Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the unzipFile function in the client.go file, which uses filepath.JoindestDir, f.Name without validating or sanitizing f.Name. An attacker can overwrite arbitrary files on the system outside of the intended...

GHSA-QGJ7-FMQ2-6CC4 Hashicorp Vault has Lockout Feature Authentication Bypass

Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

Hashicorp Vault has Lockout Feature Authentication Bypass

Vault and Vault Enterprise’s “Vault” user lockout feature could be bypassed for Userpass and LDAP authentication methods. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise 1.20.1, 1.19.7, 1.18.12, and 1.16.23...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation in the verifyCredentials. An attacker can impersonate a trusted client by crafting a malicious certificate when a non-CA certificate is used as a trusted certificate. Remediation Upgrade...

Hashicorp Vault has an Observable Discrepancy on Existing and Non-Existing Users

A timing side channel in Vault and Vault Enterprise’s “Vault” userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise...

CVE-2025-6011

A timing side channel in Vault and Vault Enterprise’s “Vault” userpass auth method allowed an attacker to distinguish between existing and non-existing users, and potentially enumerate valid usernames for Vault’s Userpass auth method. Fixed in Vault Community Edition 1.20.1 and Vault Enterprise...

CVE-2025-6011

CVE-2025-6011 describes a timing side-channel in Vault and Vault Enterprise's userpass authentication that could let an attacker distinguish existing vs non-existing usernames, enabling possible username enumeration. Root cause: timing differences during user existence checks in the Userpass meth...

Improper Output Neutralization for Logs

Overview ms-swift is a Swift: Scalable lightWeight Infrastructure for Fine-Tuning Affected versions of this package are vulnerable to Improper Output Neutralization for Logs via the train method. An attacker can execute arbitrary system commands by injecting malicious input into parameters that a...

(Pwn2Own) QNAP QHora-322 lionic_dpi parseMIME Out-of-Bounds Write Remote Code Execution Vulnerability

This vulnerability allows network-adjacent attackers to execute arbitrary code on affected installations of QNAP QHora-322 routers. Authentication is not required to exploit this vulnerability. The specific flaw exists within the parseMIME method. The issue results from the lack of proper...

The vulnerability of the resize() and text() methods of the ImageMagick framework, which are used for developing web systems and CodeIgniter applications, allows attackers to load arbitrary files.

The vulnerability of the resize and text methods of the ImageMagick framework used for developing web systems and CodeIgniter applications relates to the lack of measures taken to neutralize special elements used in the operating system command line. Exploiting this vulnerability allows a remote...

PrestaShop 安全漏洞

PrestaShop is an open source e-commerce solution from the American company PrestaShop. The solution provides multiple payment methods, short message alerts and product image scaling. A security vulnerability exists in PrestaShop version v8.2.0, which stems from a PHAR deserialization issue in the...

PT-2025-31355 · Koa · Koa

Name of the Vulnerable Software and Affected Versions: Koa affected versions not specified Description: The back method used for redirect operations in Koa utilizes the user-controllable Referrer header as the redirect target, creating an open redirect condition. The response.redirect function,...

SUSE CVE-2025-38386

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing As reported in 1, a platform firmware update that increased the number of method parameters and forgot to update a least one of its callers, caused ACPICA to crash due ...

SUSE CVE-2025-38408

In the Linux kernel, the following vulnerability has been resolved: genirq/irqsim: Initialize work context pointers properly Initialize ops member's pointers properly by using kzalloc instead of kmalloc when allocating the simulation work context. Otherwise the pointers contain random content...

PowerShell-Suite

This is an offensive tool for Windows UAC bypass. It is a PowerShell module called "Bypass-UAC" that provides a framework to perform UAC bypasses based on auto-elevating IFileOperation COM object method calls. The tool is designed to bypass User Account Control UAC on Windows systems, allowing an...

SUSE CVE-2025-38458

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix NULL pointer dereference in vccsendmsg atmarpddevops does not implement the send method, which may cause crash as bellow. BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: Oops: 0010...

GHSA-M7F4-HRC6-FWG3 Skops has Inconsistent Trusted Type Validation that Enables Hidden `operator` Methods Execution

Summary An inconsistency in OperatorFuncNode can be exploited to hide the execution of untrusted operator.xxx methods. This can then be used in a code reuse attack to invoke seemingly safe functions and escalate to arbitrary code execution with minimal and misleading trusted types. Note: This...

CVE-2025-38458 atm: clip: Fix NULL pointer dereference in vcc_sendmsg()

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fix NULL pointer dereference in vccsendmsg atmarpddevops does not implement the send method, which may cause crash as bellow. BUG: kernel NULL pointer dereference, address: 0000000000000000 PGD 0 P4D 0 Oops: Oops: 0010...

DEBIAN-CVE-2025-38386

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing As reported in 1, a platform firmware update that increased the number of method parameters and forgot to update a least one of its callers, caused ACPICA to crash due ...

AZL-72400 CVE-2025-38386 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: ACPICA: Refuse to evaluate a method if arguments are missing As reported in 1, a platform firmware update that increased the number of method parameters and forgot to update a least one of its callers, caused ACPICA to crash due ...