EUVD-2025-201916

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to access sensitive data,...

PT-2025-49845

A vulnerability has been identified in SIMATIC CN 4100 All versions V4.0.1. The affected application exhibits inconsistent SNMP behavior, such as unexpected service availability and unreliable configuration handling across protocol versions. This could allow an attacker to access sensitive data,...

Siemens SIMATIC CN 4100 信息泄露漏洞

The Siemens SIMATIC CN 4100 is a communication node from Siemens Germany. An information disclosure vulnerability exists in Siemens SIMATIC CN 4100 versions prior to V4.0.1, which stems from inconsistent SNMP behavior and could lead to the disclosure of sensitive data...

An In-Depth Systematic Analysis of the Security, Usability, and Automation Capabilities of Password Update Processes on Top-Ranked Websites

Password updates are a critical account security measure and an essential part of the password lifecycle. Service providers and common security recommendations advise users to update their passwords in response to incidents or as a critical cyber hygiene measure. However, password update processe...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from a contention condition in f2fs when migrating empty segments, which could lead to inconsistent segment types...

dotnet: .NET Security Feature Bypass Vulnerability

A flaw was found in ASP.NET Core’s HTTP request handling that leads to inconsistent interpretation of specially crafted HTTP requests. This mismatch can be abused by an authorized network attacker to smuggle or manipulate request boundaries, allowing bypass of security controls or unintended...

database/sql: Postgres Scan Race Condition

A flaw was found in database/sql. Concurrent queries can produce unexpected results when a query is cancelled during a Scan method call on returned Rows, creating a race condition. This vulnerability allows an attacker who can initiate and cancel queries to trigger this condition, possibly leadin...

CVE-2025-64490

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the Resource Calendar and project screens, even...

EUVD-2025-38348

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the Resource Calendar and project screens, even...

CVE-2025-64490 SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the Resource Calendar and project screens, even...

CVE-2025-64490

SuiteCRM (versions 7.14.7 and earlier; 8.0.0-beta.1 through 8.9.0) has an access-control flaw where a low-privileged user with a restrictive role can view and create work items via Resource Calendar and project screens even when related modules (Projects, Project Tasks, Tasks, Leads, Accounts, Me...

CVE-2025-64490 SuiteCRM's Inconsistent RBAC Enforcement Enables Access Control Bypass

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. Versions 7.14.7 and prior, 8.0.0-beta.1 through 8.9.0 allow a low-privileged user with a restrictive role to view and create work items through the Resource Calendar and project screens, even...

CVE-2025-43503

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, iOS 26.1 and iPadOS 26.1, macOS Tahoe 26.1, visionOS 26.1, watchOS 26.1. Visiting a malicious website may lead to user interface spoofing...

CVE-2025-43503

An inconsistent user interface issue was addressed with improved state management. This issue is fixed in watchOS 26.1, macOS Tahoe 26.1, iOS 26.1 and iPadOS 26.1, Safari 26.1, iOS 18.7.2 and iPadOS 18.7.2, visionOS 26.1. Visiting a malicious website may lead to user interface spoofing...

Astra Linux - уязвимость в linux-6.12

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to bail out in getnewsegment ------------ cut here ------------ WARNING: CPU: 3 PID: 579 at fs/f2fs/segment.c:2832 newcurseg+0x5e8/0x6dc pc : newcurseg+0x5e8/0x6dc Call trace: newcurseg+0x5e8/0x6dc...

UBUNTU-CVE-2025-62397

The router’s inconsistent response to invalid course IDs allowed attackers to infer which course IDs exist, potentially aiding reconnaissance...

CVE-2025-55315

A flaw was found in ASP.NET Core’s HTTP request handling that leads to inconsistent interpretation of specially crafted HTTP requests. This mismatch can be abused by an authorized network attacker to smuggle or manipulate request boundaries, allowing bypass of security controls or unintended...

ASP.NET Security Feature Bypass Vulnerability

Inconsistent interpretation of http requests 'http request/response smuggling' in ASP.NET Core allows an authorized attacker to bypass a security feature over a network...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from afalgsendmsg allowing concurrent writes, which could result in inconsistent internal socket state...

CVE-2025-8291

The 'zipfile' module would not check the validity of the ZIP64 End of Central Directory EOCD Locator record offset value would not be used to locate the ZIP64 EOCD record, instead the ZIP64 EOCD record would be assumed to be the previous record in the ZIP archive. This could be abused to create Z...