CVE-2025-64118 node-tar vulnerable to race condition leading to uninitialized memory exposure

node-tar is a Tar for Node.js. In 7.5.1, using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. This vulnerability is fixed in 7.5.2...

Race Condition

Overview tar is a full-featured Tar for Node.js. Affected versions of this package are vulnerable to Race Condition in the tar.t function, also known as tar.list, when the sync: true option is used and the underlying tar file is truncated on disk to a smaller size between the time its size is...

node-tar has a race condition leading to uninitialized memory exposure

Summary Using .t aka .list with sync: true to read tar entry contents returns uninitialized memory contents if tar file was changed on disk to a smaller size while being read. Details See: https://github.com/isaacs/node-tar/issues/445 https://github.com/isaacs/node-tar/pull/446 Regression happene...

CVE-2025-62795 JumpServer Unauthorized LDAP Configuration Access via WebSocket

JumpServer is an open source bastion host and an operation and maintenance security audit system. Prior to v3.10.21-lts and v4.10.12-lts, a low-privileged authenticated user can invoke LDAP configuration tests and start LDAP synchronization by sending crafted messages to the /ws/ldap/ WebSocket...

PT-2025-44446

Name of the Vulnerable Software and Affected Versions node-tar versions prior to 7.5.2 Description node-tar is a Tar for Node.js. When using the .t also known as .list function with the sync: true option to read tar entry contents, uninitialized memory contents may be returned if the tar file is...

Brave Desktop 1.84.132 Security Fixes

Disabled "navigator.share" in Tor windows. - Set secure clipboard flag when copying Brave Sync code words as reported on HackerOne by newfunction. 47841 & 47880 Upgraded Chromium to 142.0.7444.60 — refer to Google Chrome advisories for inherited CVEs...

Siemens SIMATIC Devices Improper Locking (CVE-2024-38780)

In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: don't enable IRQ from syncprintobj. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; ...

CVE-2025-62978

Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through = 1.8.5...

CVE-2025-62516

CVE-2025-62516 entry rejected; not an active vulnerability.

EUVD-2025-35967

Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through = 1.8.5...

CVE-2025-62978

Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through = 1.8.5...

CVE-2025-62978

CVE-2025-62978 is a Missing Authorization / Broken Access Control vulnerability affecting KiotViet Sync for WordPress (≤ 1.8.5). The advisory notes insufficient access control configuration; CVSS v3.1 base score 4.3 (Medium) with network attack vector and low privileges required. The Red Hat/NVD ...

CVE-2025-62978 WordPress KiotViet Sync plugin <= 1.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through = 1.8.5...

CVE-2025-62978 WordPress KiotViet Sync plugin <= 1.8.5 - Broken Access Control vulnerability

Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through = 1.8.5...

PT-2025-43850

Missing Authorization vulnerability in Kiotviet KiotViet Sync kiotvietsync allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects KiotViet Sync: from n/a through = 1.8.5...

WordPress plugin KiotViet Sync 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blogging sites on PHP and MySQL based servers.WordPress plugin is an application plugin... A security...

Siemens SIMATIC Devices Improper Input Validation (CVE-2024-27052)

Vulnerability in Linux kernel: wifi: rtl8xxxu: add cancelworksync for c2hcmdwork The workqueue might still be running, when the driver is stopped. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable,...

Linux Distros Unpatched Vulnerability : CVE-2025-39982

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Bluetooth: hcievent: Fix UAF in hciaclcreateconnsync This fixes the following UFA in hciaclcreateconnsync where a connection still pending is command submission...

CVE-2025-11976

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...

EUVD-2025-35919

The FuseWP – WordPress User Sync to Email List & Marketing Automation Mailchimp, Constant Contact, ActiveCampaign etc. plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 1.1.23.0. This is due to missing or incorrect nonce validation on the...