CVE-2021-47720 Orangescrum 1.8.0 Authenticated SQL Injection via Multiple Parameters

Orangescrum 1.8.0 contains an authenticated SQL injection vulnerability that allows authorized users to manipulate database queries through multiple vulnerable parameters. Attackers can inject malicious SQL code into parameters like oldprojectid, projectid, uuid, and uniqid to potentially extract...

CVE-2021-47720

Orangescrum 1.8.0 is affected by an authenticated SQL injection via multiple parameters (old_project_id, project_id, uuid, uniqid). The root cause is insufficient validation of input parameters, allowing attackers with authorization to manipulate database queries and potentially extract or modify...

keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

pretix has Broken Access Control Allowing Cross-User File Access via UUID

An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

CVE-2025-14882

An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

PT-2025-52445

An API endpoint allowed access to sensitive files from other users by knowing the UUID of the file that were not intended to be accessible by UUID only...

EUVD-2025-204291

Unicode RTLO characters could allow malicious websites to spoof filenames in the downloads UI for Firefox for iOS, potentially tricking users into saving files of an unexpected file type. This vulnerability affects Firefox for iOS 144.0...

keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

ALSA-2025:23201 Important: keylime security update

Keylime is a TPM based highly scalable remote boot attestation and runtime integrity measurement solution. Security Fixes: keylime: Keylime: Registrar allows identity takeover via duplicate UUID registration CVE-2025-13609 For more details about the security issues, including the impact, a CVSS...

EUVD-2025-202655

Not used...

CVE-2025-66565

Fiber Utils (github.com/gofiber/utils) has a vulnerability in UUIDv4() and UUID() where crypto/rand.Read() failures trigger silent fallbacks to predictable UUID values, including the zero UUID 00000000-0000-0000-0000-000000000000. This root cause affects versions up to 2.0.0-rc.3; the issue is fi...

Fiber Utils 安全特征问题漏洞

Fiber Utils is a general-purpose function library in the Fiber open source. A security feature issue vulnerability exists in Fiber Utils 2.0.0-rc.3 and earlier versions, which stems from the return of a predictable UUID on failure of the random number generator, which could lead to compromised...

Use of Cryptographically Weak Pseudo-Random Number Generator (PRNG)

Overview Affected versions of this package are vulnerable to Use of Cryptographically Weak Pseudo-Random Number Generator PRNG due to the UUIDv4 and UUID functions silently returning predictable values, such as the zero UUID, when the cryptographic random number generator fails. An attacker can...

EUVD-2025-198980

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

CVE-2025-13609 Keylime: keylime: registrar allows identity takeover via duplicate uuid registration

A vulnerability has been identified in keylime where an attacker can exploit this flaw by registering a new agent using a different Trusted Platform Module TPM device but claiming an existing agent's unique identifier UUID. This action overwrites the legitimate agent's identity, enabling the...

Linux Distros Unpatched Vulnerability : CVE-2025-39988

"The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - can: etases58x: populate ndochangemtu to prevent buffer overflow Sending an PFPACKET allows to bypass the CAN framework logic and to directly reach the xmit...

CVE-2025-40016

CVE-2025-40016 affects the Linux kernel uvcvideo path. The fix marks entities with invalid IDs (UVC_INVALID_ENTITY_ID) to enforce non-zero unique IDs for Units and Terminals as required by UVC 1.1+. The change aims to prevent invalid or duplicate IDs (e.g., 0x00 or repeated IDs) from propagating ...

CVE-2025-40016 media: uvcvideo: Mark invalid entities with id UVC_INVALID_ENTITY_ID

In the Linux kernel, the following vulnerability has been resolved: media: uvcvideo: Mark invalid entities with id UVCINVALIDENTITYID Per UVC 1.1+ specification 3.7.2, units and terminals must have a non-zero unique ID. Each Unit and Terminal within the video function is assigned a unique...

Eclipse ThreadX NetX Duo 安全漏洞

Eclipse ThreadX NetX Duo is an IPv4 and IPv6 dual network stack for Eclipse ThreadX open source. A security vulnerability exists in Eclipse ThreadX NetX Duo versions prior to 6.4.4 that stems from a DHCPV6 client not checking the server DUID index in the server reply, which could lead to an...

EUVD-2015-1253

Malware in sbrugna...