U.S. Dept Of Defense: Error-based blind SQL injection

An error-based blind SQL injection vulnerability was discovered at a certain location. The vulnerability was present in the sites, rods, and ous parameters. By exploiting these parameters, sensitive information could have been extracted by triggering errors returned by the database. Certain...

CVE-2025-0726

The CVE-2025-0726 family affects Eclipse ThreadX NetX Duo’s NetX HTTP server. A vulnerability in the HTTP server functionality (NetX) — prior to 6.4.2 for CVE-2025-0726 and prior to 6.4.3 for CVE-2025-2260 — arises from a missing closure of a file when an error occurs, causing a denial of service...

Low: docker

Issue Overview: golang-jwt is a Go implementation of JSON Web Tokens. Unclear documentation of the error behavior in ParseWithClaims can lead to situation where users are potentially not checking errors in the way they should be. Especially, if a token is both expired and invalid, the errors...

CVE-2024-6697

The product does not handle or incorrectly handles when it has insufficient privileges to access resources or functionality as specified by their permissions. This may cause it to follow unexpected code paths that may leave the product in an invalid state. CWE-280 Hitachi Vantara Pentaho Business...

The vulnerability of microprogramming software on Intel Server Boards, related to access control errors, allows attackers to escalate their privileges.

The vulnerability of microprogrammed software on Intel Server Board motherboards is related to access control errors. Exploiting this vulnerability can allow attackers to enhance their privileges...

Microsoft Edge browser’s vulnerability, related to errors in data type mixing, allows attackers to execute arbitrary code.

The vulnerability of Microsoft Edge relates to type confusion errors in data types. Exploiting this vulnerability allows a remote attacker to execute arbitrary code...

The vulnerability of Microsoft Edge browser, related to information representation errors in the user interface, allows attackers to perform spear-phishing attacks.

The vulnerability of Microsoft Edge is related to information representation errors in the user interface. Exploiting this vulnerability can allow a remote attacker to perform spear-phishing attacks...

The vulnerability of the kernel component of the Linux operating system, which allows a hacker to cause a service failure

The vulnerability of the kernel component of the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the Git-based software platform for collaborative code development on GitLab, related to access control errors, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the Git-based software platform for collaborative code development on GitLab is related to access control errors. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2024-13535

The Actionwear products sync plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.3.0. This is due the composer-setup.php file being publicly accessible with 'displayerrors' set to true. This makes it possible for unauthenticated attackers to retrieve...

Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS : Symfony vulnerabilities (USN-7272-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS / 24.04 LTS host has packages installed that are affected by multiple vulnerabilities as referenced in the USN-7272-1 advisory. Soner Sayakci discovered that Symfony incorrectly handled cookie storage in the web cache. An attacker could possibly use this...

The vulnerability of the HID component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the HID component in Linux operating systems is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the kernel component of the Linux operating system, which allows a hacker to cause a service failure

The vulnerability of the kernel component of the Linux operating system is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the nilfs2 component in the Linux operating system’s kernel, which allows a hacker to cause a service failure

The vulnerability of the nilfs2 component in the Linux operating system’s kernel is related to errors that occur after deallocation. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the mac802154 component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the mac802154 component in the Linux operating system’s kernel is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the soc component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the soc component in the Linux operating system’s kernel is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the OAuth2 Token Handler component of the Red Hat Ansible Automation Platform allows a perpetrator to escalate their privileges.

The vulnerability of the OAuth2 Token Handler component of the Red Hat Ansible Automation Platform is related to access control errors. Exploiting this vulnerability could allow a malicious actor to increase their privileges remotely...

The vulnerability of the rtc component in the Linux operating system’s kernel allows a hacker to trigger a service failure.

The vulnerability of the rtc component in the Linux operating system’s kernel is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause a service failure...

The vulnerability of the af_unix component in the Linux operating system kernel allows a hacker to trigger a service failure.

The vulnerability of the afunix component in the Linux operating system kernel is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...

The vulnerability of the Linux operating system’s kernel PCI component, which allows a hacker to trigger a service failure

The vulnerability of the Linux operating system’s kernel-level PCI component is related to resource management errors. Exploiting this vulnerability can allow an attacker to cause service failures...