IBM Security Verify Bridge和IBM Security Verify Gateway 日志信息泄露漏洞

IBM Security Verify Bridge and IBM Security Verify Gateway are both products of International Business Machines IBM, U.S.A. IBM Security Verify Bridge is an IBM application component. Provides IBM Cloud access to user attributes and authentication that are controlled by the customer's local LDAP ...

PT-2025-7418 · Ibm · Ibm Security Verify Gateway For Windows Login +2

Name of the Vulnerable Software and Affected Versions: IBM Security Verify Bridge Directory Sync versions 1.0.1 through 1.0.12 IBM Security Verify Gateway for Windows Login versions 1.0.1 through 1.0.10 IBM Security Verify Gateway for Radius versions 1.0.1 through 1.0.11 Description: The issue...

IBM Security Verify Bridge和IBM Security Verify Gateway 安全漏洞

IBM Security Verify Bridge and IBM Security Verify Gateway are both products of International Business Machines IBM, U.S.A. IBM Security Verify Bridge is an IBM application component. It provides IBM Cloud access to user attributes and authentication that are controlled by the customer's local LD...

Netscaler VPX : NTP_Sync Failing even after ntp process restart

Netscaler VPX is configured with NTP sync to pool.ntp.org or any NTP server, but the NTP sync does not work even after disabling and enabling NTP sync and also restarting the NTP process...

CVE-2024-13535 Actionwear products sync <= 2.3.2 - Unauthenticated Full Patch Disclosure

The Actionwear products sync plugin for WordPress is vulnerable to Full Path Disclosure in all versions up to, and including, 2.3.2. This is due the composer-setup.php file being publicly accessible with 'displayerrors' set to true. This makes it possible for unauthenticated attackers to retrieve...

PT-2025-6562 · WordPress · Actionwear Products Sync Plugin

Name of the Vulnerable Software and Affected Versions: Actionwear products sync plugin for WordPress versions up to, and including, 2.3.0 Description: The issue is due to the composer-setup.php file being publicly accessible with display errors set to true, allowing unauthenticated attackers to...

WordPress plugin Actionwear products sync 安全漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform supports setting up personal blog sites on servers with PHP and MySQL.WordPress plugin is an application plugin. A security vulnerability...

WordPress Actionwear products sync plugin <= 2.3.0 - Unauthenticated Full Patch Disclosure vulnerability

Unauthenticated Full Patch Disclosure vulnerability discovered by stealthcopter in WordPress Plugin Actionwear products sync versions = 2.3.0...

CVE-2025-24903

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

CVE-2025-24903

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

CVE-2025-24903 libsignal-service-rs Doesn't Check Origin of Sync Messages

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

CVE-2025-24903 libsignal-service-rs Doesn't Check Origin of Sync Messages

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

CVE-2025-24903

The CVE-2025-24903 entry concerns libsignal-service-rs, a Rust implementation of the Signal service client. Before commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact could forge a sync message by impersonating another device of the local user because the origin of sync messages was not ...

CVE-2025-24903 libsignal-service-rs Doesn't Check Origin of Sync Messages

libsignal-service-rs is a Rust version of the libsignal-service-java library which implements the core functionality to communicate with Signal servers. Prior to commit 82d70f6720e762898f34ae76b0894b0297d9b2f8, any contact may forge a sync message, impersonating another device of the local user...

WordPress Post Sync plugin <= 1.1 - Reflected Cross-Site Scripting vulnerability

Reflected Cross-Site Scripting vulnerability discovered by Hassan Khan Yusufzai - Splint3r7 in WordPress Plugin Post Sync versions = 1.1...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: dma-buf/sw-sync: Do not enable IRQ from syncprintobj. Since the commit a6aa8fca4d79 “dma-buf/sw-sync: Reduce irqsave/irqrestore from known context” was made, it accidentally replaced spinunlockirqrestore with spinunlockirq for bo...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: i40e: A race condition was fixed by adding an intermediate filter synchronization state. A race condition in the i40e driver was addressed, which could cause MAC/VLAN filters to become corrupted and leak data. This issue occurs...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: net/mlx5: Fixed the issue of missing lock acquisition before performing sync reset reload operations. During sync reset reload operations, when a remote host updates devlink during the reload process, the lock acquisition before...

Astra Linux – Vulnerability in Linux 6.1

In the Linux kernel, the following vulnerabilities have been resolved: Bluetooth: MGMT: Fixed a slab-use-after-free read in setpoweredsync. This fix resolves the following crash: BUG: KASAN: Slab-use-after-free in setpoweredsync+0x3a/0xc0, net/bluetooth/mgmt.c:1353. A read of size 8 at address...

Malicious code in pnpm-sync-api-tests (npm)

--- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 7ff8a3208b0a7303df5e44ee0ec9bcc028b58bffe1fdabfbea89ab56a78cf841 Any computer that has this package installed or running should be considered fully compromised. All secrets and keys stored on that computer should be...