UBUNTU-CVE-2025-67856

A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to...

RepliBench: Evaluating the Autonomous Replication Capabilities of Language Model Agents

Uncontrollable autonomous replication of language model agents poses a critical safety risk. To better understand this risk, we introduce RepliBench, a suite of evaluations designed to measure autonomous replication capabilities. RepliBench is derived from a decomposition of these capabilities...

Security Bulletin: IBM Cognos Dashboards on Cloud Pak for Data has addressed security vulnerabilities

Summary There are vulnerabilities in IBM® Java™ Version 8 used by IBM Cognos Dashboards on Cloud Pak. IBM Cognos Dashboards on Cloud Pak has addressed these vulnerabilities by upgrading IBM® Java™. There are vulnerabilities in Open-Source Software OSS components consumed by IBM Cognos Dashboards ...

CVE-2024-45979

A host header injection vulnerability in Lines Police CAD 1.0 allows attackers to obtain the password reset token via user interaction with a crafted password reset link. This allows attackers to arbitrarily reset other users' passwords and compromise their accounts...

CVE-2024-31403

Cybozu Garoon 5.0.0–6.0.0 contains an incorrect authorization vulnerability that allows a remote authenticated attacker to alter and/or obtain Memo data due to improper restriction of memo access. Public sources (NVD, Red Hat, JVN, CNNVD, CNVD, CVE listings) confirm the impact and note the soluti...

CVE-2024-2210 The Plus Addons for Elementor <= 5.4.1 - Authenticated (Contributor+) Local File Inclusion via Team Member Listing

The The Plus Addons for Elementor plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 5.4.1 via the Team Member Listing widget. This makes it possible for authenticated attackers, with contributor-level access and above, to include and execute arbitrar...

ROS-2-1031

2.1031 Notification on update of the Red OS OPERATION SYSTEM No RU.29926343.02.01-01-23 Due to quality improvement and bug fixing, an updated version of MIS Operating System "RED OS" 7.3 has been released. You can contact the technical support service within the framework of your existing technic...

Ticketmaster: Taylor Swift ticket sales disrupted by bot-driven attack

By Habiba Rashid Joe Berchtold, president of Ticketmaster's parent company, Live Nation, claims that despite the cyber attack, hackers were not able to illegally obtain any tickets in the November 2022 incident. This is a post from HackRead.com Read the original post: Ticketmaster: Taylor Swift...

Authentication flaw

Browsing restriction bypass vulnerability in Bulletin of Cybozu Garoon 4.0.0 to 5.9.1 allows a remote authenticated attacker to obtain the data of Bulletin...

CVE-2022-26368

Browse restriction bypass and operation restriction bypass vulnerability in Cabinet of Cybozu Garoon 4.0.0 to 5.5.1 allows a remote authenticated attacker to alter and/or obtain the data of Cabinet...

Cybozu Garoon Access Control Error Vulnerability (CNVD-2022-54341)

Cybozu Garoon is a portal-based OA office system from Cybozu Japan. The system provides portal, E-mail, bookmarks, scheduling, bulletin board, document management, etc. An access control error vulnerability exists in Cybozu Garoon, which stems from improper access restrictions in bulletins. An...

CVE-2021-23246

In ACE2 ColorOS11, the attacker can obtain the foreground package name through permission promotion, resulting in user information disclosure...

ROS-2-1161

2.1161 Notification on the update of the Red OS OPERATION SYSTEM MIS Due to quality improvement and bug fixing, an updated version of the "RED OS" Operating System "RED OS" 7.3 is released. You can contact the technical support service within the framework of your existing technical support...

KLA11931 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to execute arbitrary code, gain privileges, , obtain sensitive information, spoof user interface, cause denial of service. Below is a complete list of vulnerabilities: 1. A memory corruptio...

KLA11628 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, obtain sensitive information, bypass security restrictions, perform cross-site scripting attack. Below is a complete list of vulnerabilitie...

KLA11546 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, perform cross-site scripting attack, bypass security restrictions, gain privileges, obtain sensitive information. Below is a complete list ...

Security Bulletin: Multiple Security Vulnerabilities affect IBM® Cloud Private - fluentd

Summary IBM Cloud Private fluentd component is vulnerable to multiple security vulnerabilities Vulnerability Details CVEID: CVE-2018-16396 DESCRIPTION: Ruby could allow a remote attacker to bypass security restrictions, caused by the failure to properly check security controls. By sending a...

KLA11298 Multiple vulnerabilities in Google Chrome

Multiple serious vulnerabilities have been found in Google Chrome. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code, bypass security restrictions, spoof user interface, gain privileges, write local files and obtain sensitive information. Below i...

Security Bulletin: Multiple vulnerabilities in curl affect IBM Flex System Manager (FSM)

Summary Multiple vulnerabilities have been discovered in curl that is embedded in FSM. This bulletin addresses these issues. Vulnerability Details CVEID: CVE-2016-8615 DESCRIPTION: cURL/libcurl is vulnerable to cookie injection, caused by an error related to fgets function. By using a malicious...

KLA10952 Multiple vulnerabilities in Mozilla Thunderbird

Multiple serious vulnerabilities have been found in Mozilla Thunderbird. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause a denial of service, obtain sensitive information and execute arbitrary code. Below is a complete list of vulnerabilities 1. Errors in...