemCom, as a typical paradigm of deep integration between artificial intelligence AI and communication technology, significantly improves communication efficiency and resource utilization efficiency. However, the security issues of SemCom are becoming increasingly prominent...

CVE-2025-58163 FreeScout's deserialization of untrusted data can lead to Remote Code Execution

FreeScout is a free help desk and shared inbox built with PHP's Laravel framework. Versions 1.8.185 and earlier contain a deserialization of untrusted data vulnerability that allows authenticated attackers with knowledge of the application's APPKEY to achieve remote code execution. The...

Linux Distros Unpatched Vulnerability : CVE-2019-10734

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In KDE Trojita 0.7, an attacker in possession of S/MIME or PGP encrypted emails can wrap them as sub-parts within a crafted multipart email. The encrypted parts...

Linux Distros Unpatched Vulnerability : CVE-2016-8318

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server component of Oracle MySQL subcomponent: Server: Security: Encryption. Supported versions that are affected are 5.6.34 and...

USN-7730-1 kf5-messagelib vulnerabilities

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that PIM Messagelib could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Under certain...

USN-7730-1: PIM Messagelib vulnerabilities

Damian Poddebniak, Christian Dresen, Jens Müller, Fabian Ising, Sebastian Schinzel, Simon Friedberger, Juraj Somorovsky, and Jörg Schwenk discovered that PIM Messagelib could be made to leak the plaintext of S/MIME encrypted emails when retrieving external content in emails. Under certain...

Linux Distros Unpatched Vulnerability : CVE-2025-38508

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: x86/sev: Use TSCFACTOR for Secure TSC frequency calculation When using Secure TSC, the...

Linux Distros Unpatched Vulnerability : CVE-2025-9179

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An attacker was able to perform memory corruption in the GMP process which processes encrypted media. This process is also heavily sandboxed, but represents...

CVE-2025-31977

CVE-2025-31977 concerns HCL BigFix SM and describes a cryptographic weakness due to weak or outdated encryption algorithms. The documents state that an attacker with network access could decrypt or manipulate encrypted communications under certain conditions. The NVD entry and Red Hat advisory co...

thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker is able to perform memory corruption in the GMP process which process encrypted media. This process is also heavily sandboxed, but represents slightly different...

PT-2025-35107

Name of the Vulnerable Software and Affected Versions: HCL BigFix SM affected versions not specified Description: HCL BigFix SM is affected by a sensitive information exposure issue. Internal connections do not use TLS encryption, potentially allowing an attacker unauthorized access to sensitive...

thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker is able to perform memory corruption in the GMP process which process encrypted media. This process is also heavily sandboxed, but represents slightly different...

thunderbird: firefox: Sandbox escape due to invalid pointer in the Audio/Video: GMP component

A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: An attacker is able to perform memory corruption in the GMP process which process encrypted media. This process is also heavily sandboxed, but represents slightly different...