CVE-2025-20174

A vulnerability in the SNMP subsystem of Cisco IOS Software and Cisco IOS XE Software could allow an authenticated, remote attacker to cause a DoS condition on an affected device. This vulnerability is due to improper error handling when parsing SNMP requests. An attacker could exploit this...

CVE-2025-20180 Cisco Secure Email and Web Manager and Secure Email Gateway Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco AsyncOS Software for Cisco Secure Email and Web Manager and Secure Email Gateway could allow an authenticated, remote attacker to conduct a stored cross-site scripting XSS attack against a user of the interface. This vulnerability is...

Cisco Identity Services Engine Stored Cross-Site Scripting Vulnerabilities

Multiple vulnerabilities in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to conduct cross-site scripting XSS attacks against a user of the interface. These vulnerabilities are due to insufficient validation of user-supplied...

CVE-2024-49348

IBM Cloud Pak for Business Automation 18.0.0, 18.0.1, 18.0.2, 19.0.1, 19.0.2, 19.0.3, 20.0.1, 20.0.2, 20.0.3, 21.0.1, 21.0.2, 21.0.3, 22.0.1, and 22.0.2 allows restricting access to organizational data to valid contexts. The fact that tasks of type comment can be reassigned via API implicitly...

CVE-2024-45368

The H2-DM1E PLC's authentication protocol appears to utilize either a custom encoding scheme or a challenge-response protocol. However, there's an observed anomaly in the H2-DM1E PLC's protocol execution, namely its acceptance of multiple distinct packets as valid authentication responses. This...

CVE-2024-42021

An improper access control vulnerability allows an attacker with valid access tokens to access saved credentials...

CVE-2024-40872

There is an elevation of privilege vulnerability in server and client components of Absolute Secure Access prior to version 13.07. Attackers with local access and valid desktop user credentials can elevate their privilege to system level by passing invalid address data to the vulnerable component...

GO-2025-3443 CometBFT allows a malicious peer to stall network by disseminating valid-looking block parts in github.com/cometbft/cometbft

CometBFT allows a malicious peer to stall network by disseminating valid-looking block parts in github.com/cometbft/cometbft...

Daas unable to create host connection with error: "URL invalid"

Unable to create a host connection to AWS EC2 and on-premises hypervisors XenServer, VMWare, etc. with invalid URL or authentication failure when a proxy has been configured for the Network Service account...

PT-2025-3303 · Mailcow · Mailcow

Name of the Vulnerable Software and Affected Versions: Mailcow versions through 2024-11b Description: The issue is related to a session fixation vulnerability in the web panel. It allows remote attackers to set a session identifier when HSTS is disabled on a victim's browser. After a user logs in...

CVE-2024-55931

creationtimestamp| type| source ---|---|--- 2025-01-27 11:35:25+00:00| seen| https://infosec.exchange/users/cve/statuses/113900108191555042 2025-01-27 12:15:55+00:00| seen| https://bsky.app/profile/cve-notifications.bsky.social/post/3lgpw6vptnv2b 2025-01-27 14:55:10+00:00| seen|...

Wordfence Bug Bounty Researchers: Unlock More Earning Potential With New “Refer A Researcher” Program

Today, we at Wordfence are excited to announce a groundbreaking addition to our Wordfence Bug Bounty Program: the Refer-A-Researcher Program! Refer new researchers to our program and earn commissions when they submit valid vulnerabilities. This is a great opportunity to earn even more with the...

CVE-2024-53683

CVE-2024-53683 affects the Ossur Mobile Logic Application. Hard-coded/valid credentials in a .js file and a static token found in the decompiled IPA could enable an attacker to disrupt normal use by altering translation files, compromising integrity. Public sources indicate vulnerable versions ex...

CLSA-2025-1737024110 vim: Fix of CVE-2021-3903

CVE-2021-3903: fix invalid memory access when scrolling without valid screen...

SUSE CVE-2024-57898

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the validlinks bitmap before performing any clean-up operations. However, some functio...

AZL-68573 CVE-2024-57898 affecting package kernel 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the validlinks bitmap before performing any clean-up operations. However, some functio...

UBUNTU-CVE-2024-57898

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the validlinks bitmap before performing any clean-up operations. However, some functio...

CVE-2024-57898 wifi: cfg80211: clear link ID from bitmap during link delete after clean up

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the validlinks bitmap before performing any clean-up operations. However, some functio...

CVE-2024-57898 wifi: cfg80211: clear link ID from bitmap during link delete after clean up

In the Linux kernel, the following vulnerability has been resolved: wifi: cfg80211: clear link ID from bitmap during link delete after clean up Currently, during link deletion, the link ID is first removed from the validlinks bitmap before performing any clean-up operations. However, some functio...

CVE-2024-56374

A flaw was found in the Django framework. Lack of upper bound limit enforcement in strings passed when performing IPv6 validation could lead to a potential denial of service attack. The undocumented and private functions cleanipv6address and isvalidipv6address were vulnerable, as was the...