PT-2025-48349

Cilium is a networking, observability, and security solution with an eBPF-based dataplane. Prior to versions 1.16.17, 1.17.10, and 1.18.4, CiliumNetworkPolicys which use egress.toGroups.aws.securityGroupsIds to reference AWS security group IDs that do not exist or are not attached to any network...

SUSE CVE-2025-64761

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...

CVE-2025-64761

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...

Incorrect Privilege Assignment

Overview Affected versions of this package are vulnerable to Incorrect Privilege Assignment via the identity/groups endpoints. An attacker can gain unauthorized root-level permissions by adding a root policy to a group, thereby escalating their own or another user's privileges. Note: This is only...

CVE-2025-64761 OpenBao Privileged Operator Identity Group Root Escalation

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...

CVE-2025-64761 OpenBao Privileged Operator Identity Group Root Escalation

OpenBao is an open source identity-based secrets management system. Prior to version 2.4.4, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when...

Linux Distros Unpatched Vulnerability : CVE-2025-62400

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or...

GHSA-7FF4-JW48-3436 OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation

Impact Similar to HCSEC-2025-13 / CVE-2025-5999, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when: 1. An operator in the root namespace has...

OpenBao is Vulnerable to Privileged Operator Identity Group Root Escalation

Impact Similar to HCSEC-2025-13 / CVE-2025-5999, a privileged operator could use the identity group subsystem to add a root policy to a group identity group, escalating their or another user's permissions in the system. Specifically this is an issue when: 1. An operator in the root namespace has...

From Extortion to E-commerce: How Ransomware Groups Turn Breaches into Bidding Wars

Ransomware has evolved from simple digital extortion into a structured, profit-driven criminal enterprise. Over time, it has led to the development of a complex ecosystem where stolen data is not only leveraged for ransom, but also sold to the highest bidder. This trend first gained traction in...

PT-2025-47976

Name of the Vulnerable Software and Affected Versions OpenBao versions prior to 2.4.4 Description OpenBao is an identity-based secrets management system. A privileged operator could leverage the identity group subsystem to add a root policy to a group identity group, potentially escalating their...

CVE-2025-65094

WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, bu...

CLSA-2025-1763647564 xorg-x11-server-Xwayland: Fix of 3 CVEs

CVE-2024-0409: fix incorrect cursor private key usage in Xwayland/Xephyr that caused XSELINUX devPrivates corruption - CVE-2025-26597: fix buffer overflow in XkbChangeTypesOfKey by properly resizing key syms and actions when nGroups is zero - CVE-2025-26594: fix root cursor lifetime handling to...

TencentOS Server 4: protobuf (TSSA-2024:0556)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2024:0556 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

CVE-2025-65094

WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, bu...

EUVD-2025-198230

WBCE CMS is a content management system. Prior to version 1.6.4, a low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups parameter in the /admin/users/save.php request. The UI restricts users to assigning only their existing group, bu...

WBCE CMS 授权问题漏洞

WBCE CMS is a PHP and MySQL based open source content management system CMS from WBCE CMS Open Source. An authorization issue vulnerability exists in WBCE CMS versions prior to 1.6.4, which stems from a low-privileged user can elevate privileges to the administrators group by manipulating the...

PT-2025-47517

Name of the Vulnerable Software and Affected Versions WBCE CMS versions prior to 1.6.4 Description A low-privileged user in WBCE CMS can escalate their privileges to the Administrators group by manipulating the groups parameter in the '/admin/users/save.php' request. The user interface restricts...

BIT-MOODLE-2025-62400 Moodle: hidden group names visible to event creators

Moodle exposed the names of hidden groups to users who had permission to create calendar events but not to view hidden groups. This could reveal private or restricted group information...

Ransomware's Fragmentation Reaches a Breaking Point While LockBit Returns

Key Takeaways: 85 active ransomware and extortion groups observed in Q3 2025, reflecting the most decentralized ransomware ecosystem to date. 1,590 victims disclosed across 85 leak sites, showing high, sustained activity despite law-enforcement pressure. 14 new ransomware brands launched this...