SUSE CVE-2026-29194

Netmaker makes networks with WireGuard. Prior to version 1.5.0, the Authorize middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorization checks without verifying that the host is...

CVE-2025-14183

A vulnerability was found in SGAI Space1 NAS N1211DS up to 1.0.915. This issue affects the function GETFACTORYINFO/GETUSERINFO of the file /cgi-bin/JSONAPI of the component gsaiagent. The manipulation results in unprotected storage of credentials. The attack can be launched remotely. The exploit...

CVE-2019-11607

doorGets 7.0 has a sensitive information disclosure vulnerability in /fileman/php/copydir.php. A remote unauthenticated attacker can exploit this vulnerability to obtain server-sensitive information...

CVE-2019-10528

Use after free issue in kernel while accessing freed mdlog session info and its attributes after closing the session in Snapdragon Auto, Snapdragon Connectivity, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables in MDM9206,...

CVE-2025-2089

A vulnerability has been found in StarSea99 starsea-mall 1.0/2.X and classified as critical. Affected by this vulnerability is the function updateUserInfo of the file /personal/updateInfo of the component com.siro.mall.controller.mall.UserController. The manipulation of the argument userId leads ...

UBUNTU-CVE-2024-43098

In the Linux kernel, the following vulnerability has been resolved: i3c: Use i3cdev-desc-info instead of calling i3cdevicegetinfo to avoid deadlock A deadlock may happen since the i3cmasterregister acquires &i3cbus-lock twice. See the log below. Use i3cdev-desc-info instead of calling i3cdevicein...

PT-2024-10332 · Linux +2 · Linux Kernel +2

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a use-after-free vulnerability in the i40e client subtask function. This vulnerability occurs because the object pf-cinst is freed by the call to i40e client de...

About the security content of iOS 16.4 and iPadOS 16.4

About the security content of iOS 16.4 and iPadOS 16.4 This document describes the security content of iOS 16.4 and iPadOS 16.4. About Apple security updates For our customers' protection, Apple doesn't disclose, discuss, or confirm security issues until an investigation has occurred and patches ...

iPhones Vulnerable to Attack Even When Turned Off

Attackers can target iPhones even when they are turned off due to how Apple implements standalone wireless features Bluetooth, Near Field Communication NFC and Ultra-wideband UWB technologies in the device, researchers have found. These features—which have access to the iPhone’s Secure Element SE...

Cisco Webex Teams Web Interface Cross-Site Scripting Vulnerability

A vulnerability in the web-based interface of Cisco Webex Teams could allow an authenticated, remote attacker to conduct cross-site scripting attacks. The vulnerability is due to improper validation of usernames. An attacker could exploit this vulnerability by creating an account that contains...

CVE-2018-0803

CVE-2018-0803 affects Microsoft Edge in Windows 10 (Gold and various builds) and Windows Server 2016, stemming from how Edge enforces cross-domain policies. The vulnerability allows an attacker to access information from one domain and inject it into another domain due to cross-domain policy hand...

GLSA-201611-09 : Xen: Multiple vulnerabilities (Bunker Buster)

The remote host is affected by the vulnerability described in GLSA-201611-09 Xen: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Xen. Please review the CVE identifiers referenced below for details. Impact : A malicious guest administrator could escalate their privileges...

CVE-2015-3983

The pcs daemon pcsd in PCS 0.9.137 and earlier does not include the HTTPOnly flag in a Set-Cookie header, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie. NOTE: this issue was SPLIT from CVE-2015-1848 per ADT2 due to differen...

YourMembers Plugin - Blind SQL Injection

YourMembers Plugin - Blind SQL Injection Vulnerability title: Blind SQL Injection Vulnerability in YourMembers plugin CVE: N/A Vendor: YourMembers plugin Product: https://github.com/YourMembers/yourmembers/tree/master/ymtrunk Affected version: Version 3, 29 June 2007...

Design/Logic Flaw

Mozilla Firefox 2.0 before 2.0.0.8 allows remote attackers to obtain sensitive system information by using the addMicrosummaryGenerator sidebar method to access file: URIs...

[SECURITY] [DSA 1374-1] New jffnms packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA 1374-1 [email protected] http://www.debian.org/security/ Steve Kemp September 11, 2007 http://www.debian.org/security/faq -...

CVE-2005-3147

StoreBackup before 1.19 creates the backup root with world-readable permissions, which allows local users to obtain sensitive information...

CVE-2000-0361

The CVE-2000-0361 issue affects wvdial 1.4 and earlier, where the PPP wvdial.lxdialog script creates a .config file with world-readable permissions. This allows a local attacker who is in the dialout group to access login credentials stored in that file. The available connected sources confirm th...