SGWBox N3 授权问题漏洞

SGWBox N3 is a network storage device from China's Pickup Dock SGWBox. An authorization issue vulnerability exists in SGWBox N3 version 2.0.25, which stems from incorrect manipulation of the parameter token in the file/fsnotify, which could lead to improper authentication...

EUVD-2024-3238

Malicious code in bioql PyPI...

CVE-2025-30438

This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A malicious app may be able to dismiss the system notification on the Lock Screen that...

CVE-2025-30438

This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A malicious app may be able to dismiss the system notification on the Lock Screen that...

CVE-2025-30438

CVE-2025-30438 affects Apple platforms (iOS/iPadOS/macOS/tvOS/visionOS/watchOS) where an issue in access restrictions could allow a malicious app to dismiss the Lock Screen notification that a recording was started. The problem is addressed with fixes in iOS 18.4/iPadOS 18.4, macOS Sequoia 15.4, ...

CVE-2025-30438

This issue was addressed with improved access restrictions. This issue is fixed in visionOS 2.4, macOS Ventura 13.7.5, tvOS 18.4, iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5. A malicious app may be able to dismiss the system notification on the Lock Screen that a recording w...

CVE-2025-30438

This issue was addressed with improved access restrictions. This issue is fixed in iOS 18.4 and iPadOS 18.4, macOS Sequoia 15.4, macOS Sonoma 14.7.5, macOS Ventura 13.7.5, tvOS 18.4, visionOS 2.4, watchOS 11.4. A malicious app may be able to dismiss the system notification on the Lock Screen that...

PT-2025-13972 · Apple · Macos Sonoma +7

Name of the Vulnerable Software and Affected Versions: visionOS versions prior to 2.4 macOS Ventura versions prior to 13.7.5 tvOS versions prior to 18.4 iOS versions prior to 18.4 iPadOS versions prior to 18.4 macOS Sequoia versions prior to 15.4 macOS Sonoma versions prior to 14.7.5 Description:...

USN-7380-1 linux-lowlatency vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86...

USN-7379-1 linux, linux-aws, linux-azure, linux-gcp, linux-hwe-6.11, linux-oracle, linux-realtime vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - ARM64 architecture; - MIPS architecture; - PowerPC architecture; - RISC-V architecture; - S390 architecture; - x86...

CVE-2024-52292 Craft Allows Attackers to Read Arbitrary System Files

Craft is a content management system CMS. The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, and converts it into a Base64-encoded string. By embedding this function...

CVE-2024-52292

CVE-2024-52292 affects Craft CMS. The dataUrl function can exfiltrate the contents of arbitrary server files when an attacker has write permissions on system notification templates and can trigger a system email. By embedding a path to a sensitive file, the Base64-encoded content is sent via an e...

Craft CMS Arbitrary System File Read

Summary By abusing the mail notification template it is possible to read arbitrary operating system files. Details The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file's content, an...

PT-2024-35158 · Craft · Craft

Name of the Vulnerable Software and Affected Versions: Craft versions prior to 4.12.8 Craft versions prior to 5.4.9 Description: The dataUrl function can be exploited if an attacker has write permissions on system notification templates. This function accepts an absolute file path, reads the file...

Linux kernel 资源管理错误漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a post-release reuse issue in the file system notification feature. A local attacker exploiting this...