CVE-2025-59888

Improper quotation in search paths in the Eaton UPS Companion software installer could lead to arbitrary code execution of an attacker with the access to the file system. This security issue has been fixed in the latest version of EUC which is available on the Eaton download center...

CVE-2024-56464

IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update...

CVE-2024-56464

CVE-2024-56464 affects IBM QRadar SIEM versions 7.5 through 7.5.0 UP14 IF01, with an information-disclosure vulnerability exposing directory information (CWE-548). Underlying issue is directory listing exposure; CVSS v3.1 base score 2.7 (LOW), vector: AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:N/A:N. IBM Secu...

CVE-2024-56464 IBM QRadar SIEM is affected by an information disclosure vulnerability

IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulnerability in the latest update...

PT-2025-49848

CVE-2024-56464 IBM QRadar SIEM 7.5 - 7.5.0 UP14 IF01 is affected by an information disclosure vulnerability involving exposure of directory information. IBM has addressed this vulne… https://t.co/A3Hmcaxcos...

CVE-2023-53694

In the Linux kernel, the following vulnerability has been resolved: riscv: ftrace: Fixup panic by disabling preemption In RISCV, we must use an AUIPC + JALR pair to encode an immediate, forming a jump that jumps to an address over 4K. This may cause errors if we want to enable kernel preemption a...

CVE-2025-39953

In the Linux kernel, the following vulnerability has been resolved: cgroup: split cgroupdestroywq into 3 workqueues A hung task can occur during 1 LTP cgroup testing when repeatedly mounting/unmounting perfevent and netprio controllers with systemd.unifiedcgrouphierarchy=1. The hang manifests in...

CVE-2025-43485

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could potentially allow a privileged user to retrieve credentials from the log files. HP has addressed the issue in the latest software update...

CVE-2025-43483

A potential security vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.1. The vulnerability could allow the retrieval of hardcoded cryptographic keys. HP has addressed the issue in the latest software update...

CVE-2025-43020

A potential command injection vulnerability has been identified in the Poly Clariti Manager for versions prior to 10.12.2. The vulnerability could allow a privileged user to submit arbitrary input. HP has addressed the issue in the latest software update...

CVE-2025-37850

In the Linux kernel, the following vulnerability has been resolved: pwm: mediatek: Prevent divide-by-zero in pwmmediatekconfig With CONFIGCOMPILETEST && !CONFIGHAVECLK, pwmmediatekconfig has a divide-by-zero in the following line: dodivresolution, clkgetratepc-clkpwmspwm-hwpwm; due to the fact th...

make-latest bug fix and enhancement update

An update is available for make-latest. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Linux...

GHSA-H7H7-6MX3-R89V Fyrox has unsound usages of `Vec::from_raw_parts`

The library provides a public safe API transmutevecasbytes, which incorrectly assumes that any generic type T could have stable layout, causing to uninitialized memory exposure if the users pass any types with padding bytes as T and cast it to u8 pointer. In the issue, we develop a PoC to show...

CVE-2024-57965

In axios before 1.7.8, lib/helpers/isURLSameOrigin.js does not use a URL object when determining an origin, and has a potentially unwanted setAttribute'href',href call. NOTE: some parties feel that the code change only addresses a warning message from a SAST tool and does not fix a vulnerability...

PT-2024-34799 · Unknown · Microkid Custom Author Url

Name of the Vulnerable Software and Affected Versions: Microkid Custom Author URL versions n/a through 2.0.1 Description: A Cross-Site Request Forgery CSRF vulnerability allows Stored XSS. This issue can be exploited to perform malicious actions. Users are advised to update to the latest version ...

openSUSE Security Advisory (SUSE-SU-2024:3964-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2024 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

MAL-2024-9163 Malicious code in latest-update-rules-of-survival-h-a-c-k-esp-antenna-wallh-a-c-k-undetected-4c599m (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 11727aa1616fcf53ab1ecef882d7fc419215c707bf782df0bfb2999c05307325 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

Malicious code in latest-update-my-restaurant-script-h-a-c-k-jd9nxv (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware afa259ca096e2da8913d7e73ec78a1a5d917a209e45c05883679b1b5ea2a1030 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...

CVE-2023-42807 Frappe LMS SQL Injection Issue on People Page

Frappe LMS is an open source learning management system. In versions 1.0.0 and prior, on the People Page of LMS, there was an SQL Injection vulnerability. The issue has been fixed in the main branch. Users won't face this issue if they are using the latest main branch of the app...

Privilege escalation

A potential security vulnerability has been identified in HPE Superdome Flex and Superdome Flex 280 Servers. The vulnerability could be locally exploited to allow an user with Administrator access to escalate their privilege. The vulnerability is resolved in the latest firmware update. HPE...