CVE-2025-27792

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery CSRF were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referre...

CVE-2024-57911 affecting package kernel for versions less than 6.6.76.1-1

CVE-2024-57911 affecting package kernel for versions less than 6.6.76.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-48873 affecting package kernel for versions less than 6.6.76.1-1

CVE-2024-48873 affecting package kernel for versions less than 6.6.76.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-56716 affecting package kernel for versions less than 6.6.76.1-1

CVE-2024-56716 affecting package kernel for versions less than 6.6.76.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-56640 affecting package kernel for versions less than 6.6.76.1-1

CVE-2024-56640 affecting package kernel for versions less than 6.6.76.1-1. An upgraded version of the package is available that resolves this issue...

CVE-2024-50609 affecting package fluent-bit for versions less than 3.1.9-3

CVE-2024-50609 affecting package fluent-bit for versions less than 3.1.9-3. A patched version of the package is available...

PT-2025-11189 · Modx · Modx

Name of the Vulnerable Software and Affected Versions: MODX versions prior to 3.1.0 Description: A cross-site scripting XSS issue has been identified. The issue allows authenticated users to upload SVG files containing malicious JavaScript code as profile images, which gets executed in victims'...

Security Bulletin: Vulnerability in OpenPrinting CUPS affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in OpenPrinting CUPS has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component. The vulnerability have been addressed. Refer to details for additional information...

Out-of-bounds Read in Ruby JSON Parser

Impact A specially crafted document could cause an out of bound read, most likely resulting in a crash. Versions 2.10.0 and 2.10.1 are impacted. Older versions are not. Patches Version 2.10.2 fixes the problem. Workarounds None...

CVE-2025-27794 Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite

Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain e.g., subdomain.host.com sets cookies scoped to the parent domain .host.com. This allows session token replacement f...

CVE-2025-27794 Flarum Vulnerable to Session Hijacking via Authoritative Subdomain Cookie Overwrite

Flarum is open-source forum software. A session hijacking vulnerability exists in versions prior to 1.8.10 when an attacker-controlled authoritative subdomain under a parent domain e.g., subdomain.host.com sets cookies scoped to the parent domain .host.com. This allows session token replacement f...

Security Bulletin: IBM App Connect Enterprise Certified Container DesignerAuthoring operands are vulnerable to denial of service [CVE-2024-52362]

Summary IBM App Connect Enterprise Certified Container DesignerAuthoring does not properly validate the name of a flow, such that invalid names can make a flow inaccesible. This bulletin provides patch information to address the reported vulnerability. CVE-2024-52362 Vulnerability Details...

CVE-2025-21850

In the Linux kernel, the following vulnerability has been resolved: nvmet: Fix crash when a namespace is disabled The namespace percpu counter protects pending I/O, and we can only safely diable the namespace once the counter drop to zero. Otherwise we end up with a crash when running...

CVE-2024-58088

In the Linux kernel, the following vulnerability has been resolved: bpf: Fix deadlock when freeing cgroup storage The following commit bc235cdb423a "bpf: Prevent deadlock from recursive bpftaskstorageget|delete" first introduced deadlock prevention for fentry/fexit programs attaching on...

PT-2025-11129

Name of the Vulnerable Software and Affected Versions ruby-saml versions prior to 1.12.4 and 1.18.0 Description An authentication bypass vulnerability was found in ruby-saml due to a parser differential. ReXML and Nokogiri parse XML differently, generating entirely different document structures...

CVE-2025-27792

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery CSRF were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referre...

CVE-2025-27792 Opal vulnerable to CSRF protection bypass

Opal is OBiBa’s core database application for biobanks or epidemiological studies. Prior to version 5.1.1, the protections against cross-site request forgery CSRF were insufficient application-wide. The referrer header is checked, and if it is invalid, the server returns 403. However, the referre...

Security Bulletin: Vulnerability in Werkzeug affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.

Summary Potential vulnerability in Werkzeug has been identified that affects IBM watsonx Assistant Cartridge and IBM watsonx Orchestrate with watsonx Assistant Cartridge - Assistant Builder Component.. The vulnerability have been addressed. Refer to details for additional information. Vulnerabili...

CVE-2025-27601 Umbraco Allows Improper API Access Control to Low-Privilege Users to Data Type Functionality

Umbraco is a free and open source .NET content management system. An improper API access control issue has been identified Umbraco's API management package prior to versions 15.2.3 and 14.3.3, allowing low-privilege, authenticated users to create and update data type information that should be...

CVE-2025-27601

CVE-2025-27601 concerns Umbraco in the API management package, where an improper API access control allows low-privilege authenticated users to create and update data type information restricted to settings-access users. Affected are Umbraco.Cms.Api.Management versions prior to 14.3.3 and 15.2.3....