Second factor not requested after session timeout

None...

CVE-2025-46821

Envoy is a cloud-native edge/middle/service proxy. Prior to versions 1.34.1, 1.33.3, 1.32.6, and 1.31.8, Envoy's URI template matcher incorrectly excludes the character from a set of valid characters in the URI path. As a result URI path containing the character will not match a URI template...

CVE-2025-32956

Summary: CVE-2025-32956 affects the ManageWiki MediaWiki extension. The vulnerability is an SQL injection in NamespaceMigrationJob triggered when renaming a namespace in Special:ManageWiki/namespaces using a page prefix. The issue stems from unsanitized input in the namespace rename flow and has ...

GHSA-M7RC-8W7M-R9QR SurrealDB vulnerable to memory exhaustion via nested functions and scripts

In order to prevent DoS situations due to infinite recursions, SurrealDB implements a limit of nested calls for both native functions and embedded JavaScript functions. However, in SurrealDB instances with embedded scripting functions enabled, it was found that this limit can be circumvented by...

Information about SegmentSmack findings

Palo Alto Networks is aware of recent vulnerability disclousre, known as SegmentSmack, that affects Linux kernel 4.9 and later. At this time, our findings show that Palo Alto Networks PAN-OS devices are not vulnerable to this disclosure CVE-2018-5390. PAN-OS/Panorama platforms are not impacted by...