3046 matches found
CVE-2025-40075
CVE-2025-40075 is a Linux kernel vulnerability where the tcp_metrics path used dst_dev() in three places. The fix replaces those calls with a lockdep-enabled helper function, specifically using dst_dev_net_rcu(). The connected Nessus advisories confirm the same CVE across multiple Amazon Linux 2 ...
Security update 5.0.5.1 for for Multi-Linux Manager
Description: This update fixes the following issues: proxy-helm, proxy-httpd-image, proxy-salt-broker-image, proxy-squid-image, proxy-ssh-image, proxy-tftpd-image: Images rebuilt to the newest version and updated build dependencies Security update 5.0.5.1 for Multi-Linux Manager Proxy Description...
SUSE-SU-2025:3825-1 Recommended update 5.0.5.1 for Multi-Linux Manager Server
This update fixes the following issues: server-attestation-image: - CVE-2025-53192: Do not use apache-commons-ognl but its successor ognl bsc1248252 - Image rebuilt to the newest version and updated build dependencies server-hub-xmlrpc-api-image, server-image, server-migration-14-16-image: - Imag...
CVE-2025-12200
Last updated 29 October 2025 Notes mdeslaur This issue requires replacing the root-owned configuration file. See https://www.openwall.com/lists/oss-security/2025/10/27/1 This CVE is likely to be rejected. Marking as deferred for now...
CVE-2025-10639
The WorkExaminer Professional server installation comes with an FTP server that is used to receive the client logs on TCP port 12304. An attacker with network access to this port can use weak hardcoded credentials to login to the FTP server and modify or read data, log files and gain remote code...
JLSEC-2025-158 An issue was discovered in GNOME GLib before 2.66.8
An issue was discovered in GNOME GLib before 2.66.8. When gfilereplace is used with GFILECREATEREPLACEDESTINATION to replace a path that is a dangling symlink, it incorrectly also creates the target of the symlink as an empty file, which could conceivably have security relevance if the symlink is...
`unic-bidi` is unmaintained
All Unicode crates that are part of https://github.com/open-i18n/rust-unic are unmaintained. Recommended alternatives - unicode-bidi...
CVE-2025-10313
The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the faradminajaxfun function in all versions up to, and including, 1.1. This makes it possible for...
CVE-2025-10313
The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the faradminajaxfun function in all versions up to, and including, 1.1. This makes it possible for...
CVE-2025-10313 Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting
The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the faradminajaxfun function in all versions up to, and including, 1.1. This makes it possible for...
CVE-2025-10313 Find And Replace content for WordPress <= 1.1 - Missing Authorization to Unauthenticated Stored Cross-Site Scripting
The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the faradminajaxfun function in all versions up to, and including, 1.1. This makes it possible for...
EUVD-2025-34541
The Find And Replace content for WordPress plugin for WordPress is vulnerable to unauthorized Stored Cross-Site Scripting and Arbitrary Content Replacement due to a missing capability check on the faradminajaxfun function in all versions up to, and including, 1.1. This makes it possible for...
CVE-2025-10313
CVE-2025-10313 Find And Replace content for WordPress – unauthenticated Stored Cross-Site Scripting and Arbitrary Content Replacement due to missing capability check in far_admin_ajax_fun() for versions
DEBIAN-CVE-2025-39999
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix blkmqtags double free while nrrequests grown In the case user trigger tags grow by queue sysfs attribute nrrequests, hctx-schedtags will be freed directly and replaced with a new allocated tags, see blkmqtagupdatedept...
UBUNTU-CVE-2025-39999
In the Linux kernel, the following vulnerability has been resolved: blk-mq: fix blkmqtags double free while nrrequests grown In the case user trigger tags grow by queue sysfs attribute nrrequests, hctx-schedtags will be freed directly and replaced with a new allocated tags, see blkmqtagupdatedept...
CVE-2025-37139
A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently delete necessary boot information. Successful exploitation may render the system unbootable, resulting in a Denial of Service that can only be resolved by replacing the affected hardware...
EUVD-2025-34436
A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently delete necessary boot information. Successful exploitation may render the system unbootable, resulting in a Denial of Service that can only be resolved by replacing the affected hardware...
CVE-2025-37139
Technical details about CVE-2025-37139 (affected AOS firmware, root cause, vulnerable components, affected versions, and fixes) are not publicly provided in the connected documents. Monitor for updates from HP Aruba/NVD and related advisories.
PT-2025-41983
A vulnerability in an AOS firmware binary allows an authenticated malicious actor to permanently delete necessary boot information. Successful exploitation may render the system unbootable, resulting in a Denial of Service that can only be resolved by replacing the affected hardware...
Nextcloud: BOLA/IDOR in Out-of-Office API allows any authenticated user to read other users' absence data
Summary The Out-of-Office OOO API endpoints at /ocs/v2.php/apps/dav/api/v1/outOfOffice/userId and /ocs/v2.php/apps/dav/api/v1/outOfOffice/userId/now suffer from a Broken Object Level Authorization BOLA vulnerability. Any authenticated user can retrieve the out-of-office data of any other user by...