PT-2025-14796 · Unknown · Api Platform Core

Name of the Vulnerable Software and Affected Versions: API Platform Core versions prior to 4.0.22 Description: The issue concerns a caching problem in GraphQL grants on properties, which can lead to incorrect caching with different objects. The...

Rational Astrologies and Security

John Kelsey and I wrote a short paper for the Rossfest Festschrift: "Rational Astrologies and Security": There is another non-security way that designers can spend their security budget: on making their own lives easier. Many of these fall into the category of what has been called rational...

Citrix Storefront - Error "404 - File or directory not found" when accessing Storefront URL

Browsing to Storefront web URL results in below error "404 - File or directory not found. The resource you are looking for might have been removed, had its name changed, or is temporarily unavailable."...

macOS 14.x < 14.7.5 Multiple Vulnerabilities (122374)

The remote host is running a version of macOS / Mac OS X that is 14.x prior to 14.7.5. It is, therefore, affected by multiple vulnerabilities: - A use after free issue was addressed with improved memory management. This issue is fixed in iOS 18.3 and iPadOS 18.3, iPadOS 17.7.6, macOS Sequoia 15.3...

PT-2025-23207 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 13.7.5 macOS versions prior to 14.7.5 macOS versions prior to 15.4 Description: A permissions issue was addressed with additional sandbox restrictions, which may have allowed an app to access protected user data...

CVE-2025-2954

OpenManus (mannaandpoem) up to 2025.3.13 is affected by a vulnerability in the File Handler component, specifically the execute function in app/tool/file_saver.py. The issue is caused by improper access controls, requiring local access to exploit. The advisory notes that the exploit has been disc...

CVE-2022-49746

In the Linux kernel, the following vulnerability has been resolved: dmaengine: imx-sdma: Fix a possible memory leak in sdmatransferinit If the function sdmaloadcontext fails, the sdmadesc will be freed, but the allocated desc-bd is forgot to be freed. We already met the sdmaloadcontext failure ca...

CVE-2025-30909

Missing Authorization vulnerability in Conversios Conversios.io enhanced-e-commerce-for-woocommerce-store allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Conversios.io: from n/a through = 7.2.3...

CVE-2025-21871

Summary of CVE-2025-21871 (Linux kernel): The vulnerability arises in the OP-TEE subsystem where the supplicant wait loop can cause a hang if the supplicant is hung/crashed/killed during an OP-TEE RPC, especially with shutdown ordering issues between the supplicant and the OP-TEE client. The fix ...

CVE-2025-0811 Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') in GitLab

An issue has been discovered in GitLab CE/EE affecting all versions from 17.7 before 17.8.6, 17.9 before 17.9.3, and 17.10 before 17.10.1. Improper rendering of certain file types leads to cross-site scripting...

CVE-2019-16151

Fortinet FortiOS 6.4.1 and below and FortiOS 6.2.9 and below are affected by an improper neutralization of input during web page generation (CWE-79). A remote unauthenticated attacker can exploit a crafted Host header to redirect users to malicious sites or to execute JavaScript in the victim’s b...

GHSA-FFH5-W482-C7M5 InvokeAI Uncontrolled Resource Consumption vulnerability

A Denial of Service DoS vulnerability was discovered in the /api/v1/boards/boardid endpoint of invoke-ai/invokeai version v5.0.2. This vulnerability occurs when an excessively large payload is sent in the boardname field during a PATCH request. By sending a large payload, the UI becomes...

CVE-2024-4990

CVE-2024-4990 (Yii2

Linux kernel competitive conditions vulnerability (CNVD-2025-05380)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. Linux kernel suffers from a Competitive Condition Problem vulnerability that stems from a competitive condition problem during session lookup and expiration. An attacker can...

RLSA-2025:1330 Important: openssl security update

OpenSSL is a toolkit that implements the Secure Sockets Layer SSL and Transport Layer Security TLS protocols, as well as a full-strength general-purpose cryptography library. Security Fixes: openssl: RFC7250 handshakes with unauthenticated servers don't abort as expected CVE-2024-12797 For more...

CVE-2021-22126

CVE-2021-22126 relates to Fortinet FortiWLC and is a hard-coded password vulnerability. A local, authenticated attacker could connect to the managed APs (Meru AP and FortiAP-U) as root using the default hard-coded username and password. Affected FortiWLC versions are 8.5.2 and below, 8.4.8 and be...

CVE-2021-32584

CVE-2021-32584 describes an improper access control (CWE-284) in Fortinet FortiWLC across multiple versions (e.g., 8.6.0, 8.5.3 and below, 8.4.8 and below, 8.3.3 and below, 8.2.7 to 8.2.4, 8.1.3). An unauthenticated, remote attacker could access certain areas of the web management CGI by specifyi...

CVE-2021-26087

The CVE-2021-26087 entry documents a stored Cross-Site Scripting (XSS) vulnerability in Fortinet FortiWLC web interfaces. Affected FortiWLC releases include 8.6.0, 8.5.3 and earlier, 8.4.8 and earlier, and 8.3.3. Root cause is improper neutralization of input during web page generation, enabling ...

CVE-2025-1057 Keylime: keylime registrar dos due to incompatible database entry handling

A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas...

CVE-2025-1057 Keylime: keylime registrar dos due to incompatible database entry handling

A flaw was found in Keylime, a remote attestation solution, where strict type checking introduced in version 7.12.0 prevents the registrar from reading database entries created by previous versions, for example, 7.11.0. Specifically, older versions store agent registration data as bytes, whereas...