Unity Linux 20.1050e Security Update: kernel (UTSA-2025-990086)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990086 advisory. In the Linux kernel, the following vulnerability has been resolved: ASoC: ops: Check bounds for second channel in sndsocputvolswsx The bounds checks in...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989748)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989748 advisory. In the Linux kernel, the following vulnerability has been resolved: media: imon: fix access to invalid resource for the second interface imon driver probes two USB...

Astra Linux – Vulnerability found in Linux 6.1, Linux 6.12

In the Linux kernel, the following vulnerability has been resolved: atm: clip: Fixed an infinite recursive call of clippush. syzbot reported the issue below. 0 This occurs when we call ioctlATMARPMKIP more than once. During the first call, clipmkip sets clippush to vcc-push; the second call copie...

EUVD-2025-37029

2nd Line Android App version v1.2.92 and before package name com.mysecondline.app, developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the usertoken, enabling attackers to brute force...

CVE-2025-61114

2nd Line Android App version v1.2.92 and before package name com.mysecondline.app, developed by AutoBizLine, Inc., contains an improper access control vulnerability in its authentication mechanism. The server only validates the first character of the usertoken, enabling attackers to brute force...

PT-2025-44424

Name of the Vulnerable Software and Affected Versions 2nd Line Android App versions v1.2.92 and earlier Description The 2nd Line Android App has an issue with how it controls access during authentication. The server only checks the first character of the user token, which allows attackers to gues...

Zitadel May Bypass Second Authentication Factor

Summary A vulnerability in Zitadel's token verification prematurely marked sessions as authenticated when only one factor was verified. Impact Zitadel provides an API for managing sessions, enabling custom login experiences in a dedicated UI or direct integration into applications. Session Tokens...

CVE-2025-64103 Zitadel Bypass Second Authentication Factor

Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as...

CVE-2025-64103 Zitadel Bypass Second Authentication Factor

Starting from 2.53.6, 2.54.3, and 2.55.0, Zitadel only required multi factor authentication in case the login policy has either enabled requireMFA or requireMFAForLocalUsers. If a user has set up MFA without this requirement, Zitadel would consider single factor auhtenticated sessions as valid as...

CVE-2025-40070

In the Linux kernel, the following vulnerability has been resolved: pps: fix warning in ppsregistercdev when register device fail Similar to previous commit 2a934fdb01db "media: v4l2-dev: fix error handling in videoregisterdevice", the release hook should be set before deviceregister. Otherwise,...

UBUNTU-CVE-2025-40070

In the Linux kernel, the following vulnerability has been resolved: pps: fix warning in ppsregistercdev when register device fail Similar to previous commit 2a934fdb01db "media: v4l2-dev: fix error handling in videoregisterdevice", the release hook should be set before deviceregister. Otherwise,...

CVE-2025-40070

CVE-2025-40070 is a Linux kernel vulnerability in the PPS subsystem. The issue arises when pps_register_cdev calls device_register() before setting the release callback, which can trigger a warning path during device_release() if device creation fails. The fix (and referenced historical context) ...

CVE-2025-60358

creationtimestamp| type| source ---|---|--- 2025-10-27 22:15:23+00:00| seen| https://bsky.app/profile/bluesky.awakari.com/post/3m47gy6peop2e 2025-10-27 22:15:47+00:00| seen| https://bsky.app/profile/Ubuntu.activitypub.awakari.com.ap.brid.gy/post/3m47gybr2des2 2025-10-28 11:16:05+00:00| seen|...

CVE-2025-61464

gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the searchtable in bbs/search.php...

EUVD-2025-35705

gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the searchtable in bbs/search.php...

CVE-2025-61464

gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the searchtable in bbs/search.php...

CVE-2025-61464

gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the searchtable in bbs/search.php...

CVE-2025-61464

gnuboard gnuboard4 v4.36.04 and before is vulnerable to Second-order SQL Injection via the searchtable in bbs/search.php...

PT-2025-43536

Name of the Vulnerable Software and Affected Versions gnuboard versions prior to 4.36.05 Description gnuboard4 is susceptible to a Second-order SQL Injection issue through the search table parameter within the bbs/search.php file. This allows for potential unauthorized database access or...

gnuboard4 安全漏洞

gnuboard4 is a content management system from kagla open source. A security vulnerability exists in gnuboard4 v4.36.04 and earlier versions, which stems from a second-order SQL injection vulnerability in searchtable in bbs/search.php...