CVE-2026-31573

In the Linux kernel, the following vulnerability has been resolved: media: verisilicon: Fix kernel panic due to initconst misuse Fix a kernel panic when probing the driver as a module: Unable to handle kernel paging request at virtual address ffffd9c18eb05000 offindmatchingnodeandmatch+0x5c/0x1a0...

Tanium Enforce Recovery Key Portal 安全漏洞

Tanium Enforce Recovery Key Portal is a component of the US-based Tanium company that allows access to disk encryption recovery keys. There is a security vulnerability in Tanium Enforce Recovery Key Portal, which stems from insecure file permissions. This vulnerability may allow attackers with...

CVE-2025-41689

An unauthenticated remote attacker can get access without password protection to the affected device. This enables the unprotected read-only access to the stored measurement data...

PT-2025-33716 · Unknown · Fluke Process Instruments Devices

Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: An unauthenticated remote attacker can grant access without password protection to the affected device, enabling unprotected read-only access to stored measurement data. Recommendations: At the...

VulnCheck KEV: CVE-2025-27112

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

SUSE CVE-2025-27112

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

CVE-2025-27112

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

CVE-2025-27112 Navidrome has authentication bypass in Subsonic API with non-existent username

Navidrome is an open source web-based music collection server and streamer. Starting in version 0.52.0 and prior to version 0.54.5, in certain Subsonic API endpoints, a flaw in the authentication check process allows an attacker to specify any arbitrary username that does not exist on the system,...

Navidrome 授权问题漏洞

Navidrome is a web-based open source music collection server and streamer from Navidrome Open Source. Used to freely listen to music collections from any browser or mobile device. An authorization issue vulnerability exists in Navidrome versions 0.52.0 up to and including 0.54.5, which stems from...

PT-2022-7495 · Linux +1 · Linux Kernel +1

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to a use after free vulnerability in the arc emac component of the Linux kernel. This vulnerability may allow an attacker to impact the confidentiality, integrity,...

CVE-2020-15773

An issue was discovered in Gradle Enterprise before 2020.2.4. Because of unrestricted cross-origin requests to read-only data in the Export API, an attacker can access data as a user for the duration of the browser session after previously explicitly authenticating with the API...