CVE-2025-58352

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1...

SUSE CVE-2025-58352

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1...

IT threat evolution in Q2 2025. Non-mobile statistics

IT threat evolution in Q2 2025. Non-mobile statistics IT threat evolution in Q2 2025. Mobile statistics The statistics in this report are based on detection verdicts returned by Kaspersky products unless otherwise stated. The information was provided by Kaspersky users who consented to sharing...

CVE-2025-58352

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1...

CVE-2025-58352 Weblate has long session expiry times during second factor verification

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1...

CVE-2025-58352 Weblate has long session expiry times during second factor verification

Weblate is a web based localization tool. Versions lower than 5.13.1 contain a vulnerability that causes long session expiry during the second factor verification. The long session expiry could be used to circumvent rate limiting of the second factor. This issue is fixed in version 5.13.1...

CVE-2025-58352

CVE-2025-58352 (Weblate) affects Weblate versions lower than 5.13.1, where sessions can persist for an unusually long period during second-factor (2FA) verification. The root issue is insufficient session expiration, enabling an attacker to maintain a valid session and potentially bypass rate lim...

Weblate has a long session expiry when verifying second factor

Impact The verification of the second factor had too long a session expiry. The long session expiry could be used to circumvent rate limiting of the second factor. Patches This issue has been addressed in Weblate 5.13.1 via https://github.com/WeblateOrg/weblate/pull/16002. References Thanks to...

GHSA-377J-WJ38-4728 Weblate has a long session expiry when verifying second factor

Impact The verification of the second factor had too long a session expiry. The long session expiry could be used to circumvent rate limiting of the second factor. Patches This issue has been addressed in Weblate 5.13.1 via https://github.com/WeblateOrg/weblate/pull/16002. References Thanks to...

PT-2025-36103

Name of the Vulnerable Software and Affected Versions: Weblate versions prior to 5.13.1 Description: Weblate is a web-based localization tool. Versions prior to 5.13.1 are susceptible to a second factor authentication bypass due to a long session expiry during the second factor verification...

USN-7737-1 linux-azure, linux-azure-6.8, linux-azure-nvidia vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - PowerPC architecture; - S390 architecture; - x86 architecture; - Block layer subsystem; -...

Linux Distros Unpatched Vulnerability : CVE-2022-33747

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Arm: unbounded memory consumption for 2nd-level page tables Certain actions require e.g. removing pages from a guest's P2M Physical-to-Machine mapping. When lar...

Cloudflare Public Bug Bounty: Second-Order XSS via javascript protocol in MCP Server Portal Apps leads to ATO

The vulnerability in the MCP Server Portal Apps was caused by missing sanitization of the redirecturi parameter, leading to a second-order XSS vulnerability. An attacker could craft a malicious redirecturi containing JavaScript code, obtain a clientid for this URI, and reuse it when a victim had ...

Linux Distros Unpatched Vulnerability : CVE-2021-39896

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In all versions of GitLab CE/EE since version 8.0, when an admin uses the impersonate feature twice and stops impersonating, the admin may be logged in as the...

GHSA-H4M4-XP33-37MJ Liferay Portal vulnerable to Reflected XSS with the referer and forward parameter

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.0 through 7.4.3.131, and Liferay DXP 2024.Q4.0 through 2024.Q4.3, 2024.Q3.1 through 2024.Q3.13, 2024.Q2.0 through 2024.Q2.13, 2024.Q1.1 through 2024.Q1.12 and 7.4 GA through update 92 allows an remote non-authenticated...

CVE-2025-6791 Second order SQL injection available to user with low privilege

In the monitoring event logs page, it is possible to alter the http request to insert a reflect payload in the DB. Caused by an Improper Neutralization of Special Elements used in an SQL Command 'SQL Injection' vulnerability in Centreon web Monitoring event logs modules allows SQL Injection.This...

CVE-2025-9257

creationtimestamp| type| source ---|---|--- 2025-08-22 12:11:34+00:00| seen| Telegram/doZHpCuveedKOqPKvRscX7yaztMxUSErnsHRYY1OVhdEvYI...

CVE-2025-43747

A server-side request forgery SSRF vulnerability exists in the Liferay DXP 2025.Q2.0 through 2025.Q2.3 due to insecure domain validation on analytics.cloud.domain.allowed, allowing an attacker to perform requests by change the domain and bypassing the validation method, this insecure validation i...

SUSE-SU-2025:20563-1 Security update for gnutls

This update for gnutls fixes the following issues: - CVE-2025-32988: Fixed double-free due to incorrect ownership handling bsc1246232 - CVE-2025-32989: Fixed heap buffer overread during X.509 certificate parsing bsc1246233 - CVE-2025-32990: Fixed 1-byte heap buffer overflow when parsing templates...

CVE-2025-43737

A reflected cross-site scripting XSS vulnerability in the Liferay Portal 7.4.3.132, and Liferay DXP 2025.Q2.0 through 2025.Q2.8 and 2025.Q1.0 through 2025.Q1.15 allows a remote authenticated user to inject JavaScript code via comliferayjournalwebportletJournalPortletbackURL parameter...