CVE-2025-49641 Insufficient permission check for the problem.view.refresh action

A regular Zabbix user with no permission to the Monitoring - Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems...

CVE-2025-49641

A regular Zabbix user with no permission to the Monitoring - Problems view is still able to call the problem.view.refresh action and therefore still retrieve a list of active problems...

CVE-2025-49641

CVE-2025-49641 affects Zabbix deployments; a regular user without access to Monitoring → Problems can call problem.view.refresh and retrieve a list of active problems. Root cause described as insufficient permission checks for the problem.view.refresh action. The connected sources (Red Hat, Debia...

PT-2025-40516

Name of the Vulnerable Software and Affected Versions Zabbix affected versions not specified Description A standard Zabbix user lacking the necessary permissions for the Monitoring - Problems view can still execute the problem.view.refresh action, allowing them to retrieve a list of active...

drm/amd/display: Fix hang/underflow when transitioning to ODM4:1

...

PT-2025-39352

Name of the Vulnerable Software and Affected Versions Flag Forge versions 2.1.0 through 2.2.9 Description Flag Forge is a Capture The Flag CTF platform. The API endpoint GET /api/problems/:id returns challenge hints in plaintext within the question object, regardless of whether the user has...

CVE-2025-59826 FlagForgeCTF Vulnerable to Unauthorized Problem Creation

Flag Forge is a Capture The Flag CTF platform. In version 2.1.0, non-admin users can create arbitrary challenges, potentially introducing malicious, incorrect, or misleading content. This issue has been patched in version 2.2.0...

CVE-2023-53431

The CVE-2023-53431 entry concerns Linux kernel SCSI SES: the fix ensures graceful handling when an enclosure has a primary component but no secondary components. Previously, devices with one primary enclosure and zero secondary enclosures could cause ses_intf_add() to bail, potentially triggering...

pasta

The repository is a collection of code snippets and notes for learning PHP, specifically for those studying the language. The code snippets cover a range of topics, including forms, good coding practices, interview tasks, and database-related concepts. The repository is organized into several...

Linux Distros Unpatched Vulnerability : CVE-2016-3831

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - The telephony component in Android 4.x before 4.4.4, 5.0.x before 5.0.2, 5.1.x before 5.1.1, and 6.x before 2016-08-01 allows remote attackers to cause a denial...

BELL-CVE-2025-39690 CVE-2025-39690 does not affect BellSoft software

Bulletin has no description...

Between a Rock and a Hard Place: Exploiting Ethical Reasoning to Jailbreak LLMs

Large language models LLMs have undergone safety alignment efforts to mitigate harmful outputs. However, as LLMs become more sophisticated in reasoning, their intelligence may introduce new security risks. While traditional jailbreak attacks relied on singlestep attacks, multi-turn jailbreak...

CVE-2025-56803

creationtimestamp| type| source ---|---|--- 2025-09-03 11:00:08+00:00| published-proof-of-concept| Telegram/xOF0wKG3E1tSWdpJ4yjov1SC7Athylo3WSDX12biA3TAo 2025-09-03 21:10:16+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lxxk622ugw27 2025-09-05 21:02:31+00:00| seen|...

Linux Distros Unpatched Vulnerability : CVE-2025-8733

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A flaw has been found in GNU Bison up to 3.8.2. This affects the function obstackvprintfinternal of the file obprintf.c. Executing manipulation can lead to...

CVE-2023-3867

In CVE-2023-3867, the Linux kernel ksmbd SMB2 session setup function smb2_sess_setup could perform an out-of-bounds read when a compound SMB2 request contains a second payload, enabling an OOB read while processing the first payload. The issue is tied to not handling the case where smb2 session s...

CVE-2023-3866

CVE-2023-3866 : In the Linux kernel ksmbd, the compound-request handling failed to validate session and tree identifiers if the first operation is not an SMB2 ECHO. This could allow a NULL dereference when a subsequent operation accesses work->sess or work->tcon, leading to a local impact. ...

CVE-2023-3865

CVE-2023-3865 affects the ksmbd component of the Linux kernel (smb2_write). Root cause: ksmbd_smb2_check_message does not validate hdr->NextCommand; if NextCommand > Offset+Length of smb2 write, an oversized length allows an out-of-bounds read in smb2_write. Implication: out-of-bounds read ...

CVE-2023-32249

CVE-2023-32249 affects the Linux kernel ksmbd component. The issue is mitigated by a patch that returns STATUS_NOT_SUPPORTED when the binding session is a guest on multichannel, effectively disallowing guest access for that path. The NVD metrics classify the impact as locally exploitable with low...

CVE-2025-38513 wifi: zd1211rw: Fix potential NULL pointer dereference in zd_mac_tx_to_dev()

In the Linux kernel, the following vulnerability has been resolved: wifi: zd1211rw: Fix potential NULL pointer dereference in zdmactxtodev There is a potential NULL pointer dereference in zdmactxtodev. For example, the following is possible: T0 T1 zdmactxtodev / len == skbqueuelenq / while len...

MAL-2025-32504 Malicious code in rssboard (npm)

The package rssboard was found to contain malicious code...