SandCell: Sandboxing Rust beyond Unsafe Code

Rust is a modern systems programming language that ensures memory safety by enforcing ownership and borrowing rules at compile time. While the unsafe keyword allows programmers to bypass these restrictions, it introduces significant risks. Various approaches for isolating unsafe code to protect...

CVE-2025-10988

A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor w...

Security update for the Linux Kernel

The SUSE Linux Enterprise 15 SP3 RT kernel was updated to receive various security bugfixes. The following security bugs were fixed: CVE-2022-49492: nvme-pci: fix a NULL pointer dereference in nvmeallocadmintags bsc1238954. CVE-2022-50116: kernel: tty: ngsm: fix deadlock and link starvation in...

CVE-2025-10988

The connected PT-2025-39467 entry confirms a vulnerability in YunaiV ruoyi-vue-pro up to version 2025.09 affecting an unspecified portion of /crm/business/transfer and causing improper authorization. It can be exploited remotely, and an exploit is publicly available. The vendor has been notified ...

CVE-2025-10988 YunaiV ruoyi-vue-pro transfer improper authorization

A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor w...

CVE-2025-10988 YunaiV ruoyi-vue-pro transfer improper authorization

A vulnerability was identified in YunaiV ruoyi-vue-pro up to 2025.09. This affects an unknown part of the file /crm/business/transfer. Such manipulation leads to improper authorization. It is possible to launch the attack remotely. The exploit is publicly available and might be used. The vendor w...

CVE-2025-10987

A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate t...

CVE-2025-10987

A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate t...

CVE-2025-10987

YunaiV yudao-cloud (HTTP Request Handler) is affected by CVE-2025-10987 due to improper authorization in the /crm/contact/transfer file where the contactId parameter can be manipulated. The issue enables a remote attack and has publicly disclosed exploits. Multiple feeds confirm the vulnerability...

CVE-2025-10987 YunaiV yudao-cloud HTTP Request transfer improper authorization

A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate t...

CVE-2025-10987 YunaiV yudao-cloud HTTP Request transfer improper authorization

A vulnerability was determined in YunaiV yudao-cloud up to 2025.09. Affected by this issue is some unknown functionality of the file /crm/contact/transfer of the component HTTP Request Handler. This manipulation of the argument contactId causes improper authorization. It is possible to initiate t...

PT-2025-39466

Name of the Vulnerable Software and Affected Versions YunaiV yudao-cloud versions prior to 2025.09 Description A flaw exists in YunaiV yudao-cloud that could lead to improper authorization. This issue is related to the HTTP Request Handler component and the /crm/contact/transfer file. The contact...

yudao-cloud 授权问题漏洞

yudao-cloud is a backend management system for YunaiV individual developers. An authorization issue vulnerability exists in yudao-cloud version 2025.09 and earlier, which stems from improper authorization of the parameter contactId in the file /crm/contact/transfer, which could lead to remote...

ruoyi-vue-pro 授权问题漏洞

ruoyi-vue-pro is China's taro source code zhijiantianya open source an optimized refactoring of efficient backend management system framework for the development of enterprise backend , SaaS platforms , WeChat small program backend and so on. ruoyi-vue-pro 2025.09 and previous versions of the...

PT-2025-39467

Name of the Vulnerable Software and Affected Versions YunaiV ruoyi-vue-pro versions up to 2025.09 Description A flaw exists in YunaiV ruoyi-vue-pro up to version 2025.09, related to improper authorization. The issue is located in an unspecified part of the /crm/business/transfer file and can be...

curl: SMTP Command Injection Vulnerabilities in curl

Summary Successfully reproduced SMTP command injection vulnerabilities in curl that allow attackers to inject arbitrary SMTP commands by using carriage return and line feed characters \r\n in email addresses. Vulnerabilities Confirmed 1. MAIL FROM Injection Description: Injection via --mail-from...

CVE-2025-10957

This vulnerability exists in the Syrotech SY-GPON-2010-WADONT router due to improper access control in its FTP service. A remote attacker could exploit this vulnerability by establishing an FTP connection using default credentials, potentially gaining unauthorized access to configuration files,...

Critical CVSS 10 Flaw in GoAnywhere File Transfer Threatens 20,000 Systems

Urgent warning for Fortra GoAnywhere MFT users. A CVSS 10.0 deserialization vulnerability CVE-2025-10035 in the License Servlet allows command injection. Patch to v7.8.4 immediately to prevent system takeover...

HTTP/2: Multiple HTTP/2 enabled web servers are vulnerable to a DDoS attack (Rapid Reset Attack)

A flaw was found in handling multiplexed streams in the HTTP/2 protocol. A client can repeatedly make a request for a new multiplex stream and immediately send an RSTSTREAM frame to cancel it. This creates extra work for the server setting up and tearing down the streams while not hitting any...

Syrotech SY-GPON-2010-WADONT 访问控制错误漏洞

The Syrotech SY-GPON-2010-WADONT is an optical network termination device from Syrotech India. An access control error vulnerability exists in the Syrotech SY-GPON-2010-WADONT that stems from improper access control of the FTP service, which could lead to unauthorized access...