CVE-2025-8007

A security issue exists in the protected mode of 1756-EN4TR and 1756-EN2TR communication modules, where a Concurrent Forward Close operation can trigger a Major Non-Recoverable MNFR fault. This condition may lead to unexpected system crashes and loss of device availability...

Reflected Cross-Site Scripting (Reflected XSS)

com.liferay, com.liferay.expando.web are vulnerable to reflected cross-site scripting XSS. The vulnerability is due to improper input validation of the comliferayexpandowebportletExpandoPortletdisplayType parameter, which allows an attacker to inject and execute arbitrary JavaScript code in a...

GHSA-2FHW-2J7M-MR4M TYPO3 backend modules have Broken Access Control

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules...

CVE-2025-59017

Missing authorization checks in the Backend Routing of TYPO3 CMS versions 9.0.0‑9.5.54, 10.0.0‑10.4.53, 11.0.0‑11.5.47, 12.0.0‑12.4.36, and 13.0.0‑13.4.17 allow backend users to directly invoke AJAX backend routes without having access to the corresponding backend modules...

PT-2025-36960

Name of the Vulnerable Software and Affected Versions: Calix GigaCenter ONT versions 844E Calix GigaCenter ONT versions 844G Calix GigaCenter ONT versions 844GE Calix GigaCenter ONT versions 854GE Description: An issue exists in Calix GigaCenter ONT Quantenna SoC modules that allows administrativ...

pam security update

An update is available for pam. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Pluggable Authentication Modules PAM provide a system to set up authentication...

biz.netcentric.aem.sysenvtools:apply-system-env-install-hook (>=1.2.0 <=1.2.3), biz.netcentric.aem.sysenvtools:system-env-change-listener (>=1.2.0 <=1.2.3) +410 more potentially affected by CVE-2025-58782 via org.apache.jackrabbit:jackrabbit-jcr-commons (>=2.0-beta1 <=2.22.1)

org.apache.jackrabbit:jackrabbit-jcr-commons MAVEN version =2.0-beta1, =1.2.0, =1.2.0, =1.0.0, =1.0.0, =1.0.0, =1.8.0, =2.0.0, =2.5.0, =2.5.4, =2.5.4, =4.2.0, =1.0.0, =1.0.0, =1.0.0, =1.4.0 - biz.ne...

PT-2025-36416

Name of the Vulnerable Software and Affected Versions: ash versions prior to 3.5.39 Description: An incorrect authorization vulnerability exists in ash, allowing exploitation of incorrectly configured access control security levels. This issue is associated with program files...

metasploit-framework

This is an offensive tool for penetration testing. It is the Metasploit Framework, a comprehensive platform for developing and executing exploits. The framework is written in Ruby and provides a wide range of features for penetration testing, including exploit development, vulnerability scanning,...

metasploit-framework

This is a Metasploit Framework repository. The Metasploit Framework is an open-source penetration testing platform used for identifying vulnerabilities in computer systems and applications. It is a comprehensive toolset for security professionals to simulate attacks and test defenses. The...

com.47deg:freestyle-http-http4s_2.11 (=0.1.0), com.azavea.geotrellis:geotrellis-server-core_2.11 (>=4.0.1 <=4.2.0) +173 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.11 (>=0.9.1 <=2.1.0)

co.fs2:fs2-io2.11 MAVEN version =0.9.1, =4.0.1, =4.0.1, =4.0.1, =0.4.0, =0.4.0, =5.0.0, =2.0.0, =0.12.7, =0.12.7, =0.12.7, =0.14.1, =0.12.7, =1.1.0, =1.2.1 and more Source cves: CVE-2025-58369 Source advisory: SNYK:JAVA-COFS2-13180115...

ch.epfl.bluebrain.nexus:delta-app_2.13 (>=1.10.0-M8 <=1.10.0-M13), ch.epfl.bluebrain.nexus:delta-archive-plugin_2.13 (>=1.10.0-M8 <=1.10.0-M13) +644 more potentially affected by CVE-2025-58369 via co.fs2:fs2-io_2.13 (>=3.0.0 <=3.12.0)

co.fs2:fs2-io2.13 MAVEN version =3.0.0, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =1.10.0-M8, =3.10-4b5f50b, =0.29.0, =1.0.0, =0.11.0, =1.0-148-8da8898, =1.0-148-8da8898, =1.0-377-020cf9e and more Source cves: CVE-2025-58369 Source advisory:...

CLSA-2025-1757014900 Fix CVE(s): CVE-2025-49812

SECURITY UPDATE: modssl TLS upgrade attack - debian/patches/CVE-2025-49812.patch: remove antiquated 'SSLEngine optional' TLS upgrade in modules/ssl/sslengineconfig.c, modules/ssl/sslengineinit.c, modules/ssl/sslenginekernel.c, modules/ssl/sslprivate.h. - CVE-2025-49812...

RHSA-2025:15100 Red Hat Security Advisory: pam security update

Bulletin has no description...

Important: Red Hat Security Advisory: pam security update

An update for pam is now available for Red Hat Enterprise Linux 8.8 Update Services for SAP Solutions and Red Hat Enterprise Linux 8.8 Telecommunications Update Service. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System...

Important: Red Hat Security Advisory: pam security update

An update for pam is now available for Red Hat Enterprise Linux 8.4 Advanced Mission Critical Update Support and Red Hat Enterprise Linux 8.4 Extended Update Support Long-Life Add-On. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability...

Important: Red Hat Security Advisory: pam security update

An update for pam is now available for Red Hat Enterprise Linux 9.0 Update Services for SAP Solutions. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is availab...

RHEL 8 : pam (RHSA-2025:15103)

The remote Redhat Enterprise Linux 8 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15103 advisory. Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle...

RHEL 7 : pam (RHSA-2025:15106)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15106 advisory. Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle...

RHEL 9 : pam (RHSA-2025:15102)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:15102 advisory. Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle...