294 matches found
KLA82402 PE vulnerability in Microsoft SQL Server
An elevation of privilege vulnerability was found in Microsoft SQL Server. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-29803 Related products Microsoft-SQL-Server Microsoft-SQL-Server-Management-Studio CVE list CVE-2025-29803 high Solution Insta...
MinIO performs incomplete signature validation for unsigned-trailer uploads
Impact This is a high priority vulnerability and users must upgrade ASAP. The signature component of the authorization may be invalid, which would mean that as a client you can use any arbitrary secret to upload objects given the user already has prior WRITE permissions on the bucket, Prior...
Debian: Security Advisory (DSA-5890-1)
The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Security Bulletin: IBM InfoSphere Information Server is affected by an information disclosure vulnerability (CVE-2024-7577)
Summary An information disclosure vulnerability in IBM InfoSphere Information Server was addressed. Vulnerability Details CVEID:CVE-2024-7577 DESCRIPTION: IBM InfoSphere Information Server could disclose sensitive user credentials from log files during new installation of the product. CWE:CWE-532...
KLA82138 SB vulnerability in Mozilla Firefox
Security vulnerability was found in Mozilla Firefox. Malicious users can exploit this vulnerability to bypass security restrictions. Original advisories MFSA2025-19 Related products Mozilla-Firefox CVE list CVE-2025-2857 critical Solution Update to the latest version Download Firefox Impacts SB...
KLA81935 PE vulnerability in Microsoft Azure
An elevation of privilege vulnerability was found in Microsoft Azure. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2025-29814 Related products Microsoft-Azure CVE list CVE-2025-29814 critical KB list Solution Install necessary updates from the KB...
GHSA-22Q5-9PHM-744V XWiki allows unregistered users to access private pages information through REST endpoint
Impact Protected pages are listed when requesting the REST endpoints /rest/wikis/wikiName/pages even if the user doesn't have view rights on them. It's particularly true if the entire wiki is protected with "Prevent unregistered user to view pages": the endpoint would still list the pages of the...
Ubuntu: Security Advisory (USN-7352-1)
The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2025-29786
Expr is an expression language and expression evaluation for Go. Prior to version 1.17.0, if the Expr expression parser is given an unbounded input string, it will attempt to compile the entire string and generate an Abstract Syntax Tree AST node for each part of the expression. In scenarios wher...
Security Bulletin: IBM DataStage on Cloud Pak for Data is vulnerable to denial of service due to the FasterXML jackson-databind package (CVE-2023-35116)
Summary Jackson-databind is used by IBM DataStage on Cloud Pak for Data as part of data processing. Vulnerability Details CVEID:CVE-2023-35116 DESCRIPTION: Fasterxml jackson-databind is vulnerable to a denial of service, caused by a stack-based overflow. By persuading a victim to open a specially...
CVE-2025-29774
xml-crypto is an XML digital signature and encryption library for Node.js. An attacker may be able to exploit a vulnerability in versions prior to 6.0.1, 3.2.1, and 2.1.6 to bypass authentication or authorization mechanisms in systems that rely on xml-crypto for verifying signed XML documents. Th...
CVE-2025-29775
CVE-2025-29775 : The xml-crypto library for Node.js is vulnerable in versions prior to 6.0.1, 3.2.1, and 2.1.6. An attacker can modify a valid signed XML message in transit such that signature verification still passes, bypassing authentication/authorization checks and enabling privilege escalati...
MAL-2025-2393 Malicious code in newland-component-test (npm)
--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7a4a9b55a483b5ec495bb5e9c06c5285932e3ff8eb091beee14345f52431123f Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...
CVE-2025-21707 affecting package kernel for versions less than 6.6.78.1-3
CVE-2025-21707 affecting package kernel for versions less than 6.6.78.1-3. An upgraded version of the package is available that resolves this issue...
CVE-2025-27789 Inefficient RexExp complexity in generated code with .replace when transpiling named capturing groups
Babel is a compiler for writing next generation JavaScript. When using versions of Babel prior to 7.26.10 and 8.0.0-alpha.17 to compile regular expression named capturing groups, Babel will generate a polyfill for the .replace method that has quadratic complexity on some specific replacement...
Linux Distros Unpatched Vulnerability : CVE-2024-57974
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - udp: Deal with race between UDP socket address change and rehash If a UDP socket changes its local address while it's receiving datagrams, as a result of connec...
Linux Distros Unpatched Vulnerability : CVE-2023-48232
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vim is an open source command line text editor. A floating point exception may occur when calculating the line offset for overlong lines and smooth scrolling is...
Linux Distros Unpatched Vulnerability : CVE-2024-43870
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: perf: Fix event leak upon exit When a task is scheduled out, pending sigtrap deliveries are...
Linux Distros Unpatched Vulnerability : CVE-2022-36059
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can...
CBL Mariner 2.0 Security Update: reaper (CVE-2024-52798)
The version of reaper installed on the remote CBL Mariner 2.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2024-52798 advisory. - path-to-regexp turns path strings into a regular expressions. In certain cases, path-to-regexp will output a...