Security update for cloud-init

This update for cloud-init fixes the following issues: Update to version 25.1.3: CVE-2024-6174: Unpriveleged user could trigger hotplug-hook commands bsc1245403. None security fixes: Rebase cloud-init to 24.4 or higher bsc1239715, jscPED-8680. Fixed cloud-init --debug status bsc1228414. Using...

CVE-2025-30150

CVE-2025-30150 affects Shopware 6 platforms. The vulnerability allows an attacker using the store-api to determine whether an email address is registered by querying /store-api/account/recovery-password ; responses differentiate between found vs not found accounts, enabling information exposure. ...

CVE-2024-38351

Summary: PocketBase shows a vulnerability where, if both Password and OAuth2 authentication are enabled, a malicious actor could link an unverified email via OAuth2 to an existing user and gain access to that user’s account without changing the password. The attack flow described involves registe...

TRENDnet TEW-814DAP 安全漏洞

The TRENDnet TEW-814DAP is a wireless access point from TRENDnet. The TRENDnet TEW-814DAP suffers from a stack buffer overflow vulnerability that originates from the submit-url parameter at /formPasswordAuth failing to properly validate the length of the input data, which could be exploited by an...

Low: Red Hat Security Advisory: curl security and bug fix update

An update for curl is now available for Red Hat Enterprise Linux 8.8 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Low. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each...

Updated 389-ds-base packages fix security vulnerability

The directory server password lockout policy prevents binds from operating once a threshold of failed passwords has been met. During this lockout, if you bind with a successful password, a different error code is returned. This means that an attacker has no ratelimit or penalty during an account...