CVE-2025-4819 y_project RuoYi Offline Logout batchForceLogout improper authorization

A vulnerability classified as problematic has been found in yproject RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack...

CVE-2025-4819 y_project RuoYi Offline Logout batchForceLogout improper authorization

A vulnerability classified as problematic has been found in yproject RuoYi 4.8.0. Affected is an unknown function of the file /monitor/online/batchForceLogout of the component Offline Logout. The manipulation of the argument ids leads to improper authorization. It is possible to launch the attack...

Gather Ticket Granting Service (TGS) tickets for User Service Principal Names (SPN)

This module will try to find Service Principal Names that are associated with normal user accounts. Since normal accounts' passwords tend to be shorter than machine accounts, and knowing that a TGS request will encrypt the ticket with the account the SPN is running under, this could be used for a...

Sybil-Based Virtual Data Poisoning Attacks in Federated Learning

Federated learning is vulnerable to poisoning attacks by malicious adversaries. Existing methods often involve high costs to achieve effective attacks. To address this challenge, we propose a sybil-based virtual data poisoning attack, where a malicious client generates sybil nodes to amplify the...

Alibaba Cloud Linux 3 : 0087: freeradius:3.0 (ALINUX3-SA-2023:0087)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by multiple vulnerabilities as referenced in the ALINUX3-SA-2023:0087 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-41859: In freeradius, the EAP-PWD...

kernel: sched/smt: Fix unbalance sched_smt_present dec/inc

In the Linux kernel, the following vulnerability has been resolved: sched/smt: Fix unbalance schedsmtpresent dec/inc I got the following warn report while doing stress test: jump label: negative count! WARNING: CPU: 3 PID: 38 at kernel/jumplabel.c:263 statickeyslowtrydec+0x9d/0xb0 Call Trace:...

Securing WiFi Fingerprint-Based Indoor Localization Systems from Malicious Access Points

WiFi fingerprint-based indoor localization schemes deliver highly accurate location data by matching the received signal strength indicator RSSI with an offline database using machine learning ML or deep learning DL models. However, over time, RSSI values degrade due to the malicious behavior of...

CVE-2025-46719

Open WebUI vulnerability CVE-2025-46719 affects versions prior to 0.6.6. A flaw in rendering certain HTML tags in chat messages allows stored cross-site scripting (XSS) in chat transcripts, which are accessible by other users on the same server or via Open WebUI community sharing. In the user’s b...

uberAgent - unable to upload data to Splunk in environment with restricted internet access

uberAgent data is not available on the Splunk dashboard. Agents are reporting correctly when Admins allow full internet access on the firewall. uberAgent log file located in C:\Windows\Temp default location shows the issue with CurlSend attempt, example: 2025-05-02 10:31:10.439...

goTenna Mesh 安全漏洞

goTenna Mesh is a portable mesh networking device from goTenna, Inc. that builds decentralized communication networks through intelligent routing algorithms and supports offline transmission of text/location/emergency signals from smartphones. A security vulnerability exists in goTenna Mesh, whic...

goTenna V1 安全漏洞

goTenna V1 is a portable offline communication device from goTenna, Inc. that enables long-distance peer-to-peer communication between smartphones via mesh network technology. A security vulnerability exists in goTenna V1, which originates from hard-coded authentication tokens, which could lead t...

goTenna V1 安全漏洞

goTenna V1 is a portable offline communication device from goTenna that enables long-range peer-to-peer communication between smartphones via mesh network technology. A security vulnerability exists in goTenna V1, which originates from sending data via UART and could lead to sensitive data leakag...

goTenna V1 安全漏洞

goTenna V1 is a portable offline communication device from goTenna that enables long-range peer-to-peer communication between smartphones via mesh network technology. A security vulnerability exists in goTenna V1 that stems from allowing the injection of customized messages, which could lead to a...

goTenna V1 安全漏洞

goTenna V1 is a portable offline communication device from goTenna, Inc. that enables long-range peer-to-peer communication between smartphones via mesh network technology. A security vulnerability exists in goTenna V1, which stems from an improperly implemented encryption that could lead to...

goTenna V1 安全漏洞

goTenna V1 is a portable offline communication device from goTenna that enables long-range peer-to-peer communication between smartphones via mesh network technology. A security vulnerability exists in goTenna V1, which stems from a command channel containing next-hop information that could lead ...

goTenna Mesh 安全漏洞

goTenna Mesh is a portable mesh networking device from goTenna that builds decentralized communication networks through intelligent routing algorithms and supports offline transmission of text/location/emergency signals from smartphones. A security vulnerability exists in goTenna Mesh that stems...

编号撤回

goTenna Mesh is a portable mesh networking device from goTenna that builds decentralized communication networks through intelligent routing algorithms and supports offline transmission of text/location/emergency signals from smartphones. This CVE number has been withdrawn...

Improper Certificate Validation

Overview Affected versions of this package are vulnerable to Improper Certificate Validation presented by the remote server during a TLS connection. An attacker can intercept and potentially alter communications by positioning themselves between the client and the server. Note: This is only...

ThreMoLIA: Threat Modeling of Large Language Model-Integrated Applications

Large Language Models LLMs are currently being integrated into industrial software applications to help users perform more complex tasks in less time. However, these LLM-Integrated Applications LIA expand the attack surface and introduce new kinds of threats. Threat modeling is commonly used to...

Important: kernel

Issue Overview: In the Linux kernel, the following vulnerability has been resolved: block, bfq: don't move oombfqq CVE-2022-49179 In the Linux kernel, the following vulnerability has been resolved: macsec: fix UAF bug for realdev CVE-2022-49390 In the Linux kernel, the following vulnerability has...