PT-2025-49832

Name of the Vulnerable Software and Affected Versions COMOS versions prior to V10.6 NX versions prior to V2412.8700 NX versions prior to V2506.6000 Simcenter 3D versions prior to V2506.6000 Simcenter Femap versions prior to V2506.0002 Solid Edge SE2025 versions prior to V225.0 Update 10 Solid Edg...

PT-2025-49669

In the Linux kernel, the following vulnerability has been resolved: l2tp: Avoid possible recursive deadlock in l2tp tunnel register When a file descriptor of pppol2tp socket is passed as file descriptor of UDP socket, a recursive deadlock occurs in l2tp tunnel register. This situation is reproduc...

PT-2025-49670

In the Linux kernel, the following vulnerability has been resolved: blk-mq: release crypto keyslot before reporting I/O complete Once all I/O using a blk crypto key has completed, filesystems can call blk crypto evict key. However, the block layer currently doesn't call blk crypto put keyslot unt...

PCI-SIG PCI Express Integrity and Data Encryption 安全漏洞

PCI-SIG PCI Express Integrity and Data Encryption is a data encryption software from PCI-SIG, USA. A security vulnerability exists in PCI-SIG PCI Express Integrity and Data Encryption that stems from insufficient guidance on packet ordering and label uniqueness at the transaction layer, which cou...

PT-2025-49685

Name of the Vulnerable Software and Affected Versions Traefik versions 3.5.0 through 3.6.2 Description Traefik is an HTTP reverse proxy and load balancer. A flaw exists in the TLS verification logic within the nginx.ingress.kubernetes.io/proxy-ssl-verify annotation. When this annotation is set to...

Traefik 安全漏洞

Traefik is an open source reverse proxy and load balancing tool from Traefik Open Source. A security vulnerability exists in Traefik versions 3.5.0 through 3.6.2, which stems from a reversal of TLS authentication logic and could lead to a man-in-the-middle attack...

wasmi_c_api_impl (=0.50.0), wasmi_runtime_layer (=0.50.0) potentially affected by CVE-2025-66627 via wasmi (=0.50.0)

wasmi CARGO version =0.50.0 is affected by a known vulnerability. The following packages have a transitive dependency on wasmi and may be impacted: - wasmicapiimpl =0.50.0 - wasmiruntimelayer =0.50.0 Source cves: CVE-2025-66627 Source advisory: OSV:GHSA-G4V2-CJQP-RFMQ...

DEBIAN-CVE-2022-50583

In the Linux kernel, the following vulnerability has been resolved: md/raid0, raid10: Don't set discard sectors for request queue It should use diskstacklimits to get a proper maxdiscardsectors rather than setting a value by stack drivers. And there is a bug. If all member disks are rotational...

UBUNTU-CVE-2022-50583

In the Linux kernel, the following vulnerability has been resolved: md/raid0, raid10: Don't set discard sectors for request queue It should use diskstacklimits to get a proper maxdiscardsectors rather than setting a value by stack drivers. And there is a bug. If all member disks are rotational...

Post-quantum X509 Signature Algorithms

This plugin detects which post-quantum TLS signature algorithms are supported by the remote service. TRUSTED...

TLS Supported Groups

This plugin detects which TLS supported groups entries are supported by the remote service. TRUSTED...

EUVD-2025-201579

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Flush shmem writes before mapping buffers CPU-uncached The shmem layer zeroes out the new pages using cached mappings, and if we don't CPU-flush we might leave dirty cachelines behind, leading to potential data leaks...

Managed TLS under Migration: Authentication Authority across CDN and Hosting Transitions

Managed TLS has become a common approach for deploying HTTPS, with platforms generating and storing private keys and automating certificate issuance on behalf of domain operators. This model simplifies operational management but shifts control of authentication material from the domain owner to t...

CVE-2025-40276

In the Linux kernel, the following vulnerability has been resolved: drm/panthor: Flush shmem writes before mapping buffers CPU-uncached The shmem layer zeroes out the new pages using cached mappings, and if we don't CPU-flush we might leave dirty cachelines behind, leading to potential data leaks...

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization in the process that creates Kubernetes Role bindings. An attacker can access sensitive information by executing GET requests in affected Pods using their Service Account to retrieve any Secret from the same...

GHSA-XRHH-HX36-485Q Strimzi allows unrestricted access to all Secrets in the same Kubernetes namespace from Kafka Connect and MirrorMaker 2 operands

Impact In some situations, Strimzi creates an incorrect Kubernetes Role which grants the Apache Kafka Connect and Apache Kafka MirrorMaker 2 operands the GET access to all Kubernetes Secrets that exist in the given Kubernetes namespace. The exact scenario when this happens is when: Apache Kafka...

USN-7910-2: Linux kernel (Azure) vulnerabilities

Jean-Claude Graf, Sandro Rüegge, Ali Hajiabadi, and Kaveh Razavi discovered that the Linux kernel contained insufficient branch predictor isolation between a guest and a userspace hypervisor for certain processors. This flaw is known as VMSCAPE. An attacker in a guest VM could possibly use this t...

USN-7909-4: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S39...

USN-7909-4 linux-gcp, linux-gke, linux-gkeop vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM32 architecture; - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S39...

EUVD-2025-201294

The WatchGuard Mobile VPN with SSL Client on Windows allows a locally authenticated non-administrative Windows user to escalate their privileges to NT AUTHORITY/SYSTEM on the Windows machine where the VPN Client is installed.This issue affects the Mobile VPN with SSL Client 12.0 up to and includi...