Malicious code in test-mlw2-hucks-valid (npm)

The package test-mlw2-hucks-valid was found to contain malicious code...

The vulnerability of the `total_valid_block_count` function in the fs/f2fs/f2fs.h library of Linux kernel allows a hacker to trigger a denial-of-service attack.

The vulnerability of the totalvalidblockcount function in the fs/f2fs/f2fs.h library of Linux kernel systems is related to insufficient validation of input data. Exploiting this vulnerability can allow an attacker to cause a service failure...

CVE-2025-46414

The affected product does not limit the number of attempts for inputting the correct PIN for a registered product, which may allow an attacker to gain unauthorized access using brute-force methods if they possess a valid device serial number. The API provides clear feedback when the correct PIN i...

Linux Distros Unpatched Vulnerability : CVE-2024-53235

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: erofs: fix file-backed mounts over FUSE syzbot reported a null-ptr-deref in fusereadargsfill...

CVE-2025-54787

SuiteCRM is an open-source, enterprise-ready Customer Relationship Management CRM software application. There is a vulnerability in SuiteCRM version 7.14.6 which allows unauthenticated downloads of any file from the upload-directory, as long as it is named by an ID e.g. attachments. An...

Linux Distros Unpatched Vulnerability : CVE-2025-38163

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - f2fs: fix to do sanity check on sbi-totalvalidblockcount syzbot reported a f2fs bug as below: ------------ cut here ------------ kernel BUG at...

Linux Distros Unpatched Vulnerability : CVE-2024-34027

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: f2fs: compress: fix to cover reserve,releasecompressblocks w/ cprwsem lock It needs to cover...

f2fs: fix to do sanity check on sbi->total_valid_block_count

...

CVE-2025-44957

Ruckus SmartZone SZ before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers...

CVE-2025-44957

CVE-2025-44957 affects Ruckus SmartZone (SZ) prior to 6.1.2p3 Refresh Build. The issue enables authentication bypass using a valid API key and crafted HTTP headers, potentially granting administrator access. Connected PT security notes corroborate the affected software and specify that the workar...

CVE-2025-44957

Ruckus SmartZone SZ before 6.1.2p3 Refresh Build allows authentication bypass via a valid API key and crafted HTTP headers...

Security update 5.1.0 GM for Multi-Linux Manager Client Tools

This update fixes the following issues: spacecmd: Version update from 5.1.6-0 to 5.1.8-0 with the following key change: Update translation strings uyuni-tools: Version 5.1.14-0: Fix mgradm backup create handling of images and systemd files bsc1244563 migrate existing TLS certificates from 4.3...

PT-2025-31567 · Opexus · Opexus Foiaxpress Public Access Link

Name of the Vulnerable Software and Affected Versions: OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 Description: OPEXUS FOIAXpress Public Access Link PAL version v11.1.0 allows an unauthenticated, remote attacker to query the /App/CreateRequest.aspx endpoint to check for the existence...

PT-2025-31371 · Bugsink · Bugsink

Name of the Vulnerable Software and Affected Versions: Bugsink versions 1.4.2 and below Bugsink versions 1.5.0 through 1.5.4 Bugsink versions 1.6.0 through 1.6.3 Bugsink versions 1.7.0 through 1.7.3 Description: Bugsink is a self-hosted error tracking service. Ingestion paths construct file...

CVE-2025-31952

HCL iAutomate is affected by an insufficient session expiration. This allows tokens to remain valid indefinitely unless manually revoked, increasing the risk of unauthorized access...

Cisco Unified Intelligence Center Arbitrary File Upload (cisco-sa-cuis-file-upload-UhNEtStm)

The version of Cisco Unified Intelligence Center installed on the remote host is prior to tested version. It is, therefore, affected by an arbitrary file upload vulnerability as referenced in the cisco-sa-cuis-file-upload-UhNEtStm advisory: - A vulnerability in the web-based management interface ...

CVE-2025-29757

CVE-2025-29757 involves an incorrect authorization check in the Growatt cloud service’s plant transfer function. The vulnerability allows a malicious user with a valid account to transfer any plant into their own account, due to insufficient access control. Affected component: Growatt cloud servi...

CVE-2025-24391

A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023....

CVE-2025-24391 Possible user enumeration

A vulnerability in the External Interface of OTRS allows conclusions to be drawn about the existence of user accounts through different HTTP response codes and messages. This enables an attacker to systematically identify valid email addresses. This issue affects: OTRS 7.0.X OTRS 8.0.X OTRS 2023....

Improper Authorization

Overview Affected versions of this package are vulnerable to Improper Authorization via the toolsUploaderHandler function. An attacker can execute arbitrary code and compromise the integrity, confidentiality, and availability of the system by uploading malicious binaries through an authenticated...