135 matches found
EUVD-2024-32505
Malicious code in bioql PyPI...
EUVD-2024-16826
Malicious code in bioql PyPI...
CVE-2025-39814 ice: fix NULL pointer dereference in ice_unplug_aux_dev() on reset
In the Linux kernel, the following vulnerability has been resolved: ice: fix NULL pointer dereference in iceunplugauxdev on reset Issuing a reset when the driver is loaded without RDMA support, will results in a crash as it attempts to remove RDMA's non-existent auxbus device: echo 1...
Linux Distros Unpatched Vulnerability : CVE-2025-38720
"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: hibmcge: fix rtnl deadlock issue Currently, the hibmcge netdev acquires the rtnllock in pcierrorhandlers.resetprepare and releases it in...
ALSA-2025:14181 Important: tomcat security update
Apache Tomcat is a servlet container for the Java Servlet and JavaServer Pages JSP technologies. Security Fixes: tomcat: Apache Tomcat DoS in multipart upload CVE-2025-48988 tomcat: Apache Tomcat: Security constraint bypass for pre/post-resources CVE-2025-49125 apache-commons-fileupload: Apache...
August 19, 2025—KB5066189 (OS Builds 22621.5771 and 22631.5771) Out-of-band
August 19, 2025—KB5066189 OS Builds 22621.5771 and 22631.5771 Out-of-band Windows Secure Boot certificate expirationImportant: Secure Boot certificates used by most Windows devices are set to expire starting in June 2026. Microsoft has been updating these certificates on consumer and non-managed...
Linux Distros Unpatched Vulnerability : CVE-2025-38417
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ice: fix eswitch code memory leak in reset scenario Add simple eswitch mode checker in...
CVE-2025-55137
LinkJoin through 882f196 mishandles lacks type checking in password reset...
CVE-2025-38371
In the Linux kernel, the following vulnerability has been resolved: drm/v3d: Disable interrupts before resetting the GPU Currently, an interrupt can be triggered during a GPU reset, which can lead to GPU hangs and NULL pointer dereference in an interrupt context as shown in the following trace:...
CVE-2025-7371
Okta On-Premises Provisioning OPP agents log certain user data during administrator-initiated password resets. This vulnerability allows an attacker with access to the local servers running OPP agents to retrieve user personal information and temporary passwords created during password reset. You...
CVE-2025-47227
In the Production Environment extension in Netmake ScriptCase through 9.12.006 23, the Administrator password reset mechanism is mishandled. Making both a GET and a POST request to login.php.is sufficient. An unauthenticated attacker can then bypass authentication via administrator account takeov...
PT-2025-28176 · Fblog · Fblog
Name of the Vulnerable Software and Affected Versions: fblog versions through 983bede Description: The issue allows account takeover via the password reset feature because the SERVER NAME is not configured, causing the reset to depend on the Host HTTP header. Recommendations: For versions through...
CVE-2025-43931
flask-boilerplate through a170e7c allows account takeover via the password reset feature because SERVERNAME is not configured and thus a reset depends on the Host HTTP header...
PT-2025-28175 · Jobcenter · Jobcenter
Name of the Vulnerable Software and Affected Versions: JobCenter versions through 7e7b0b2 Description: The issue allows for account takeover via the password reset feature. This is because the SERVER NAME is not configured, causing the password reset to depend on the Host HTTP header...
CVE-2025-4407 Application does not invalidate session after password reset
Insufficient Session Expiration vulnerability in ABB Lite Panel Pro.This issue affects Lite Panel Pro: through 1.0.1...
CVE-2025-4407 Application does not invalidate session after password reset
Insufficient Session Expiration vulnerability in ABB Lite Panel Pro.This issue affects Lite Panel Pro: through 1.0.1...
PT-2025-27070 · WordPress · Dwt - Directory & Listing Wordpress Theme
Name of the Vulnerable Software and Affected Versions: The DWT - Directory & Listing WordPress Theme versions up to, and including, 3.3.6 Description: The issue allows for privilege escalation via account takeover due to improper checking of an empty token value prior to resetting a user's passwo...
CVE-2025-1235
CVE-2025-1235 affects WAGO Fully Managed Switches. A low-privilege attacker can set the device date to Jan 19, 2038, triggering 32‑bit time overflow and the switch date rolling back to Jan 1, 1970. Public details in provided documents confirm the issue and lack of patch/version information; no re...
PT-2025-23466 · Wago · Fully Managed Switches 0852-0303 +12
Name of the Vulnerable Software and Affected Versions: The product name cannot be determined. Description: A low-privileged attacker can set the device's date to January 19th, 2038, exceeding the 32-bit time limit. This causes the device's date to be set back to January 1st, 1970. Recommendations...
CVE-2024-47057
SummaryThis advisory addresses a security vulnerability in Mautic related to the "Forget your password" functionality. This vulnerability could be exploited by unauthenticated users to enumerate valid usernames. User Enumeration via Timing Attack: A user enumeration vulnerability exists in the...