SUSE CVE-2025-29778

Kyverno is a policy engine designed for cloud native platform engineering teams. Prior to version 1.14.0-alpha.1, Kyverno ignores subjectRegExp and IssuerRegExp while verifying artifact's sign with keyless mode. It allows the attacker to deploy kubernetes resources with the artifacts that were...

DEBIAN-CVE-2025-2592

A vulnerability, which was classified as critical, has been found in Open Asset Import Library Assimp 5.4.3. This issue affects the function CSMImporter::InternReadFile of the file code/AssetLib/CSM/CSMLoader.cpp. The manipulation leads to heap-based buffer overflow. The attack may be initiated...

UBUNTU-CVE-2025-27407

graphql-ruby is a Ruby implementation of GraphQL. Starting in version 1.11.5 and prior to versions 1.11.8, 1.12.25, 1.13.24, 2.0.32, 2.1.14, 2.2.17, and 2.3.21, loading a malicious schema definition in GraphQL::Schema.fromintrospection or GraphQL::Schema::Loader.load can result in remote code...

SUSE CVE-2025-27610

Rack provides an interface for developing web applications in Ruby. Prior to versions 2.2.13, 3.0.14, and 3.1.12, Rack::Static can serve files under the specified root: even if urls: are provided, which may expose other files under the specified root: unexpectedly. The vulnerability occurs becaus...

CVE-2025-27101

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, when copying any parent directory to a folder in the /temp/ directory, all files in that parent directory are copied, including files which the user should not have access to. All users of t...

Uncaught Panic in ORML Rewards Pallet

Summary A vulnerability in the addshare function of the Rewards pallet part of the ORML repository can lead to an uncaught Rust panic when handling user-provided input exceeding the u128 range. Affected Components - ORML Rewards pallet rewards/src/lib.rs - Any Substrate-based chain using ORML...

Vulnerability fixed in CrowdStrike Falcon sensor

CrowdStrike has fixed a vulnerability in its Falcon sensor for Linux, Falcon Kubernetes Admission Controller, and Falcon Container Sensor. The vulnerability is in the Falcon sensor's validation logic, which could lead to a man-in-the-middle attack. While there is no evidence of exploitation relat...

CVE-2021-37678

TensorFlow is an end-to-end open source platform for machine learning. In affected versions TensorFlow and Keras can be tricked to perform arbitrary code execution when deserializing a Keras model from YAML format. The implementation uses yaml.unsafeload which can perform arbitrary code execution...

CVE-2022-36097

XWiki Platform Attachment UI provides a macro to easily upload and select attachments for XWiki Platform, a generic wiki platform. Starting with version 14.0-rc-1 and prior to 14.4-rc-1, it's possible to store JavaScript in an attachment name, which will be executed by anyone trying to move the...

CVE-2022-36098

XWiki Platform Mentions UI is a user interface for mentioning users in wiki content for XWiki Platform, a generic wiki platform. Starting in version 12.5-rc-1 and prior to versions 13.10.6 and 14.4, it's possible to store Javascript or groovy scripts in a mention, macro anchor, or reference field...

CVE-2022-24768

Argo CD is a declarative, GitOps continuous delivery tool for Kubernetes. All unpatched versions of Argo CD starting with 1.0.0 are vulnerable to an improper access control bug, allowing a malicious user to potentially escalate their privileges to admin-level. Versions starting with 0.8.0 and 0.5...

Critical RCE Flaw in GFI KerioControl Allows Remote Code Execution via CRLF Injection

Threat actors are attempting to take advantage of a recently disclosed security flaw impacting GFI KerioControl firewalls that, if successfully exploited, could allow malicious actors to achieve remote code execution RCE. The vulnerability in question, CVE-2024-52875 , refers to a carriage return...

CVE-2024-7696

Seth Fogie, member of AXIS Camera Station Pro Bug Bounty Program, has found that it is possible for an authenticated malicious client to tamper with audit log creation in AXIS Camera Station, or perform a Denial-of-Service attack on the AXIS Camera Station server using maliciously crafted audit l...

PT-2025-17967

Name of the Vulnerable Software and Affected Versions NVIDIA GPU Driver versions affected versions not specified nvidia-graphics-drivers affected versions not specified nvidia-graphics-drivers-legacy-390xx affected versions not specified nvidia-graphics-drivers-tesla-418 affected versions not...

PT-2024-29618 · Nvr · Nvr

Name of the Vulnerable Software and Affected Versions: NVR affected versions not specified Description: A flaw has been discovered that allows for remote code execution on the NVR. An attacker can create an NVR log file in a directory one level higher on the system, which can be used to corrupt...

PT-2024-40482 · Wasmvm +1 · Wasmvm +1

Name of the Vulnerable Software and Affected Versions: wasmvm versions 2.1.0 through 2.1.2 wasmvm versions 2.0.0 through 2.0.3 wasmvm versions prior to 1.5.5 cosmwasm-vm versions 2.1.0 through 2.1.3 cosmwasm-vm versions 2.0.0 through 2.0.6 cosmwasm-vm versions prior to 1.5.8 Description: The issu...

PT-2024-40031 · Wasmvm +1 · Wasmvm +1

Name of the Vulnerable Software and Affected Versions: wasmvm versions 2.1.0 through 2.1.2 wasmvm versions 2.0.0 through 2.0.3 wasmvm versions prior to 1.5.5 cosmwasm-vm versions 2.1.0 through 2.1.3 cosmwasm-vm versions 2.0.0 through 2.0.6 cosmwasm-vm versions prior to 1.5.8 Description: The issu...

Vulnerabilities fixed in Palo Alto PAN OS

Palo Alto Networks has actively fixed exploited vulnerabilities in PAN-OS. UPDATE Public PoC has now appeared to exploit CVE-2024-0012. The vulnerability with attribute CVE-2024-0012 allows a malicious person with access to the management web interface to gain administrator privileges. Through th...

MF Teacher Performance Management System vulnerable to cross-site scripting

Overview MF Teacher Performance Management System provided by Media Fusion Co.,Ltd. contains a cross-site scripting vulnerability CWE-79. Akira Sumiyoshi, Takuto Matsuhashi, Kei Watanabe, Akio Yamaguchi, Syunji Yazaki and Hideaki Tsuchiya of UEC-CSIRT, The University of Electro-Communications...

Security Advisory Ivanti CSA 4.6 (Cloud Services Appliance) (CVE-2024-8963)

Summary Ivanti is disclosing a critical vulnerability in Ivanti CSA 4.6 which was incidentally addressed in the patch released on 10 September CSA 4.6 Patch 519. Successful exploitation could allow a remote unauthenticated attacker to access restricted functionality. If CVE-2024-8963 is used in...