CVE-2025-40034 PCI/AER: Avoid NULL pointer dereference in aer_ratelimit()

In the Linux kernel, the following vulnerability has been resolved: PCI/AER: Avoid NULL pointer dereference in aerratelimit When platform firmware supplies error information to the OS, e.g., via the ACPI APEI GHES mechanism, it may identify an error source device that doesn't advertise an AER...

ROS-20251028-11

A vulnerability in the NVIDIA Container Toolkit container creation and launch software and the NVIDIA GPU Operator resource management software is associated with synchronization errors. NVIDIA GPU Operator resource management software is associated with synchronization errors when using a shared...

EUVD-2025-36331

Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Input Validation (CVE-2024-38619)

usb-storage: alauda: Check whether the media is initialized. The member uzonesize of struct alaudainfo will remain 0 if alaudainitmedia fails, potentially causing divide errors in alaudareaddata and alaudawritelba. This plugin only works with Tenable.ot. Please visit...

CVE-2025-34155

Tibbo AggreGate Network Manager 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account identifiers. This can...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from the improper use of boolean values in the afalgctx structure, which could lead to data conversion errors...

EUVD-2025-35703

Tibbo AggreGate Network Manager 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account identifiers. This can...

CVE-2025-34155 Tibbo AggreGate Network Manager < 6.40.05 Login Functionality User Enumeration

Tibbo AggreGate Network Manager 6.40.05 contains an observable response discrepancy in its login functionality. Authentication failure messages differ based on whether a supplied username exists or not, allowing an unauthenticated remote attacker to infer valid account identifiers. This can...

CVE-2025-34155

CVE-2025-34155 affects Tibbo AggreGate Network Manager versions prior to 6.40.05. The issue is an observable discrepancy in login failure messages that reveals whether a provided username exists, enabling unauthenticated remote user enumeration and potentially aiding targeted brute-force/credenti...

EUVD-2022-54620

In the Linux kernel, the following vulnerability has been resolved: power: supply: core: Fix boundary conditions in interpolation The functions powersupplytemp2resistsimple and powersupplyocv2capsimple handle boundary conditions incorrectly. The change was introduced in...

ROS-20251023-01

A vulnerability in the cifscomposemountoptions function of the fs/smb/client/cifsproto.h module of the SMB client support kernel of the Linux operating system is related to synchronization errors when using a shared resource. Exploitation of the vulnerability could allow an attacker to cause a...

EUVD-2023-60011

In the Linux kernel, the following vulnerability has been resolved: wifi: ath9k: Fix potential stack-out-of-bounds write in ath9kwmirspcallback Fix a stack-out-of-bounds write that occurs in a WMI response callback function that is called after a timeout occurs in ath9kwmicmd. The callback writes...

CVE-2025-11750

In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-existent username or email, the system...

CVE-2025-11750

In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-existent username or email, the system...

CVE-2022-50577

In the Linux kernel, the following vulnerability has been resolved: ima: Fix memory leak in imainodehash Commit f3cc6b25dcc5 "ima: always measure and audit files in policy" lets measurement or audit happen even if the file digest cannot be calculated. As a result, iint-imahash could have been...

CVE-2022-50565

In the Linux kernel, the following vulnerability has been resolved: wifi: plfxlc: fix potential memory leak in lfxusbenablerx urbs does not be freed in exception paths in lfxusbenablerx. That will trigger memory leak. To fix it, add kfree for urbs within "error" label. Compile tested only...

CVE-2025-11750

CVE-2025-11750 affects langgenius/dify-web version 1.6.0. Multiple connected sources confirm an authentication flaw where login/registration error messages distinguish between non-existent vs. existing usernames or emails (e.g., “account not found”), enabling user enumeration. This can facilitate...

CVE-2025-11750 User Enumeration via Distinct Error Messages in langgenius/dify-web

In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-existent username or email, the system...

dify 安全漏洞

dify is an open source LLM application development platform from LangGenius Open Source. A security vulnerability exists in version 1.6.0 of dify, which stems from the authentication mechanism returning different error messages for non-existing and existing accounts, potentially leading to an...

CVE-2025-61301

Denial-of-analysis in reporting/mongodb.py and reporting/jsondump.py in CAPEv2 commit 52e4b43, on 2025-05-17 allows attackers who can submit samples to cause incomplete or missing behavioral analysis reports by generating deeply nested or oversized behavior data that trigger MongoDB BSON limits o...