CVE-2025-59044 Himmelblau vulnerable to GID collision via group name-derived mapping (privilege escalation)

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. Himmelblau 0.9.x derives numeric GIDs for Entra ID groups from the group display name when himmelblau.conf idattrmap = name the default configuration. Because Microsoft Entra ID allows multiple groups with the same...

Photon OS 5.0: Vim PHSA-2025-5.0-0611

An update of the vim package has been released. %NASLMINLEVEL 80900 C Tenable, Inc. The descriptive text and package checks in this plugin were extracted from VMware Security Advisory PHSA-2025-5.0-0611. The text itself is copyright C VMware, Inc. include'compat.inc'; if description scriptid26182...

CVE-2025-58450

Summary: CVE-2025-58450 affects pREST (PostgreSQL REST), a REST API on top of PostgreSQL. The vulnerability is a SQL injection in versions prior to 2.0.0-rc3 due to inadequate validation; a patch exists in 2.0.0-rc3. The primary risk details indicate high impact on confidentiality, integrity, and...

DLA-4295-1 libhtp - security update

Bulletin has no description...

s390/sclp: Fix SCCB present check

...

Linux Distros Unpatched Vulnerability : CVE-2025-39685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - comedi: pcl726: Prevent invalid irq number The reproducer passed in an irq number0x80008000 that was too large, which triggered the oob. Added an interrupt numb...

CVE-2025-39702

In the Linux kernel, the following vulnerability has been resolved: ipv6: sr: Fix MAC comparison to be constant-time To prevent timing attacks, MACs need to be compared in constant time. Use the appropriate helper function for this...

OESA-2025-2148 cmake security update

CMake is used to control the software compilation process using simple platform and compiler independent configuration files. CMake generates native makefiles and workspaces that can be used in the compiler environment of your choice. CMake is quite sophisticated: it is possible to support comple...

OESA-2025-2109 aide security update

Security Fixes: A vulnerability was found in AIDE up to 0.19.1 and classified as problematic.Using CWE to declare the problem leads to CWE-117. The product does not neutralize or incorrectly neutralizes output that is written to logs.Impacted is integrity.Upgrading to version 0.19.2 eliminates th...

ksmbd: fix Preauh_HashValue race condition

...

bpf, arm64: Fix trampoline for BPF_TRAMP_F_CALL_ORIG

...

wifi: ath12k: Fix for out-of bound access error

...

CVE-2025-9800

A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can lead to unrestricte...

Android Automotive OS Update Bulletin—September 2025Stay organized with collectionsSave and categorize content based on your preferences.

The Android Automotive OS AAOS Update Bulletin contains details of security vulnerabilities affecting the Android Automotive OS platform. The full AAOS update comprises the security patch level of 2025-09-05 or later from the September 2025 Android Security Bulletin in addition to all issues in...

CVE-2025-9800

A weakness has been identified in SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af. Affected by this issue is the function Import of the file apps/sim/app/api/files/upload/route.ts of the component HTML File Parser. Executing manipulation of the argument File can lead to unrestricte...

PT-2025-35516

Name of the Vulnerable Software and Affected Versions: SimStudioAI sim up to ed9b9ad83f1a7c61f4392787fb51837d34eeb0af Description: A security vulnerability has been detected that allows for path traversal through manipulation of the filePath argument. Remote exploitation is possible, and the...

CVE-2025-29879

A NULL pointer dereference vulnerability has been reported to affect File Station 5. If a remote attacker gains a user account, they can then exploit the vulnerability to launch a denial-of-service DoS attack. We have already fixed the vulnerability in the following version: File Station 5...

CVE-2025-9728

A security vulnerability has been detected in givanz Vvveb 1.0.7.2. This affects an unknown part of the file app/template/user/login.tpl. Such manipulation of the argument Email/Password leads to cross site scripting. The attack can be executed remotely. The name of the patch is...

CVE-2025-9728

CVE-2025-9728 affects givanz Vvveb 1.0.7.2, with a reflected XSS in the login.tpl form (app/template/user/login.tpl) through manipulation of Email/Password fields. The vulnerability can be exploited remotely; PoCs and an exploit exist (GitHub), and a patch is available: bbd4c42c66ab81814224034817...

CVE-2025-9397

A weakness has been identified in givanz Vvveb up to 1.0.7.2. Affected is an unknown function of the file /system/traits/media.php. Executing manipulation of the argument files can lead to unrestricted upload. The attack can be launched remotely. The exploit has been made available to the public...