CVE-2026-42765 NULL Dereference in Certificate Verification with OCSP Checking

Issue summary: When a partial-chain certificate verification is enabled together with OCSP response checking for the whole chain, a NULL dereference will happen if the verified chain does not have a self-signed trusted anchor, crashing the process. Impact summary: A NULL pointer dereference can...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fixed an out-of-bounds access issue related to the cioignore function. The channel-subsystem-driver scans for newly available devices whenever device IDs are removed from the cioignore list, using commands like: echo fr...

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

EUVD-2025-204539

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

PT-2025-52448

Name of the Vulnerable Software and Affected Versions Turms IM Server versions prior to 0.10.0-SNAPSHOT Description The software contains a flaw in access control related to querying user online status. An authenticated user can access online status, device information, and login timestamps of an...

CVE-2025-66911

Turms IM Server v0.10.0-SNAPSHOT and earlier contains a broken access control vulnerability in the user online status query functionality. The handleQueryUserOnlineStatusesRequest method in UserServiceController.java allows any authenticated user to query the online status, device information, an...

turms 安全漏洞

turms is an instant messaging engine from turms-im open source. A security vulnerability exists in turms v0.10.0-SNAPSHOT and prior versions, which stems from improper access control in the user online status query function and could lead to information disclosure...

CVE-2025-66911

Turms IM Server prior to 0.10.0-SNAPSHOT is affected by a broken access control vulnerability in the user online status query function. The handleQueryUserOnlineStatusesRequest() in UserServiceController.java lets any authenticated user query the online status, device information, and login times...

CVE-2022-50307

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix out-of-bounds access on cioignore free The channel-subsystem-driver scans for newly available devices whenever device-IDs are removed from the cioignore list using a command such as: echo free /proc/cioignore Since ...

CVE-2022-50307 s390/cio: fix out-of-bounds access on cio_ignore free

In the Linux kernel, the following vulnerability has been resolved: s390/cio: fix out-of-bounds access on cioignore free The channel-subsystem-driver scans for newly available devices whenever device-IDs are removed from the cioignore list using a command such as: echo free /proc/cioignore Since ...

Linux Distros Unpatched Vulnerability : CVE-2025-3645

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw was found in Moodle. Insufficient capability checks in a messaging web service allowed users to view other users' names and online statuses. CVE-2025-364...

CVE-2025-6511

creationtimestamp| type| source ---|---|--- 2025-06-23 09:35:34+00:00| seen| https://infosec.exchange/users/vuldb/statuses/114731996519003743 2025-06-23 16:47:00+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19214 2025-06-23 17:31:42+00:00| published-proof-of-concept|...

Information Disclosure

moodle/moodle is vulnerable to an Information Disclosure. The vulnerability is due to inadequate input validation and authorization checks within the messaging web service, allows users to access data they are not authorized to view, such as other users' names and online statuses...

Moodle 安全漏洞

Moodle is a free e-learning software platform, also known as a course management system, learning management system or virtual learning environment. A security vulnerability exists in Moodle, which stems from an insufficient message service capability check, and can be exploited by an attacker to...

CVE-2022-49411 bfq: Make sure bfqg for which we are queueing requests is online

In the Linux kernel, the following vulnerability has been resolved: bfq: Make sure bfqg for which we are queueing requests is online Bios queued into BFQ IO scheduler can be associated with a cgroup that was already offlined. This may then cause insertion of this bfqgroup into a service tree. But...

CVE-2025-25662

creationtimestamp| type| source ---|---|--- 2025-02-20 23:17:13+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/4836 2025-02-21 00:54:46+00:00| seen| https://t.me/cvedetector/18607 2025-02-21 01:01:51+00:00| seen|...

CVE-2017-20196

creationtimestamp| type| source ---|---|--- 2025-01-26 18:09:41+00:00| seen| https://infosec.exchange/users/cve/statuses/113895996203352073 2025-01-26 18:15:40+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgnztayn7h2b 2025-01-26 19:07:25+00:00|...

CVE-2025-24570

creationtimestamp| type| source ---|---|--- 2025-01-24 18:01:52+00:00| seen| https://infosec.exchange/users/cve/statuses/113884640826780764...