1890 matches found
GHSA-9M94-W2VQ-HCF9 KubeVirt VMI Denial-of-Service (DoS) Using Pod Impersonation
Summary Short summary of the problem. Make the impact and severity as clear as possible. A logic flaw in the virt-controller allows an attacker to disrupt the control over a running VMI by creating a pod with the same labels as the legitimate virt-launcher pod associated with the VMI. This can...
PT-2025-45513
Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.7.0-beta.0 Description KubeVirt, a virtual machine management add-on for Kubernetes, contains a flaw in the virt-controller. An attacker can disrupt control over a running Virtual Machine Instance VMI by creating a...
PT-2025-45439
Name of the Vulnerable Software and Affected Versions KubeVirt versions prior to 1.5.0 Description KubeVirt, a virtual machine management add-on for Kubernetes, has an issue where permissions granted to the virt-handler service account could be misused. Specifically, the ability to update VMIs an...
GO-2025-4000 Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function in github.com/canonical/lxd
Canonical LXD Path Traversal Vulnerability in Instance Log File Retrieval Function in github.com/canonical/lxd...
Unity Linux 20.1070a Security Update: kernel (UTSA-2025-988849)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-988849 advisory. In the Linux kernel, the following vulnerability has been resolved: net: hns3: fix use-after-free bug in hclgevfsendmbxmsg Currently, the hns3remove function firstly...
CVE-2025-62247
Missing Authorization in Collection Provider component in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19...
CVE-2025-62607
Nautobot Single Source of Truth SSoT is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the...
Insecure Direct Object Reference (IDOR)
com.liferay, com.liferay.object.service is vulnerable to Insecure Direct Object Reference IDOR. The vulnerability is due to insufficient access control between virtual instances, which allows an attacker to access, create, edit, or relate data and object entries/definitions across different virtu...
Liferay Portal and DXP are Missing Authorization in Collection Provider
Missing Authorization in Collection Provider component in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19...
CVE-2025-62247
Missing Authorization in Collection Provider component in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19...
CVE-2025-62247
Missing Authorization in Collection Provider component in the Liferay Portal 7.4.0 through 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.9, 2025.Q1.0 through 2025.Q1.16, 2024.Q4.0 through 2024.Q4.7, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.19...
thunderbird: firefox: Use-after-free in MediaTrackGraphImpl::GetInstance()
A flaw was found in Thunderbird and Firefox. The Mozilla Foundation's Security Advisory describes the following issue: Use-after-free in MediaTrackGraphImpl::GetInstance...
CVE-2025-62247
CVE-2025-62247 affects Liferay Portal 7.4.0–7.4.3.132 and Liferay DXP 2025.Q2.0–Q2.9, 2025.Q1.0–Q1.16, 2024.Q4.0–Q4.7, 2024.Q3.1–Q3.13, 2024.Q2.0–Q2.13, 2024.Q1.1–Q1.19. The root cause is Missing Authorization in the Collection Provider component, allowing instance users to read and select unauth...
CVE-2025-62607
Nautobot Single Source of Truth SSoT is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the...
CVE-2025-62607 Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
Nautobot Single Source of Truth SSoT is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the...
EUVD-2025-35304
Nautobot Single Source of Truth SSoT is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the...
CVE-2025-62607
Nautobot Single Source of Truth (SSoT) before version 3.10.0 exposed an unauthenticated configuration page that lets an attacker view the ServiceNow public instance name (e.g., companyname.service-now.com). The issue is information disclosure of low-value data; no secrets or credentials are expos...
CVE-2025-62607 Nautobot Single Source of Truth (SSoT) has an unauthenticated ServiceNow configuration URL
Nautobot Single Source of Truth SSoT is an app for Nautobot. Prior to version 3.10.0, an unauthenticated attacker could access this page to view the Service Now public instance name e.g. companyname.service-now.com. This is considered low-value information. This does not expose the Secret, the...
PT-2025-43403
Name of the Vulnerable Software and Affected Versions Liferay Portal versions 7.4.0 through 7.4.3.132 Liferay DXP versions 2025.Q2.0 through 2025.Q2.9 Liferay DXP versions 2025.Q1.0 through 2025.Q1.16 Liferay DXP versions 2024.Q4.0 through 2024.Q4.7 Liferay DXP versions 2024.Q3.1 through 2024.Q3....
EUVD-2023-59995
Hikvision CSMP Comprehensive Security Management Platform iSecure Center through 2023-06-25 allows file upload via /center/api/files directory traversal, as exploited in the wild in 2024 and 2025...