64 matches found
CVE-2026-48014
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the order state transition features /api/action/order/orderId/state/transition and similar transaction and delivery transition routes in src/Core/Checkout/Order/Api/OrderActionController.php do not declare...
CVE-2026-48014 Shopware: Admin API ACL Bypass in Order State Transition Endpoints
Shopware is an open commerce platform. Prior to 6.6.10.18 and 6.7.10.1, the order state transition features /api/action/order/orderId/state/transition and similar transaction and delivery transition routes in src/Core/Checkout/Order/Api/OrderActionController.php do not declare...
SUSE CVE-2026-53033
In the Linux kernel, the following vulnerability has been resolved: bpf, sockmap: Take state lock for afunix iter When a BPF iterator program updates a sockmap, there is a race condition in unixstreambpfupdateproto where the peer pointer can become stale1 during a state transition TCPESTABLISHED ...
GHSA-F8Q6-3G5W-JJR6 Shopware: Admin API ACL Bypass in Order State Transition Endpoints
Summary This is a vertical authorization bypass in the Admin API affecting order state transition features /api/action/order/orderId/state/transition and similar transaction/delivery transition routes. The root cause is that the transition action routes do not declare required server-side ACL...
Missing Authorization
Overview shopware/platform is a Shopware e-commerce core. Affected versions of this package are vulnerable to Missing Authorization in the orderStateTransition process. An attacker can modify order states without proper privileges by sending crafted API requests directly to the affected endpoints...
Do You Dare to Try Test-Driven Forensics? Increasing Trust in Desktop Forensics with ADARE
Digital forensic relies on validated tools and established procedures, yet the underlying operating systems, applications, and analysis tools evolve rapidly. This evolution can cause artifact behavior and tool outputs to drift, silently degrading repeatability and confidence in long-lived forensi...
Astra Linux – Vulnerability in Linux 5.10
In the Linux kernel, the following vulnerability has been resolved: sched/ext: Fixed invalid task state transitions during class switching. When enabling the schedext scheduler, it is possible to trigger invalid task state transitions, resulting in warnings like the following which can be easily...
SUSE CVE-2026-41651
PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use TOCTOU race condition on transaction flags that...
EUVD-2021-19544
Malware in sbrugna...
EUVD-2019-2322
Malware in sbrugna...
EUVD-2019-7497
Malware in sbrugna...
EUVD-2015-1210
Malware in sbrugna...
EUVD-2023-46426
Malicious code in bioql PyPI...
CVE-2025-39780 sched/ext: Fix invalid task state transitions on class switch
In the Linux kernel, the following vulnerability has been resolved: sched/ext: Fix invalid task state transitions on class switch When enabling a schedext scheduler, we may trigger invalid task state transitions, resulting in warnings like the following which can be easily reproduced by running t...
PT-2025-37237
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: A flaw exists in the Linux kernel related to invalid task state transitions when using the sched ext scheduler. This issue occurs because initialization is skipped for tasks that are...
CVE-2020-27895
An information disclosure issue existed in the transition of program state. This issue was addressed with improved state handling. This issue is fixed in iTunes 12.11 for Windows. A malicious application may be able to access local users Apple IDs...
CVE-2019-10518
Use after free of a pointer in iWLAN scenario during netmgr state transition to CONNECT in Snapdragon Auto, Snapdragon Compute, Snapdragon Consumer IOT, Snapdragon Industrial IOT, Snapdragon IoT, Snapdragon Mobile, Snapdragon Voice & Music, Snapdragon Wearables, Snapdragon Wired Infrastructure an...
CVE-2025-1566
CVE-2025-1566 affects Google ChromeOS, specifically the Native System VPN in the Dev Channel. The root cause is a failure to properly tunnel DNS traffic during VPN state transitions, enabling network observers to expose plaintext DNS queries. Reported in ChromeOS/Kubernetes-related advisories, wi...
CVE-2022-49219
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix memory leak during D3hot to D0 transition If 'vfiopcicoredevice::needspmrestore' is set PCI device does not have NoSoftReset bit set in its PMCSR config register, then the current PCI state will be saved locally in...
CVE-2022-49219 vfio/pci: fix memory leak during D3hot to D0 transition
In the Linux kernel, the following vulnerability has been resolved: vfio/pci: fix memory leak during D3hot to D0 transition If 'vfiopcicoredevice::needspmrestore' is set PCI device does not have NoSoftReset bit set in its PMCSR config register, then the current PCI state will be saved locally in...