CVE-2025-9312 Improper Certificate-Based Authentication Enforcement in Multiple WSO2 Products

A missing authentication enforcement vulnerability exists in the mutual TLS mTLS implementation used by System REST APIs and SOAP services in multiple WSO2 products. Due to improper validation of client certificate–based authentication in certain default configurations, the affected components ma...

curl: Double free in tool_ssls_load()

Summary: There is a double-free bugs in toolsslsload, which can happen at line 83-84 or 129-130 toolssls.c: c curlfreeshmac; curlfreesdata; The root cause is that line 83-84 did not reset shmac and sdata to NULL. If the seesion is malformed, the double-free will be triggerd. No AI was used to fin...

MGASA-2025-0301 Updated apache packages fix security vulnerabilities

HTTP response splitting. CVE-2024-42516 SSRF with modheaders setting Content-Type header. CVE-2024-43204 modssl error log variable escaping. CVE-2024-47252 modproxyhttp2 denial of service. CVE-2025-49630 modssl access control bypass with session resumption. CVE-2025-23048 modssl TLS upgrade attac...

CVE-2025-65083

GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without consideration of whether outbound HTTPS connections from the proxy server to Internet servers succee...

PT-2025-47339

Name of the Vulnerable Software and Affected Versions GoSign Desktop versions 2.4.0 and earlier Description GoSign Desktop versions 2.4.0 and earlier utilize an unsigned update manifest for application updates. This manifest includes package URLs and SHA-256 hashes, but lacks digital signing,...

WSO2多款产品 安全漏洞

WSO2 API Manager and others are products of WSO2 Corporation, USA.WSO2 API Manager is an API lifecycle management solution.WSO2 Identity Server IS is an identity server.WSO2 API Control Plane is a control panel. A security vulnerability exists in several WSO2 products that stems from a lack of...

Siemens SIPROTEC Inadequate Encryption Strength (CVE-2024-38867)

The affected devices are supporting weak ciphers on several ports 443/tcp for web, 4443/tcp for DIGSI 5 and configurable port for syslog over TLS. This could allow an unauthorized attacker in a man-in-the-middle position to decrypt any data passed over to and from those ports. This plugin only...

GO-2025-4107 KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing in kubevirt.io/kubevirt

KubeVirt Improper TLS Certificate Management Handling Allows API Identity Spoofing in kubevirt.io/kubevirt...

GO-2025-4103 KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer in kubevirt.io/kubevirt

KubeVirt Affected by an Authentication Bypass in Kubernetes Aggregation Layer in kubevirt.io/kubevirt...

kernel: crypto: pcrypt - Call crypto layer directly when padata_do_parallel() return -EBUSY

In the Linux kernel, the following vulnerability has been resolved: crypto: pcrypt - Call crypto layer directly when padatadoparallel return -EBUSY Since commit 8f4f68e788c3 "crypto: pcrypt - Fix hungtask for PADATARESET", the pcrypt encryption and decryption operations return -EAGAIN when the CP...

What It Takes to Design Trust into Event-Driven Architectures with Amazon EventBridge

How disciplined design turns Amazon EventBridge from an open event bus into a system of verified trust. Event-driven architecture has become essential for achieving agility in the cloud. Yet as integrations multiply, so do the hidden pathways that adversaries can exploit. Amazon EventBridge helps...

kernel: tls: make sure to abort the stream if headers are bogus

In the Linux kernel, the following vulnerability has been resolved: tls: make sure to abort the stream if headers are bogus Normally we wait for the socket to buffer up the whole record before we service it. If the socket has a tiny buffer, however, we read out the data sooner, to prevent...

Silabs RS9116W 安全漏洞

Silabs RS9116W is a wireless connectivity module from Silabs USA. A security vulnerability exists in the Silabs RS9116W, which originates from the reception of malformed L2CAP packets that could lead to a denial of service attack...

CVE-2025-65083

GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without consideration of whether outbound HTTPS connections from the proxy server to Internet servers succee...

ROS-20251117-07

A vulnerability in the recv function of the tls component of the Linux kernel is related to an inaccessible exit condition. exit. Exploitation of the vulnerability could allow an attacker acting remotely to cause a denial of denial of service...

ProxyPrints: From Database Breach to Spoof, a Plug-And-Play Defense for Biometric Systems

Fingerprint recognition systems are widely deployed for authentication and forensic applications, but the security of stored fingerprint data remains a critical vulnerability. While many systems avoid storing raw fingerprint images in favor of minutiae-based templates, recent research shows that...

Whose Narrative Is It Anyway? A KV Cache Manipulation Attack

The Key ValueKV cache is an important component for efficient inference in autoregressive Large Language Models LLMs, but its role as a representation of the model's internal state makes it a potential target for integrity attacks. This paper introduces "History Swapping," a novel block-level...

Adaptive Dual-Layer Web Application Firewall (ADL-WAF) Leveraging Machine Learning for Enhanced Anomaly and Threat Detection

Web Application Firewalls are crucial for protecting web applications against a wide range of cyber threats. Traditional Web Application Firewalls often struggle to effectively distinguish between malicious and legitimate traffic, leading to limited efficacy in threat detection. To overcome these...

SUSE CVE-2025-12765

pgAdmin = 9.9 is affected by a vulnerability in the LDAP authentication mechanism allows bypassing TLS certificate verification...

CVE-2025-36251

CVE-2025-36251 : IBM AIX nimsh service SSL/TLS implementations allow a remote attacker to execute arbitrary commands due to improper process controls. Affected: AIX 7.2, AIX 7.3, and VIOS 3.1 and 4.1. This is part of a broader set of issues addressed in IBM’s security bulletin which lists related...