uverif 安全漏洞

uverif is a free and open source web authentication management system from uverif. A security vulnerability exists in uverif 3.2 and earlier versions, which stems from SQL injection due to incorrect manipulation of the parameter note of the function addbatch in the file /admin/kamilist...

Access API Moves to Spring Security Access

Five years ago, Spring Security began the journey of modernizing its authorization API. This has paved the way for a number of exciting features like Authorized POJOs, value masking, and, planned for Spring Security 7, Multi-Factor Authentication. This also deprecated the majority of the Access...

Metabase 0.41.x < 0.41.9 / 0.42.x < 0.42.6 / 0.43.x < 0.43.7 / 0.44.x < 0.44.5 / 1.41.x < 1.41.9 / 1.42.x < 1.42.6 / 1.43.x < 1.43.7 / 1.44.x < 1.44.5

The version of Metabase installed on the remote host affected by a single sign on SSO access control vulnerability which could allow a user access without going through the SSO IdP. Metabase now blocks password reset for all users who use SSO for their Metabase login. Note that Nessus has not...

Linux Distros Unpatched Vulnerability : CVE-2025-39700

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - mm/damon/ops-common: ignore migration request to invalid nodes damonmigratepages tries migration even if the target node is invalid. If users mistakenly make su...

Malicious code in plastic-task-note (npm)

The package plastic-task-note was found to contain malicious code...

MAL-2025-45566 Malicious code in plastic-task-note (npm)

The package plastic-task-note was found to contain malicious code...

CVE-2025-21036

Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability...

CVE-2025-38705

In the Linux kernel, the following vulnerability has been resolved: drm/amd/pm: fix null pointer access Writing a string without delimiters ' ', '\n', '\0' to the under gpuod/fanctrl sysfs or pppowerprofilemode for the CUSTOM profile will result in a null pointer dereference...

CVE-2025-41051

creationtimestamp| type| source ---|---|--- 2025-09-04 15:34:30+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxzhukbpsk2e...

PT-2025-35870

Name of the Vulnerable Software and Affected Versions: Apache Struts affected versions not specified Description: The software contains an elevation of privilege issue. Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability...

Linux Distros Unpatched Vulnerability : CVE-2013-1834

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - notes/edit.php in Moodle 1.9.x through 1.9.19, 2.x through 2.1.10, 2.2.x before 2.2.8, 2.3.x before 2.3.5, and 2.4.x before 2.4.2 allows remote authenticated...

CVE-2025-21036

Improper access control in Samsung Notes prior to version 4.4.30.63 allows local privileged attackers to access exported note files. User interaction is required for triggering this vulnerability...

Important: udisks2 security update

The Udisks project provides a daemon, tools, and libraries to access and manipulate disks, storage devices, and technologies. Security Fixes: udisks: Out-of-bounds read in UDisks Daemon CVE-2025-8067 For more details about the security issues, including the impact, a CVSS score, acknowledgments,...

Ubuntu: Security Advisory (USN-7727-2)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2025-54543

QuickCMS is vulnerable to Stored XSS via sDescriptionMeta parameter in page editor SEO functionality. Malicious attacker with admin privileges can inject arbitrary HTML and JS into website, which will be rendered/executed when visiting edited page. By default admin user is not able to add...

Linux Distros Unpatched Vulnerability : CVE-2019-9892

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in Open Ticket Request System OTRS 5.x through 5.0.34, 6.x through 6.0.17, and 7.x through 7.0.6. An attacker who is logged into OTRS as...

Linux Distros Unpatched Vulnerability : CVE-2020-10956

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GitLab 8.10 and later through 12.9 is vulnerable to an SSRF in a project import note feature. CVE-2020-10956 Note that Nessus relies on the presence of the...

Security Bulletin: Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly, which affects IBM watsonx.data

Summary Hive creates a credentials file to a temporary directory in the file system with permissions 644 by default when the file permissions are not set explicitly. Any unauthorized user having access to the directory can read the sensitive information written into this file. These can affect...

How attackers adapt to built-in macOS protection

If a system is popular with users, you can bet it's just as popular with cybercriminals. Although Windows still dominates, second place belongs to macOS. And this makes it a viable target for attackers. With various built-in protection mechanisms, macOS generally provides a pretty much end-to-end...

Exploit for CVE-2025-55763

CVE-2025-55763 Buffer Overflow in the URI parser of CivetWeb...