GHSA-VW84-HPRM-CXMM Agno session state overwrites between different sessions/users

Impact Under certain conditions under high concurrency, when sessionstate is passed to an Agent or Team during run or arun calls, a race condition can occur, causing a sessionstate to be assigned and persisted to the incorrect session. This may result in user data from one session being exposed t...

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

CVE-2025-30189

CVE-2025-30189 affects Open-Xchange OX Dovecot Pro (and dovecot-based components) where enabling authentication caching causes incorrect caching: multiple users sharing the same cache key leads to the cached entry being reused for subsequent logins. The issue is described in multiple advisories (...

CVE-2025-30189

When cache is enabled, some passdb/userdb drivers incorrectly cache all users with same cache key, causing wrong cached information to be used for these users. After cached login, all subsequent logins are for same user. Install fixed version or disable caching either globally or for the impacted...

kernel: efivarfs: Fix slab-out-of-bounds in efivarfs_d_compare

A slab-out-of-bounds exists in the linux kernel in efivarfsdcompare, such that the issue can be triggered by parallel lookups using an invalid filename due to an incorrect memcmp function...

Siemens SIMATIC Devices Return of Wrong Status Code (CVE-2024-26629)

nfsd: The test on socount in nfsd4releaselockowner is potentially harmful. It can transiently return a false positive resulting in a return of NFS4ERRLOCKSHELD when in fact no locks are held. This is clearly a protocol violation and with the Linux NFS client it can cause incorrect behaviour. This...

CVE-2025-11750

In langgenius/dify-web version 1.6.0, the authentication mechanism reveals the existence of user accounts by returning different error messages for non-existent and existing accounts. Specifically, when a login or registration attempt is made with a non-existent username or email, the system...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in Linux kernel that stems from an uncleared pool reference in the wrong path, which could lead to a reference count underflow...

CVE-2025-12004

CVE-2025-12004 affects MediaWiki with the Lockdown Extension (vulnerable: Lockdown Extension before 1.42). The issue is an incorrect permission assignment for a critical resource, enabling privilege abuse. The vulnerability is fixed in MediaWiki Core Action API (upgrade to a version including the...

CVE-2025-62699 Special:Translate tool does not use the correct IP and User-Agent in the CheckUser tool

Exposure of Sensitive Information to an Unauthorized Actor vulnerability in The Wikimedia Foundation Mediawiki - Translate Extension allows Footprinting. Translate extension appears to use jobs to make edits to translation pages. This causes the CheckUser tool to log the wrong IP and User-Agent...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-987707)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-987707 advisory. In the Linux kernel, the following vulnerability has been resolved: net: USB: Fix wrong-direction WARNING in plusb.c The syzbot fuzzer detected a bug in the plusb...

CVE-2025-39975

In the Linux kernel, the following vulnerability has been resolved: smb: client: fix wrong index reference in smb2compoundop In smb2compoundop, the loop that processes each command's response uses wrong indices when accessing response bufferes. This incorrect indexing leads to improper handling o...

CVE-2025-11618

A missing validation check in FreeRTOS-Plus-TCP's UDP/IPv6 packet processing code can lead to an invalid pointer dereference when receiving a UDP/IPv6 packet with an incorrect IP version field in the packet header. This issue only affects applications using IPv6. We recommend upgrading to the...

CVE-2025-8886

Incorrect Permission Assignment for Critical Resource, Exposure of Sensitive Information to an Unauthorized Actor, Missing Authorization, Incorrect Authorization vulnerability in Usta Information Systems Inc. Aybs Interaktif allows Privilege Abuse, Authentication Bypass.This issue affects Aybs...

CVE-2025-11618

CVE-2025-11618 affects FreeRTOS-Plus-TCP’s UDP/IPv6 packet processing. The vulnerability is a missing validation check that can cause an invalid pointer dereference when a UDP/IPv6 packet carries an incorrect IP version field within IPv6 traffic. Impact is limited to IPv6-enabled applications; no...

JLSEC-2025-23 Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when se...

Due to use of a dangling pointer, libcurl 7.29.0 through 7.71.1 can use the wrong connection when sending data...

JLSEC-2025-31 An authentication bypass vulnerability exists in libcurl <8.0.0 in the FTP connection reuse feature ...

An authentication bypass vulnerability exists in libcurl 8.0.0 in the FTP connection reuse feature that can result in wrong credentials being used during subsequent transfers. Previously created connections are kept in a connection pool for reuse if they match the current setup. However, certain...

EUVD-2021-2459

Malware in sbrugna...

EUVD-2020-15995

Malware in sbrugna...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel that stems from an incorrect reduction of reference counts on the wrong path, which could lead to permanent locking of...