📄 OpenAM Authentication Bypass

OpenAM versions prior to 14.6.6 proof of concept exploit. / | | |\ \ \ / / \ \ / | | | | / \ / / \ \ \ / / | | \ | Y | | \ / | | / // || \ || || / // || / / / Name: watchtowr-vs-openamauth-impersonation2022-06-16.py Author: Aliz Hammond import json import re import textwrap import...

SUSE CVE-2025-38163

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sbi-totalvalidblockcount syzbot reported a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:decvalidblockcount+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call...

CVE-2025-38163

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sbi-totalvalidblockcount syzbot reported a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:decvalidblockcount+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call...

DEBIAN-CVE-2025-38163

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sbi-totalvalidblockcount syzbot reported a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:decvalidblockcount+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call...

AZL-64574 CVE-2025-38163 affecting package kernel for versions less than 6.6.96.1-1

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sbi-totalvalidblockcount syzbot reported a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:decvalidblockcount+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call...

UBUNTU-CVE-2025-38163

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sbi-totalvalidblockcount syzbot reported a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:decvalidblockcount+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call...

CVE-2025-38163 f2fs: fix to do sanity check on sbi->total_valid_block_count

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sbi-totalvalidblockcount syzbot reported a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:decvalidblockcount+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call...

CVE-2025-38163 f2fs: fix to do sanity check on sbi->total_valid_block_count

In the Linux kernel, the following vulnerability has been resolved: f2fs: fix to do sanity check on sbi-totalvalidblockcount syzbot reported a f2fs bug as below: ------------ cut here ------------ kernel BUG at fs/f2fs/f2fs.h:2521! RIP: 0010:decvalidblockcount+0x3b2/0x3c0 fs/f2fs/f2fs.h:2521 Call...

CVE-2025-38163

CVE-2025-38163: A fault in the Linux kernel’s F2FS truncation path caused a kernel BUG due to an inconsistent sbi->total_valid_block_count versus mapped blocks, potentially leading to a crash/denial of service. The issue is in f2fs: with sbi->total_valid_block_count not matching inode-index...

Improper Authorization

Overview org.graylog2:graylog2-server is a log management platform. Affected versions of this package are vulnerable to Improper Authorization via an incorrect permission check in the token creation process. An attacker can gain elevated privileges by crafting requests to the REST API and creatin...

CVE-2025-3092

An unauthenticated remote attacker can enumerate valid user names from an unprotected endpoint...

com.farao-community.farao:csa-runner-api (>=1.3.1 <=2.6.1), com.farao-community.farao:csa-runner-app (>=1.3.1 <=2.6.1) +97 more potentially affected by CVE-2025-48059 via com.powsybl:powsybl-iidm-criteria (>=6.3.0 <=6.7.1)

com.powsybl:powsybl-iidm-criteria MAVEN version =6.3.0, =1.3.1, =1.3.1, =1.18.0, =1.18.0, =1.4.0, =1.6.0, =1.12.0, =1.27.0, =1.27.0, =1.27.0, =1.27.0, =1.27.0, =1.24.0, =1.6.2, =1.13.0 and more Source cves: CVE-2025-48059 Source advisory:...

Exploit for CVE-2025-1094

I have written this exploit with reference to the PoC available...

[SECURITY] [DLA 4216-1] cjson security update

------------------------------------------------------------------------- Debian LTS Advisory DLA-4216-1 [email protected] https://www.debian.org/lts/security/ Adrian Bunk June 15, 2025 https://wiki.debian.org/LTS -...

CVE-2025-39240

Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command...

CVE-2025-39240

Some Hikvision Wireless Access Point are vulnerable to authenticated remote command execution due to insufficient input validation. Attackers with valid credentials can exploit this flaw by sending crafted packets containing malicious commands to affected devices, leading to arbitrary command...

CVE-2025-49187

The CVE-2025-49187 issue is a username-enumeration vulnerability observable during failed logins: the system returns different error messages for incorrect passwords versus non-existing usernames. This behavior allows an attacker to determine which usernames exist in the system. Affected context ...

Username Enumeration

mautic/core is vulnerable to User Enumeration. The vulnerability is due to differences in response times between valid and invalid usernames in the "Forget your password" functionality, which allows an attacker to determine the existence of valid usernames...

CVE-2025-20267

A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. This vulnerability is due to insufficient validation of user-supplied input by the...

CVE-2025-0693

Variable response times in the AWS Sign-in IAM user login flow allowed for the use of brute force enumeration techniques to identify valid IAM usernames in an arbitrary AWS account...