CVE-2025-3047

When running the AWS Serverless Application Model Command Line Interface SAM CLI build process with Docker and symlinks are included in the build files, the container environment allows a user to access privileged files on the host by leveraging the elevated permissions granted to the tool. A use...

CVE-2025-29929 Tuleap is missing CSRF protection on tracker hierarchy administration

Tuleap is an Open Source Suite to improve management of software developments and collaboration. Tuleap is missing CSRF protection on tracker hierarchy administration. An attacker could use this vulnerability to trick victims into submitting or editing artifacts or follow-up comments. This...

PT-2025-20755 · Apple · Apple Macos

Name of the Vulnerable Software and Affected Versions: macOS versions prior to 15.4 Description: The issue allows an app to potentially break out of its sandbox. This was addressed by adding additional logic. Recommendations: For versions prior to 15.4, update to macOS Sequoia 15.4 to resolve the...

PT-2025-13782 · Fortinet · Fortindr +1

Name of the Vulnerable Software and Affected Versions: FortiMail versions 6.4.0 through 6.4.4 FortiMail versions prior to 6.2.6 FortiNDR versions prior to 7.1.0 FortiNDR version 7.2.0 Description: A buffer copy without checking the size of input, also known as a 'classic buffer overflow', allows ...

CVE-2024-58090

In the Linux kernel, the following vulnerability has been resolved: sched/core: Prevent rescheduling when interrupts are disabled David reported a warning observed while loop testing kexec jump: Interrupts enabled after irqrouterresume+0x0/0x50 WARNING: CPU: 0 PID: 560 at drivers/base/syscore.c:1...

tough terminating targets role delegations are not respected

Summary Delegations are a mechanism defined by the TUF specification that allow multiple different identities to provide and sign content within a single repository. Terminating delegations and delegation priority give a TUF repository unambiguous control over how overlapping delegations are...

tough root metadata version is not checked for sequential versioning

Summary When updating the root role, a TUF client must establish a trusted line of continuity to the latest set of keys. While sequentially downloading new versions of the root metadata file, tough will not check that the root object version it received was the next sequential version from the...

CVE-2025-30351

Directus is a real-time API and App dashboard for managing SQL database content. Starting in version 10.10.0 and prior to version 11.5.0, a suspended user can use the token generated in session auth mode to access the API despite their status. This happens because there is a check missing in...

CVE-2025-30164

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. A vulnerability in versions prior to 2.11.5 and 2.12.13 vulnerability allows an attacker to craft a URL that, once visited by an authenticated user or one that is able to authenticate, allows to...

CVE-2025-24972

Discourse is an open-source discussion platform. Prior to versions 3.3.4 on the stable branch and 3.4.0.beta5 on the beta branch, in specific circumstances, users could be added to group direct messages despite disabling direct messaging in their preferences. Versions 3.3.4 and 3.4.0.beta5 contai...

GHSA-76G3-38JV-WXH4 tough timestamp metadata is cached when it fails snapshot rollback check

Summary TUF repositories use the timestamp role to protect against rollback events by enabling an automated process to periodically sign the role's metadata. While tough will ensure that the version of snapshot metadata in new timestamp metadata files was always greater than or equal to the...

tough timestamp metadata is cached when it fails snapshot rollback check

Summary TUF repositories use the timestamp role to protect against rollback events by enabling an automated process to periodically sign the role's metadata. While tough will ensure that the version of snapshot metadata in new timestamp metadata files was always greater than or equal to the...

GHSA-Q6R9-R9PW-4CF7 tough failure to detect delegated target rollback

Summary When updating the snapshot role, TUF clients should ensure that any previously encountered targets or delegated targets metadata files continue to be present in new snapshot metadata files. Likewise, the new targets and delegated targets metadata versions must be greater than or equal to...

PT-2025-20570

Name of the Vulnerable Software and Affected Versions Tenda FH451 version 1.0.0.9 Description The issue is related to a stack overflow in the P2pListFilter function. Recommendations For Tenda FH451 version 1.0.0.9, consider disabling the P2pListFilter function as a temporary workaround until a...

CVE-2025-2886

Missing validation of terminating delegation causes the client to continue searching the defined delegation list, even after searching a terminating delegation. This could cause the client to fetch a target from an incorrect source, altering the target contents. Users should upgrade to tough...

CVE-2025-2885 Root metadata version not validated in tough

Missing validation of the root metatdata version number could allow an actor to supply an arbitrary version number to the client instead of the intended version in the root metadata file, altering the version fetched by the client. Users should upgrade to tough version 0.20.0 or later and ensure...

GHSA-V56R-HWV5-MXG6 Synapse vulnerable to federation denial of service via malformed events

Impact A malicious server can craft events with a depth outside the integer range allowed by Canonical JSON. When such an event is received by Synapse version up to 1.127.0, it prevents it from federating with other servers. The vulnerability has been exploited in the wild. Patches Fixed in Synap...

CVE-2023-52992

In the Linux kernel, the following vulnerability has been resolved: bpf: Skip task with pid=1 in sendsignalcommon The following kernel panic can be triggered when a task with pid=1 attaches a prog that attempts to send killing signal to itself, also see 1 for more details: Kernel panic - not...

CVE-2022-49740

In the Linux kernel, the following vulnerability has been resolved: wifi: brcmfmac: Check the count value of channel spec to prevent out-of-bounds reads This patch fixes slab-out-of-bounds reads in brcmfmac that occur in brcmfconstructchaninfo and brcmfenablebw402g when the count value of channel...

CVE-2023-53018

CVE-2023-53018 affects the Linux kernel Bluetooth stack. If hci_cmd_sync_queue() fails in hci_le_terminate_big() or hci_le_big_terminate(), the memory pointed to by d is not freed, causing a memory leak. A patch adds a release path in the error flow to fix this. Exploitation details are not provi...