CVE-2025-21615

CVE-2025-21615 affects AAT (Another Activity Tracker) for mobile: versions prior to 1.26 are vulnerable to data exfiltration by other apps installed on the same device. The root cause is data disclosure leakage from the app’s environment, leading to potential confidentiality impact described as h...

MAL-2025-5 Malicious code in cbpay-js (npm)

This package runs commands in a pre-install script that exfils sensitive data to a attacker-controlled domain. --- -= Per source details. Do not edit below this line.=- Source: ghsa-malware 8ae77ff8389d6c4b04ac665b524c5b721d9792b77d2b2a7b8e3f4b6bdd9c58c0 Any computer that has this package install...

CVE-2024-53160

In the Linux kernel, the following vulnerability has been resolved: rcu/kvfree: Fix data-race in modtimer / kvfreecallrcu KCSAN reports a data race when access the krcp-monitorwork.timer.expires variable in the scheduledelayedmonitorwork function: BUG: KCSAN: data-race in modtimer / kvfreecallrcu...

RHEL 9 : webkit2gtk3 (RHSA-2024:10472)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2024:10472 advisory. WebKitGTK is the port of the portable web rendering engine WebKit to the GTK platform. Security Fixes: webkitgtk: data isolation bypass vulnerabilit...

CVE-2024-10039

creationtimestamp| type| source ---|---|--- 2024-11-22 09:53:24+00:00| seen| https://vulnerability.circl.lu/bundle/6dcc559a-77e3-4a18-986f-df02f894221c...

PT-2024-16749 · WordPress · Simple Membership

Name of the Vulnerable Software and Affected Versions: The Simple Membership plugin for WordPress versions up to, and including, 4.5.5 Description: The issue allows unauthenticated attackers to extract sensitive data from restricted posts via the WordPress core search feature. This makes it...

CVE-2024-10855 Image Optimizer, Resizer and CDN – Sirv <= 7.3.0 - Missing Authorization to Authenticated (Contributor+) Arbitrary Option Deletion

The Image Optimizer, Resizer and CDN – Sirv plugin for WordPress is vulnerable to unauthorized modification of data that can lead to a denial of service due to insufficient validation on the filename parameter of the sirvuploadfilebychunks function and lack of in all versions up to, and including...

CVE-2019-18845

creationtimestamp| type| source ---|---|--- 2024-11-14 06:09:10+00:00| seen| MISP/18895998-6bd6-4002-b1b1-d8b1c5404a11...

CVE-2024-49370 Change-Password via Portal-Profile sets PimcoreBackendUser password without hashing

Pimcore is an open source data and experience management platform. When a PortalUserObject is connected to a PimcoreUser and "Use Pimcore Backend Password" is set to true, the change password function in Portal Profile sets the new password. Prior to Pimcore portal engine versions 4.1.7 and 3.1.1...

Oracle E-Business Suite 安全漏洞

Oracle E-Business Suite E-Business Suite is a fully integrated set of global business management software from Oracle. The software provides customer relationship management, service management, financial management and other functions. A security vulnerability exists in Oracle E-Business Suite...

Unspecified vulnerability in Linux kernel (CNVD-2024-39469)

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from a data corruption issue in the md/raid1 component. No details of the vulnerability are provided at this time...

ROS-20240704-06

Vulnerability of logback receiver component of logging library logback is related to recovery of inaccurate data in memory inaccurate data. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

PT-2024-37250 · Imartinez · Privategpt

Name of the Vulnerable Software and Affected Versions: imartinez/privategpt version 0.5.0 Description: A Cross-Site Request Forgery CSRF issue allows an attacker to delete all uploaded files on the server, leading to data loss and service disruption for the application's users. Recommendations: F...

Important: Red Hat Security Advisory: RHACS 4.4 enhancement and security update

Updated images are now available for Red Hat Advanced Cluster Security. The updated image includes changes, bug fixes, and updates to patch vulnerabilities. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base...

CVE-2024-4151

An Improper Access Control vulnerability exists in lunary-ai/lunary version 1.2.2, where users can view and update any prompts in any projects due to insufficient access control checks in the handling of PATCH and GET requests for template versions. This vulnerability allows unauthorized users to...

CVE-2024-3761 Missing Authorization on Delete Datasets in lunary-ai/lunary

In lunary-ai/lunary version 1.2.2, the DELETE endpoint located at packages/backend/src/api/v1/datasets is vulnerable to unauthorized dataset deletion due to missing authorization and authentication mechanisms. This vulnerability allows any user, even those without a valid token, to delete a datas...

CVE-2024-27404 mptcp: fix data races on remote_id

In the Linux kernel, the following vulnerability has been resolved: mptcp: fix data races on remoteid Similar to the previous patch, address the data race on remoteid, adding the suitable ONCE annotations...

CVE-2023-52614

creationtimestamp| type| source ---|---|--- 2024-03-18 12:26:53+00:00| seen| https://t.me/ctinow/210441 2024-03-18 14:31:53+00:00| seen| https://t.me/ctinow/210554 2025-12-03 14:14:49+00:00| seen| https://vulnerability.circl.lu/bundle/816dcc8e-f25a-4895-9b59-1bbd9caeccb8...

BIT-GITLAB-2021-22244

Improper authorization in the vulnerability report feature in GitLab EE affecting all versions since 13.1 allowed a reporter to access vulnerability data...

Missing Permission Checks

com.hazelcast:hazelcast is vulnerable to Missing Permission Checks. The vulnerability is due to some client operations not checking permissions properly. This flaw allowing authenticated users to access data stored in the cluster...