CVE-2025-9290

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication...

CVE-2025-9290 Authentication Weakness on Omada Controllers, Gateways and Access Points

An authentication weakness was identified in Omada Controllers, Gateways and Access Points, controller-device adoption due to improper handling of random values. Exploitation requires advanced network positioning and allows an attacker to intercept adoption traffic and forge valid authentication...

CVE-2025-9290

CVE-2025-9290 describes an authentication weakness in Omada Controllers, Gateways, and Access Points related to improper handling of random values during controller-device adoption. The vulnerability could allow an attacker with adjacent network access to intercept adoption traffic and forge vali...

CVE-2026-24332

Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible and not actually offline because the response to a WebSocket API request includes the user in the presences array with "status": "offline", whereas offline users are omitted from the presences...

CVE-2026-24332

Discord is reported to allow revealing whether a user is Invisible by returning a presences array in a WebSocket response that includes users marked as offline, exposing inconsistency with the UI description of Invisible. Affected scope is described across multiple sources (NVD, Red Hat advisory,...

PT-2026-3920

Discord through 2026-01-16 allows gathering information about whether a user's client state is Invisible and not actually offline because the response to a WebSocket API request includes the user in the presences array with "status": "offline", whereas offline users are omitted from the presences...

PT-2026-4304

Name of the Vulnerable Software and Affected Versions Omada Controllers, Gateways and Access Points affected versions not specified Description An authentication weakness exists in Omada Controllers, Gateways, and Access Points related to controller-device adoption. This is due to improper handli...

Azure Linux 3.0 Security Update: kernel (CVE-2025-21931)

The version of kernel installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2025-21931 advisory. - In the Linux kernel, the following vulnerability has been resolved: hwpoison, memoryhotplug: lock folio befo...

A Prompt-Based Framework for Loop Vulnerability Detection Using Local LLMs

Loop vulnerabilities are one major risky construct in software development. They can easily lead to infinite loops or executions, exhaust resources, or introduce logical errors that degrade performance and compromise security. The problem are often undetected by traditional static analyzers becau...

MiracleLinux 7 : ipa-4.6.8-5.17.0.1.el7.AXS7 (AXSA:2024-8141:06)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-8141:06 advisory. ipa: user can obtain a hash of the passwords of all domain users and perform offline brute force CVE-2024-3183 Tenable has extracted the preceding descriptio...

MiracleLinux 8 : mailman:2.1 (AXSA:2022-2976:01)

The remote MiracleLinux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-2976:01 advisory. mailman: CSRF token bypass allows to perform CSRF attacks and account takeover CVE-2021-42097 mailman: CSRF token derived from admin password allows...

AVideo notify.ffmpeg.json.php Unauthenticated RCE via Salt Discovery

This module exploits an unauthenticated remote code execution RCE vulnerability in AVideo's notify.ffmpeg.json.php endpoint. The vulnerability stems from a critical cryptographic weakness in the salt generation mechanism combined with information disclosure vulnerabilities that allow an attacker ...

powerpc/kexec: Enable SMT before waking offline CPUs

...

SUSE CVE-2025-71119

In the Linux kernel, the following vulnerability has been resolved: powerpc/kexec: Enable SMT before waking offline CPUs If SMT is disabled or a partial SMT state is enabled, when a new kernel image is loaded for kexec, on reboot the following warning is observed: kexec: Waking offline cpu 228...

SUSE CVE-2025-71142

In the Linux kernel, the following vulnerability has been resolved: cpuset: fix warning when disabling remote partition A warning was triggered as follows: WARNING: kernel/cgroup/cpuset.c:1651 at remotepartitiondisable+0xf7/0x110 RIP: 0010:remotepartitiondisable+0xf7/0x110 RSP:...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000708)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000708 advisory. The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service syste...

SUSE CVE-2025-68780

In the Linux kernel, the following vulnerability has been resolved: sched/deadline: only set freecpus for online runqueues Commit 16b269436b72 "sched/deadline: Modify cpudl::freecpus to reflect rd-online" introduced the cpudlset/clearfreecpu functions to allow the cpudl::freecpus mask to be...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003458)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003458 advisory. The cgroup offline implementation in the Linux kernel through 4.8.11 mishandles certain drain operations, which allows local users to cause a denial of service syste...

CVE-2025-71119

In the Linux kernel, the following vulnerability has been resolved: powerpc/kexec: Enable SMT before waking offline CPUs If SMT is disabled or a partial SMT state is enabled, when a new kernel image is loaded for kexec, on reboot the following warning is observed: kexec: Waking offline cpu 228...

CVE-2025-71119

In the Linux kernel, the following vulnerability has been resolved: powerpc/kexec: Enable SMT before waking offline CPUs If SMT is disabled or a partial SMT state is enabled, when a new kernel image is loaded for kexec, on reboot the following warning is observed: kexec: Waking offline cpu 228...