CVE-2025-10932

CVE-2025-10932 is an Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfer (AS2 module). The issue affects MOVEit Transfer versions 2025.0.0–before 2025.0.3, 2024.1.0–before 2024.1.7, and 2023.1.0–before 2023.1.16. The root cause is an input/AS2 request handling flaw that ca...

CVE-2025-10932 AS2 module allows uncontrolled file uploads

Uncontrolled Resource Consumption vulnerability in Progress MOVEit Transfer AS2 module.This issue affects MOVEit Transfer: from 2025.0.0 before 2025.0.3, from 2024.1.0 before 2024.1.7, from 2023.1.0 before 2023.1.16...

Man-In-The-Middle (MITM)

Dragonfly is vulnerable to Man-in-the-Middle MitM attack. The vulnerability is due to the scheduler being hardcoded to use the insecure HTTP protocol for downloading tiny files, which allows an attacker to intercept and modify network requests to deliver malicious or altered data...

Progress MOVEit Transfer 资源管理错误漏洞

Progress MOVEit Transfer is a secure hosted file transfer application from Progress. A resource management error vulnerability exists in Progress MOVEit Transfer that stems from an uncontrolled resource consumption issue in the AS2 module. The following versions are affected: versions 2025.0.0...

PT-2025-44353

Name of the Vulnerable Software and Affected Versions OpenSSH affected versions not specified Description If SSH session multiplexing was configured on the client side, SSH sessions such as scp and sftp multiplexed onto the same channel could perform file-system operations after a configured...

PT-2025-44302

Name of the Vulnerable Software and Affected Versions Progress MOVEit Transfer versions 2023.1.0 through 2023.1.16 Progress MOVEit Transfer versions 2024.1.0 through 2024.1.7 Progress MOVEit Transfer versions 2025.0.0 through 2025.0.3 Description An uncontrolled resource consumption issue exists ...

USN-7845-1 squid, squid3 vulnerability

Leonardo Giovannini discovered that Squid failed to redact HTTP Authentication credentials in a default configuration. An attacker could possibly use this issue to obtain sensitive information...

CVE-2025-62909

Missing Authorization vulnerability in mrityunjay Smart WeTransfer smart-wetransfer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart WeTransfer: from n/a through = 1.3...

PT-2025-48281

Name of the Vulnerable Software and Affected Versions Mattermost versions 10.5.x through 10.5.12 Mattermost versions 10.11.x through 10.11.4 Mattermost versions 10.12.x through 10.12.1 Mattermost versions 11.0.x through 11.0.2 Description Mattermost fails to verify that the token used during the...

CVE-2025-12365

Error Messages Wrapped In HTTP Header.This issue affects BLU-IC2: through 1.19.5; BLU-IC4: through 1.19.5...

EUVD-2025-36192

An issue in MikroTik RouterOS v.7.14.2 and SwitchOS v.2.18 allows a remote attacker to execute arbitrary code via the HTTP- only WebFig management component...

CVE-2025-62909

Missing Authorization vulnerability in mrityunjay Smart WeTransfer smart-wetransfer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart WeTransfer: from n/a through = 1.3...

CVE-2025-62909 WordPress Smart WeTransfer plugin <= 1.3 - Broken Access Control vulnerability

Missing Authorization vulnerability in mrityunjay Smart WeTransfer smart-wetransfer allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Smart WeTransfer: from n/a through = 1.3...

编号撤回

dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. edb is a cross-platform AArch32/x86/x86-64 debugger. This CVE number has been withdrawn...

编号撤回

dnsmasq is a lightweight DNS forwarding and DHCP, TFTP server written in C. edb is a cross-platform AArch32/x86/x86-64 debugger. This CVE number has been withdrawn...

Siemens SIMATIC, SCALANCE and RUGGEDCOM Devices Improper Validation of Array Index (CVE-2024-49894)

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: Fix index out of bounds in degamma hardware format translation Fixes index out of bounds issue in cmhelpertranslatecurvetodegammahwformat function. The issue could occur when the index 'i' exceeds the number of...

PT-2025-43851

Insertion of Sensitive Information Into Sent Data vulnerability in airesvsg ACF to REST API acf-to-rest-api allows Retrieve Embedded Sensitive Data.This issue affects ACF to REST API: from n/a through = 3.3.4...

Siemens SIMATIC Devices Improper Removal of Sensitive Information Before Storage or Transfer (CVE-2024-26816)

x86, relocs: relocations in .notes section. When building with CONFIGXENPV=y, .text symbols are emitted into the .notes section so that Xen can find the startupxen entry point. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information...

Siemens SIMATIC Devices Improper Input Validation (CVE-2025-21704)

usb: cdc-acm: Check control transfer buffer size before access This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot for more information. %NASLMINLEVEL 80900 C Tenable, Inc. include'compat.inc'; if description scriptid503558; scriptversion"1.2";...

[SECURITY] Fedora 43 Update: fetchmail-6.5.6-1.fc43

Fetchmail is a remote mail retrieval and forwarding utility intended for use over on-demand TCP/IP links, like SLIP or PPP connections. Fetchmail supports every remote-mail protocol currently in use on the Internet POP2, POP3, RPOP, APOP, KPOP, all IMAPs, ESMTP ETRN, IPv6, and IPSEC for retrieval...