GHSA-F8Q6-3G5W-JJR6 Shopware: Admin API ACL Bypass in Order State Transition Endpoints

Summary This is a vertical authorization bypass in the Admin API affecting order state transition features /api/action/order/orderId/state/transition and similar transaction/delivery transition routes. The root cause is that the transition action routes do not declare required server-side ACL...

Do You Dare to Try Test-Driven Forensics? Increasing Trust in Desktop Forensics with ADARE

Digital forensic relies on validated tools and established procedures, yet the underlying operating systems, applications, and analysis tools evolve rapidly. This evolution can cause artifact behavior and tool outputs to drift, silently degrading repeatability and confidence in long-lived forensi...

Astra Linux - уязвимость в linux-6.1

In the Linux kernel, the following vulnerability has been resolved: PCI: rcar: The WARN function has been replaced with devwarnratelimited in rcarpciewakeup. It is sufficient to warn the user that there has been a link problem. Either the link has failed and the system requires maintenance, or th...

Astra Linux - уязвимость в linux-5.10

In the Linux kernel, the following vulnerability has been resolved: sched/ext: Fixed invalid task state transitions during class switching. When enabling the schedext scheduler, it is possible to trigger invalid task state transitions, resulting in warnings like the following which can be easily...

SUSE CVE-2026-41651

PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use TOCTOU race condition on transaction flags that...

EUVD-2015-1210

Malware in sbrugna...

EUVD-2019-7497

Malware in sbrugna...

EUVD-2021-19544

Malware in sbrugna...

EUVD-2019-2322

Malware in sbrugna...

EUVD-2023-46426

Malicious code in bioql PyPI...

CVE-2025-39780 sched/ext: Fix invalid task state transitions on class switch

In the Linux kernel, the following vulnerability has been resolved: sched/ext: Fix invalid task state transitions on class switch When enabling a schedext scheduler, we may trigger invalid task state transitions, resulting in warnings like the following which can be easily reproduced by running t...

PT-2025-37237

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to invalid task state transitions when using the sched ext scheduler. This issue occurs because initialization is skipped for tasks that are...

CVE-2020-27895

An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious application may be able to access local users Apple IDs...

CVE-2019-10518

Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure an...

CVE-2025-1566

CVE-2025-1566 affects Google ChromeOS, specifically the Native System VPN in the Dev Channel. The root cause is a failure to properly tunnel DNS traffic during VPN state transitions, enabling network observers to expose plaintext DNS queries. Reported in ChromeOS/Kubernetes-related advisories, wi...

CVE-2022-49219 vfio/pci: fix memory leak during D3hot to D0 transition

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix memory leak during D3hot to D0 transition If 'vfiopcicoredevice::needspmrestore' is set PCI device does not have NoSoftReset bit set in its PMCSR config register, then the current PCI state will be saved locally in...

CVE-2022-49219

In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix memory leak during D3hot to D0 transition If 'vfiopcicoredevice::needspmrestore' is set PCI device does not have NoSoftReset bit set in its PMCSR config register, then the current PCI state will be saved locally in...

CVE-2024-57951

In the Linux kernel, the following vulnerability has been resolved: hrtimers: Handle CPU state correctly on hotplug Consider a scenario where a CPU transitions from CPUHPONLINE to halfway through a CPU hotunplug down to CPUHPHRTIMERSPREPARE, and then back to CPUHPONLINE: Since hrtimerspreparecpu...

CVE-2024-43367 Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects

Boa is an embeddable and experimental Javascript engine written in Rust. Starting in version 0.16 and prior to version 0.19.0, a wrong assumption made when handling ECMAScript's AsyncGenerator operations can cause an uncaught exception on certain scripts. Boa's implementation of AsyncGenerator...

Boa has an uncaught exception when transitioning the state of `AsyncGenerator` objects

A wrong assumption made when handling ECMAScript's AsyncGenerator operations can cause an uncaught exception on certain scripts. Details Boa's implementation of AsyncGenerator makes the assumption that the state of an AsyncGenerator object cannot change while resolving a promise created by method...