Aggregator

A vulnerability was found in WatchGuard Fireware OS up to 12.11.4/2025.1.2. It has been declared as critical. The impacted element is an unknown function of the component Mobile User VPN. Executing manipulation can lead to release of reference. This vulnerability is handled as CVE-2025-11838. The attack can be executed remotely. There is not any exploit available.

A vulnerability labeled as problematic has been found in MailEnable up to 10.53. This vulnerability affects unknown code of the file AUTH.TAB. The manipulation results in cleartext storage of sensitive information. This vulnerability is identified as CVE-2025-34427. The attack is only possible with local access. There is not any exploit available. The affected component should be upgraded.

A vulnerability marked as problematic has been reported in MailEnable up to 10.53. This issue affects some unknown processing of the file AUTH.SAV. This manipulation causes cleartext storage of sensitive information. This vulnerability is tracked as CVE-2025-34428. The attack is restricted to local execution. No exploit exists. It is suggested to upgrade the affected component.

A vulnerability categorized as problematic has been discovered in JetBrains TeamCity up to 2025.10. This vulnerability affects unknown code. Executing manipulation can lead to cross site scripting. The identification of this vulnerability is CVE-2025-67741. The attack may be launched remotely. There is no exploit available. It is advisable to upgrade the affected component.

A vulnerability, which was classified as problematic, was found in JetBrains TeamCity up to 2025.10. Affected by this vulnerability is an unknown functionality. The manipulation results in incorrect authorization. This vulnerability is reported as CVE-2025-67740. The attack can be launched remotely. No exploit exists. You should upgrade the affected component.

A vulnerability classified as problematic was found in IBM QRadar SIEM up to 7.5.0 UP13 IF02. This affects an unknown function. The manipulation results in cross site scripting. This vulnerability is reported as CVE-2025-36138. The attack can be launched remotely. No exploit exists. Upgrading the affected component is advised.

A vulnerability, which was classified as problematic, has been found in IBM QRadar SIEM up to 7.5.0 UP13 IF02. This impacts an unknown function of the component Web UI. This manipulation causes cross site scripting. This vulnerability appears as CVE-2025-36170. The attack may be initiated remotely. There is no available exploit. It is advisable to upgrade the affected component.

A vulnerability marked as problematic has been reported in Liferay Portal and DXP. Affected by this issue is some unknown functionality of the component Notifications Widget. This manipulation of the argument First Name/Middle Name/Last Name/Other Reason causes cross site scripting. This vulnerability is registered as CVE-2025-43771. Remote exploitation of the attack is possible. No exploit is available.

A vulnerability categorized as critical has been discovered in mholt archiver 3.x. The affected element is an unknown function of the component TAR File Handler. Executing manipulation can lead to path traversal. This vulnerability is registered as CVE-2024-0406. It is possible to launch the attack remotely. No exploit is available. It is advisable to upgrade the affected component.

A vulnerability marked as critical has been reported in Linux Kernel up to 6.17.7. Affected is the function time_deleg. The manipulation leads to state issue. This vulnerability is documented as CVE-2025-40326. The attack requires being on the local network. There is not any exploit available. It is suggested to upgrade the affected component.

A vulnerability has been found in Icinga icinga2 up to 2.12.11/2.13.11/2.14.5 and classified as critical. The impacted element is the function VerifyCertificate. Performing manipulation results in improper following of a certificate's chain of trust. This vulnerability was named CVE-2025-48057. The attack may be initiated remotely. There is no available exploit. The affected component should be upgraded.

A vulnerability classified as problematic has been found in kube-controller-manager. The impacted element is an unknown function of the component HPA v1 Manifest Handler. The manipulation leads to denial of service. This vulnerability is documented as CVE-2024-0793. The attack requires being on the local network. There is not any exploit available.

A vulnerability marked as problematic has been reported in Kubernetes kube-apiserver up to 1.27.12/1.28.8/1.29.3. Affected is an unknown function of the component Mountable Secrets Policy. This manipulation of the argument envFrom causes information disclosure. The identification of this vulnerability is CVE-2024-3177. It is possible to initiate the attack remotely. There is no exploit available. It is suggested to upgrade the affected component.

工信部首批两款 L3 级自动驾驶车型准入许可；当当创始人李国庆宣布「60 岁再创业」；iOS 26 曝光离奇 BUG。

Audio streaming platform SoundCloud has confirmed that outages and VPN connection issues over the past few days were caused by a security breach in which threat actors stole a database exposing users' email addresses and profile information. [...]

The Apache Software Foundationから、Apache HTTP Server 2.4系における複数の脆弱性に対応したApache HTTP Server 2.4.66が公開されました。