Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization due to insufficient validation of the serviceAccount path in the HashiCorp Vault authentication process. An attacker can access and exfiltrate arbitrary files from the node's filesystem by creating or modifying a...

CVE-2025-13427

An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific AP...

keda 安全漏洞

keda is a Kubernetes scaling software open source by KEDA. A security vulnerability exists in keda versions prior to 2.17.3 and prior to 2.18.3, which stems from insufficient path validation in TriggerAuthentication and could lead to arbitrary file reads...

WordPress Freshchat plugin cross-site request forgery vulnerability

WordPress Freshchat plugin is a tool for integrating live chat functionality on WordPress websites, mainly providing customer support and user interaction features. The WordPress Freshchat plugin suffers from a cross-site request forgery vulnerability that originates from a web application that...

CVE-2025-68433

Zed, a code editor, has an aribtrary code execution vulnerability in versions prior to 0.218.2-pre. The Zed IDE loads Model Context Protocol MCP configurations from the settings.json file located within a project’s .zed subdirectory. A malicious MCP configuration can contain arbitrary shell...

CVE-2025-13427

An authentication bypass vulnerability in Google Cloud Dialogflow CX Messenger allowed unauthenticated users to interact with restricted chat agents, gaining access to the agents' knowledge and the ability to trigger their intents, by manipulating initialization parameters or crafting specific AP...

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

PT-2025-52356

Name of the Vulnerable Software and Affected Versions Google Cloud Dialogflow CX Messenger versions prior to August 20th, 2025 Description An authentication bypass issue in Google Cloud Dialogflow CX Messenger permitted unauthorized users to interact with restricted chat agents. This allowed acce...

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

SUSE CVE-2025-68201

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUGONs Those can be triggered trivially by userspace...

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

CVE-2025-67794

CVE-2025-67794 affects DriveLock agents (versions 24.1–24.1.*, 24.2 before 24.2.8, and 25.1 before 25.1.6). The root cause is overly permissive ACLs on directories and files created by the agent, enabling local users without administrator rights to trigger actions or destabilize the agent. Multip...

CVE-2025-48429

An out-of-bounds read vulnerability exists in the RLECodec::DecodeByStreams functionality of Grassroot DICOM 3.024. A specially crafted DICOM file can lead to leaking heap data. An attacker can provide a malicious file to trigger this vulnerability...

EUVD-2025-203695

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUGONs Those can be triggered trivially by userspace...

AZL-72434 CVE-2025-68201 affecting package kernel 6.6.126.1-1

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUGONs Those can be triggered trivially by userspace...

CVE-2025-68201

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUGONs Those can be triggered trivially by userspace...

CVE-2025-68201

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUGONs Those can be triggered trivially by userspace...

CVE-2025-68201 drm/amdgpu: remove two invalid BUG_ON()s

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu: remove two invalid BUGONs Those can be triggered trivially by userspace...

Linux Distros Unpatched Vulnerability : CVE-2025-68201

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - drm/amdgpu: remove two invalid BUGONs Those can be triggered trivially by userspace. CVE-2025-68201 Note that Nessus relies on the presence of the package as...

CIS-BA: Continuous Interaction Space Based Backdoor Attack for Object Detection in the Real-World

Object detection models deployed in real-world applications such as autonomous driving face serious threats from backdoor attacks. Despite their practical effectiveness,existing methods are inherently limited in both capability and robustness due to their dependence on single-trigger-single-objec...