Astra Linux - уязвимость в linux-5.15, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: ext4: Allow ext4getgroupinfo to fail Previously, ext4getgroupinfo would treat an invalid group number as a BUG, since this should never happen in theory. However, if a malicious attacker or fuzzer modifies the superblock via the...

EUVD-2025-37028

Kanova Android App version 1.0.27 package name com.karelane, developed by Karely L.L.C., contains improper access control vulnerabilities. Attackers may gain unauthorized access to user details and obtain group information, including entry codes, by manipulating API request parameters. Successful...

CVE-2025-61113

TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...

CVE-2025-61113

TalkTalk 3.3.6 Android App contains improper access control vulnerabilities in multiple API endpoints. By modifying request parameters, attackers may obtain sensitive user information such as device identifiers and birthdays and access private group information, including join credentials...

Kanova Android App 安全漏洞

Kanova Android App is a social group application by Kanova. A security vulnerability exists in Kanova Android App version 1.0.27, which stems from improper access control and could lead to unauthorized access to user details and obtain group information...

GHSA-422V-W6C5-VQ42 Moodle exposed the names of hidden groups to users

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

EUVD-2019-0752

Malware in sbrugna...

EUVD-2020-23828

Malware in sbrugna...

EUVD-2024-37304

Malicious code in bioql PyPI...

EUVD-2025-22482

Malicious code in bioql PyPI...

SUSE CVE-2023-53503

In the Linux kernel, the following vulnerability has been resolved: ext4: allow ext4getgroupinfo to fail Previously, ext4getgroupinfo would treat an invalid group number as BUG, since in theory it should never happen. However, if a malicious attaker or fuzzer modifies the superblock via the block...

CVE-2023-53503

In the Linux kernel, the vulnerability CVE-2023-53503 affects ext4: ext4_get_group_info() could underflow when computing a block group if s_first_data_block is set to an extremely large value due to a malicious attacker with write access to the block device while the filesystem is mounted. This c...

CVE-2025-34220 Vasion Print (formerly PrinterLogic) Unauthenticated API Leaks Group Information

Vasion Print formerly PrinterLogic Virtual Appliance Host prior to version 25.1.102 and Application prior to version 25.1.1413 VA/SaaS deployments contains a /api-gateway/identity/search-groups endpoint that does not require authentication. Requests to...

BIT-GITLAB-2025-7001 Insufficient Granularity of Access Control in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 15.0 before 18.0.5, 18.1 before 18.1.3, and 18.2 before 18.2.1 that could have allowed priviledged users to access certain resourcegroup information through the API which should have been unavailable...

SUSE: Security Advisory (SUSE-SU-2024:2083-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Sensitive Information Disclosure

Mattermost is vulnerable to Sensitive Information Disclosure. The vulnerability is due to improper authorization due to failing to properly verify a user's permissions when accessing group information via API requests...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to the improper verification of user permissions when accessing groups. An attacker can view unauthorized group information by crafting a malicious API request. Remediation Upgrade...

Mattermost Fails to Verify User's Permissions When Accessing Groups

Mattermost versions 10.5.x = 10.5.2, 9.11.x = 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request...

CVE-2025-2527 Improper access control to group information

Mattermost versions 10.5.x = 10.5.2, 9.11.x = 9.11.11 failed to properly verify a user's permissions when accessing groups, which allows an attacker to view group information via an API request...

CVE-2025-2527

CVE-2025-2527 affects Mattermost Server versions 10.5.x ≤ 10.5.2 and 9.11.x ≤ 9.11.11, where the server fails to properly verify a user’s permissions when accessing groups, enabling an attacker to view group information via an API request. The issue is documented across multiple feeds (GO-2025-36...