28056 matches found
Security Bulletin: This Power System update is being released to address CVE-2025-36238
Summary If an attacker is able to gain system administrator access a Virtual TPM can be compromised through the use of a series of PowerVM service procedures. Vulnerability Details CVEID:CVE-2025-36238 DESCRIPTION: IBM PowerVM Hypervisor could allow a local user with administration privileges to...
AZL-75527 CVE-2025-11065 affecting package moby-cli for versions less than 24.0.9-8
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
AZL-75564 CVE-2025-11065 affecting package rook 1.6.2-27
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
CVE-2025-11065 Github.com/go-viper/mapstructure/v2: go-viper's mapstructure may leak sensitive information in logs in github.com/go-viper/mapstructure
A flaw was found in github.com/go-viper/mapstructure/v2, in the field processing component using mapstructure.WeakDecode. This vulnerability allows information disclosure through detailed error messages that may leak sensitive input values via malformed user-supplied data processed in...
CVE-2025-70982
Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data...
WordPress WP FullCalendar plugin <= 1.6 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin WP FullCalendar versions = 1.6...
WordPress Nexter Blocks plugin <= 4.6.3 - Sensitive Data Exposure vulnerability
Sensitive Data Exposure vulnerability discovered by Nabil Irawan in WordPress Plugin Nexter Blocks versions = 4.6.3...
CVE-2025-59100
The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...
CVE-2025-59100
CVE-2025-59100 affects dormakaba access manager. The web interface allows exporting the internal SQLite database; after export an automatic download starts and the device reboots, at which point the exported database is deleted. In some cases the device does not reboot or the export is not delete...
CVE-2025-59100
The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...
CVE-2025-59100 Unauthenticated Access to the SQLite Database in dormakaba access manager
The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...
EUVD-2025-206364
The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...
CVE-2025-59098 Trace Functionality Leaking Sensitive Data in dormakaba access manager
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...
CVE-2025-70982
CVE-2025-70982 affects SpringBlade v4.5.0 and stems from incorrect access control in the importUser function , enabling attackers with low-level privileges to arbitrarily import sensitive user data. The CVE is rated CRITICAL (CVSS 3.1: 9.9) with vectors: AV=N/AC=L/PR=L/UI=N/S=C/C=H/I=H/A=H. Impac...
CVE-2025-70982
Incorrect access control in the importUser function of SpringBlade v4.5.0 allows attackers with low-level privileges to arbitrarily import sensitive user data...
CVE-2025-67274
An issue in continuous.software aangine v.2025.2 allows a remote attacker to obtain sensitive information via the excel-integration-service template download module, integration-persistence-service job listing module, portfolio-item-service data retrieval module endpoints...
PT-2026-4750
The web interface offers a functionality to export the internal SQLite database. After executing the database export, an automatic download is started and the device reboots. After rebooting, the exported database is deleted and cannot be accessed anymore. However, it was noticed that sometimes t...
PT-2026-4748
The Access Manager is offering a trace functionality to debug errors and issues with the device. The trace functionality is implemented as a simple TCP socket. A tool called TraceClient.exe, provided by dormakaba via the Access Manager web interface, is used to connect to the socket and receive...
Dormakaba Access Manager security vulnerabilities
Dormakaba Access Manager is a smart hardware controller developed by the American company Dormakaba. There is a security vulnerability in Dormakaba Access Manager. This vulnerability arises from the fact that the exported databases are sometimes not deleted, and the paths can be accessed without...
ROS-20260126-73-0013
A vulnerability in the Linux operating system kernel is related to the use of memory after it has been freed. Exploitation of the vulnerability could allow an attacker to gain access to sensitive data...