CVE-2025-30189

CVE-2025-30189 affects Open-Xchange OX Dovecot Pro (and dovecot-based components) where enabling authentication caching causes incorrect caching: multiple users sharing the same cache key leads to the cached entry being reused for subsequent logins. The issue is described in multiple advisories (...

CVE-2025-12390

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

CVE-2025-40040

In the Linux kernel, the following vulnerability has been resolved: mm/ksm: fix flag-dropping behavior in ksmmadvise syzkaller discovered the following crash: kernel BUG 44.607039 ------------ cut here ------------ 44.607422 kernel BUG at mm/userfaultfd.c:2067! 44.608148 Oops: invalid opcode: 000...

Improper Domain Name Validation

com.liferay.portal, com.liferay.portal.impl is vulnerable to an improper domain name validation. The vulnerability is due to incorrect identification of the subdomain in domain names, which can lead to the creation of a supercookie, allowing an attacker controlling a website with the same top-lev...

CVE-2025-60791

CVE-2025-60791 affects Easywork Enterprise 2.1.3.354. The vulnerability is Cleartext Storage of Sensitive Information in Memory, where device-bound license keys remain in process memory after a failed activation. An attacker with local access can attach a debugger or dump memory to retrieve keys ...

CVE-2025-11621 Vault AWS auth method bypass due to AWS client cache

Vault and Vault Enterprise’s “Vault” AWS Auth method may be susceptible to authentication bypass if the role of the configured boundprincipaliam is the same across AWS accounts, or uses a wildcard. This vulnerability, CVE-2025-11621, is fixed in Vault Community Edition 1.21.0 and Vault Enterprise...

DNS Rebinding

Neo4j Cypher MCP is vulnerable to DNS Rebinding. The vulnerability is due to the MCP server trusting requests from rebinding hostnames, and attackers can lure users to a malicious website that rebinding succeeds on to bypass Same-Origin Policy and invoke tools against local Neo4j instances...

Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic

Summary: A bypass was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This occurs because the implementation...

GHSA-G8MR-FGFG-5QPC Koa Vulnerable to Open Redirect via Trailing Double-Slash (//) in back Redirect Logic

Summary: A bypass was discovered in the Koa.js framework affecting its back redirect functionality. In certain circumstances, an attacker can manipulate the Referer header to force a user’s browser to navigate to an external, potentially malicious website. This occurs because the implementation...

PT-2025-42905

Name of the Vulnerable Software and Affected Versions Koa versions 2.16.2 through 2.16.3 Koa versions 3.0.1 through 3.0.3 Description The Koa framework contains a flaw in its back redirect functionality. An attacker can manipulate the Referer header to redirect a user’s browser to a malicious...

CVE-2025-62584

Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment...

minio -- Privilege Escalation via Session Policy Bypass in Service Accounts and STS

mino reports: A privilege escalation vulnerability allows service accounts and STS Security Token Service accounts with restricted session policies to bypass their inline policy restrictions when performing "own" account operations, specifically when creating new service accounts for the same use...

EUVD-2025-34718

Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment...

CVE-2025-62584

Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment...

CVE-2025-62584

Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment...

CVE-2025-62584

CVE-2025-62584 affects Naver Whale Browser prior to version 4.33.325.17 and describes a bypass of the Same-Origin Policy in a dual-tab environment. The available connected documents consistently state that the issue enables an attacker to bypass SOP between tabs, but they do not provide concrete ...

CVE-2025-62584

Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment...

CVE-2025-62584

Whale browser before 4.33.325.17 allows an attacker to bypass the Same-Origin Policy in a dual-tab environment...

Naver Whale Browser 安全漏洞

Naver Whale Browser is a web browser from Naver, a South Korean company that supports user-defined interfaces. A security vulnerability exists in Naver Whale Browser versions prior to 4.33.325.17, which originates from an attacker being able to bypass the same-origin policy in a two-tab environme...

EUVD-2025-34518

RemoteView PC Application Console versions prior to 6.0.2 contain an uncontrolled search path element vulnerability. If a crafted DLL is placed in the same folder with the affected product, it may cause an arbitrary code execution...