π¨ CVE-2023-41093
Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0.
π@cveNotify
Use After Free vulnerability in Silicon Labs Bluetooth SDK on 32 bit, ARM may allow an attacker with precise timing capabilities to intercept a small number of packets intended for a recipient that has left the network.This issue affects Silabs Bluetooth SDK: through 8.0.0.
π@cveNotify
π¨ CVE-2022-48831
In the Linux kernel, the following vulnerability has been resolved:
ima: fix reference leak in asymmetric_verify()
Don't leak a reference to the key if its algorithm is unknown.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
ima: fix reference leak in asymmetric_verify()
Don't leak a reference to the key if its algorithm is unknown.
π@cveNotify
π¨ CVE-2024-41013
In the Linux kernel, the following vulnerability has been resolved:
xfs: don't walk off the end of a directory data block
This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry
to make sure don't stray beyond valid memory region. Before patching, the
loop simply checks that the start offset of the dup and dep is within the
range. So in a crafted image, if last entry is xfs_dir2_data_unused, we
can change dup->length to dup->length-1 and leave 1 byte of space. In the
next traversal, this space will be considered as dup or dep. We may
encounter an out of bound read when accessing the fixed members.
In the patch, we make sure that the remaining bytes large enough to hold
an unused entry before accessing xfs_dir2_data_unused and
xfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make
sure that the remaining bytes large enough to hold a dirent with a
single-byte name before accessing xfs_dir2_data_entry.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
xfs: don't walk off the end of a directory data block
This adds sanity checks for xfs_dir2_data_unused and xfs_dir2_data_entry
to make sure don't stray beyond valid memory region. Before patching, the
loop simply checks that the start offset of the dup and dep is within the
range. So in a crafted image, if last entry is xfs_dir2_data_unused, we
can change dup->length to dup->length-1 and leave 1 byte of space. In the
next traversal, this space will be considered as dup or dep. We may
encounter an out of bound read when accessing the fixed members.
In the patch, we make sure that the remaining bytes large enough to hold
an unused entry before accessing xfs_dir2_data_unused and
xfs_dir2_data_unused is XFS_DIR2_DATA_ALIGN byte aligned. We also make
sure that the remaining bytes large enough to hold a dirent with a
single-byte name before accessing xfs_dir2_data_entry.
π@cveNotify
π¨ CVE-2024-41090
In the Linux kernel, the following vulnerability has been resolved:
tap: add missing verification for short frame
The cited commit missed to check against the validity of the frame length
in the tap_get_user_xdp() path, which could cause a corrupted skb to be
sent downstack. Even before the skb is transmitted, the
tap_get_user_xdp()-->skb_set_network_header() may assume the size is more
than ETH_HLEN. Once transmitted, this could either cause out-of-bound
access beyond the actual length, or confuse the underlayer with incorrect
or inconsistent header length in the skb metadata.
In the alternative path, tap_get_user() already prohibits short frame which
has the length less than Ethernet header size from being transmitted.
This is to drop any frame shorter than the Ethernet header size just like
how tap_get_user() does.
CVE: CVE-2024-41090
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
tap: add missing verification for short frame
The cited commit missed to check against the validity of the frame length
in the tap_get_user_xdp() path, which could cause a corrupted skb to be
sent downstack. Even before the skb is transmitted, the
tap_get_user_xdp()-->skb_set_network_header() may assume the size is more
than ETH_HLEN. Once transmitted, this could either cause out-of-bound
access beyond the actual length, or confuse the underlayer with incorrect
or inconsistent header length in the skb metadata.
In the alternative path, tap_get_user() already prohibits short frame which
has the length less than Ethernet header size from being transmitted.
This is to drop any frame shorter than the Ethernet header size just like
how tap_get_user() does.
CVE: CVE-2024-41090
π@cveNotify
π¨ CVE-2024-41091
In the Linux kernel, the following vulnerability has been resolved:
tun: add missing verification for short frame
The cited commit missed to check against the validity of the frame length
in the tun_xdp_one() path, which could cause a corrupted skb to be sent
downstack. Even before the skb is transmitted, the
tun_xdp_one-->eth_type_trans() may access the Ethernet header although it
can be less than ETH_HLEN. Once transmitted, this could either cause
out-of-bound access beyond the actual length, or confuse the underlayer
with incorrect or inconsistent header length in the skb metadata.
In the alternative path, tun_get_user() already prohibits short frame which
has the length less than Ethernet header size from being transmitted for
IFF_TAP.
This is to drop any frame shorter than the Ethernet header size just like
how tun_get_user() does.
CVE: CVE-2024-41091
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
tun: add missing verification for short frame
The cited commit missed to check against the validity of the frame length
in the tun_xdp_one() path, which could cause a corrupted skb to be sent
downstack. Even before the skb is transmitted, the
tun_xdp_one-->eth_type_trans() may access the Ethernet header although it
can be less than ETH_HLEN. Once transmitted, this could either cause
out-of-bound access beyond the actual length, or confuse the underlayer
with incorrect or inconsistent header length in the skb metadata.
In the alternative path, tun_get_user() already prohibits short frame which
has the length less than Ethernet header size from being transmitted for
IFF_TAP.
This is to drop any frame shorter than the Ethernet header size just like
how tun_get_user() does.
CVE: CVE-2024-41091
π@cveNotify
π¨ CVE-2024-41020
In the Linux kernel, the following vulnerability has been resolved:
filelock: Fix fcntl/close race recovery compat path
When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when
fcntl/close race is detected"), I missed that there are two copies of the
code I was patching: The normal version, and the version for 64-bit offsets
on 32-bit kernels.
Thanks to Greg KH for stumbling over this while doing the stable
backport...
Apply exactly the same fix to the compat path for 32-bit kernels.
π@cveNotify
In the Linux kernel, the following vulnerability has been resolved:
filelock: Fix fcntl/close race recovery compat path
When I wrote commit 3cad1bc01041 ("filelock: Remove locks reliably when
fcntl/close race is detected"), I missed that there are two copies of the
code I was patching: The normal version, and the version for 64-bit offsets
on 32-bit kernels.
Thanks to Greg KH for stumbling over this while doing the stable
backport...
Apply exactly the same fix to the compat path for 32-bit kernels.
π@cveNotify
π¨ CVE-2024-43789
Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
π@cveNotify
Discourse is an open source platform for community discussion. A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance. This problem has been patched in the latest version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
π@cveNotify
GitHub
DoS by the absence of restrictions on replies to posts
### Impact
A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance.
### Patches
The problem...
A user can create a post with many replies, and then attempt to fetch them all at once. This can potentially reduce the availability of a Discourse instance.
### Patches
The problem...
π¨ CVE-2024-45051
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
π@cveNotify
Discourse is an open source platform for community discussion. A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
π@cveNotify
GitHub
Bypass of email address validation via encoded email addresses
### Impact
A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups.
### Patches
The issue is...
A maliciously crafted email address could allow an attacker to bypass domain-based restrictions and gain access to private sites, categories and/or groups.
### Patches
The issue is...
π¨ CVE-2024-45297
Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
π@cveNotify
Discourse is an open source platform for community discussion. Users can see topics with a hidden tag if they know the label/name of that tag. This issue has been patched in the latest stable, beta and tests-passed version of Discourse. All users area are advised to upgrade. There are no known workarounds for this vulnerability.
π@cveNotify
GitHub
Prevent topic list filtering by hidden tags for unauthorized users
### Impact
Users can see topics with a hidden tag if they know the label/name of that tag.
### Patches
The issue is patched in the latest stable, beta and tests-passed version of Discourse. ...
Users can see topics with a hidden tag if they know the label/name of that tag.
### Patches
The issue is patched in the latest stable, beta and tests-passed version of Discourse. ...
π¨ CVE-2024-47772
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of Discourse. All users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum. Users who do upgrade should also consider enabling a CSP as well as a proactive measure.
π@cveNotify
Discourse is an open source platform for community discussion. An attacker can execute arbitrary JavaScript on users' browsers by sending a maliciously crafted chat message and replying to it. This issue only affects sites with CSP disabled. This problem is patched in the latest version of Discourse. All users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled on the forum. Users who do upgrade should also consider enabling a CSP as well as a proactive measure.
π@cveNotify
MDN Web Docs
Content Security Policy (CSP) - HTTP | MDN
Content Security Policy (CSP) is a feature that helps to prevent or minimize the risk of certain types of security threats. It consists of a series of instructions from a website to a browser, which instruct the browser to place restrictions on the thingsβ¦
π¨ CVE-2025-22601
Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
π@cveNotify
Discourse is an open source platform for community discussion. In affected versions an attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route. This problem has been patched in the latest version of Discourse. Users are advised to upgrade. There are no known workarounds for this vulnerability.
π@cveNotify
GitHub
Client Side Path Traversal using activate account route
### Impact
An attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route.
### Patches
This problem is patched in the ...
An attacker can trick a target user to make changes to their own username via carefully crafted link using the `activate-account` route.
### Patches
This problem is patched in the ...
π¨ CVE-2024-53266
Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulnerable to XSS. This has been patched in the latest version of Discourse core. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled.
π@cveNotify
Discourse is an open source platform for community discussion. In affected versions with some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulnerable to XSS. This has been patched in the latest version of Discourse core. Users are advised to upgrade. Users unable to upgrade should ensure CSP is enabled.
π@cveNotify
GitHub
XSS via topic titles when CSP disabled
### Impact
With some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulnerable to XSS.
### Patches
Patched in the latest version of Dis...
With some combinations of plugins, and with CSP disabled, activity streams in the user's profile page may be vulnerable to XSS.
### Patches
Patched in the latest version of Dis...
π¨ CVE-2023-31100
Improper Access Control in SMI handler vulnerability in Phoenix SecureCoreβ’ Technologyβ’ 4 allows SPI flash modification.
This issue affects SecureCoreβ’ Technologyβ’ 4:
* from 4.3.0.0 before 4.3.0.203
*
from
4.3.1.0 before 4.3.1.163
*
from
4.4.0.0 before 4.4.0.217
*
from
4.5.0.0 before 4.5.0.138
π@cveNotify
Improper Access Control in SMI handler vulnerability in Phoenix SecureCoreβ’ Technologyβ’ 4 allows SPI flash modification.
This issue affects SecureCoreβ’ Technologyβ’ 4:
* from 4.3.0.0 before 4.3.0.203
*
from
4.3.1.0 before 4.3.1.163
*
from
4.4.0.0 before 4.4.0.217
*
from
4.5.0.0 before 4.5.0.138
π@cveNotify
Phoenix Technologies - Leading PC Innovation since 1979 - Phoenix Technologies Website
Phoenix Technologies SPI SMM Driver Vulnerability - Phoenix Technologies - Leading PC Innovation since 1979
CVE-2023-31100 Phoenix Technologies has been notified by IOActive researchers of a security issue in its SecureCore Technology SPI SMM Driver that could allow unauthorized access to the SPI flash on some platforms.
π¨ CVE-2023-5058
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCoreβ’ Technologyβ’ 4 potentially allows denial-of-service attacks or arbitrary code execution.
π@cveNotify
Improper Input Validation in the processing of user-supplied splash screen during system boot in Phoenix SecureCoreβ’ Technologyβ’ 4 potentially allows denial-of-service attacks or arbitrary code execution.
π@cveNotify
Phoenix Technologies - Leading PC Innovation since 1979 - Phoenix Technologies Website
Phoenix Technologies LogoFAIL Vulnerability - Phoenix Technologies - Leading PC Innovation since 1979
CVE-2023-5058 Phoenix Technologies has been informed of a serious flaw in Phoenix SecureCoreβ’ Technologyβ’ 4, which is a BIOS firmware that provides advanced security features for various devices.
π¨ CVE-2024-0762
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCoreβ’ for select Intel platforms
This issue affects:
Phoenix
SecureCoreβ’ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
Phoenix
SecureCoreβ’ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
Phoenix
SecureCoreβ’ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
Phoenix
SecureCoreβ’ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
Phoenix
SecureCoreβ’ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
Phoenix
SecureCoreβ’ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
Phoenix
SecureCoreβ’ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
Phoenix
SecureCoreβ’ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
Phoenix
SecureCoreβ’ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
π@cveNotify
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCoreβ’ for select Intel platforms
This issue affects:
Phoenix
SecureCoreβ’ for Intel Kaby Lake: from 4.0.1.1 before 4.0.1.998;
Phoenix
SecureCoreβ’ for Intel Coffee Lake: from 4.1.0.1 before 4.1.0.562;
Phoenix
SecureCoreβ’ for Intel Ice Lake: from 4.2.0.1 before 4.2.0.323;
Phoenix
SecureCoreβ’ for Intel Comet Lake: from 4.2.1.1 before 4.2.1.287;
Phoenix
SecureCoreβ’ for Intel Tiger Lake: from 4.3.0.1 before 4.3.0.236;
Phoenix
SecureCoreβ’ for Intel Jasper Lake: from 4.3.1.1 before 4.3.1.184;
Phoenix
SecureCoreβ’ for Intel Alder Lake: from 4.4.0.1 before 4.4.0.269;
Phoenix
SecureCoreβ’ for Intel Raptor Lake: from 4.5.0.1 before 4.5.0.218;
Phoenix
SecureCoreβ’ for Intel Meteor Lake: from 4.5.1.1 before 4.5.1.15.
π@cveNotify
Eclypsium | Supply Chain Security for the Modern Enterprise
UEFIcanhazbufferoverflow: Widespread Impact from Vulnerability in Popular PC and Server Firmware
Summary Eclypsium Automata, our automated binary analysis system, has identified a high impact vulnerability (CVE-2024-0762 with a reported CVSS of 7.5) in the Phoenix SecureCore UEFI firmware that runs on multiple families of Intel Core desktop and mobileβ¦
π¨ CVE-2024-1598
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCoreβ’ for Intel Gemini Lake.This issue affects:
SecureCoreβ’ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.
π@cveNotify
Potential buffer overflow
in unsafe UEFI variable handling
in Phoenix SecureCoreβ’ for Intel Gemini Lake.This issue affects:
SecureCoreβ’ for Intel Gemini Lake: from 4.1.0.1 before 4.1.0.567.
π@cveNotify
Phoenix Technologies - Leading PC Innovation since 1979 - Phoenix Technologies Website
Phoenix Technologies Buffer Overflow Vulnerability on GeminiLake - Phoenix Technologies - Leading PC Innovation since 1979
Phoenix was notified about a vulnerability in UEFI variable interfaces in Phoenix SCT firmware code on some platforms potentially leading to a buffer overflow.
π¨ CVE-2024-29979
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCoreβ’ for Intel Kaby Lake, Phoenix SecureCoreβ’ for Intel Coffee Lake, Phoenix SecureCoreβ’ for Intel Comet Lake, Phoenix SecureCoreβ’ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCoreβ’ for Intel Kaby Lake: before 4.0.1.1012; SecureCoreβ’ for Intel Coffee Lake: before 4.1.0.568; SecureCoreβ’ for Intel Comet Lake: before 4.2.1.292; SecureCoreβ’ for Intel Ice Lake: before 4.2.0.334.
π@cveNotify
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCoreβ’ for Intel Kaby Lake, Phoenix SecureCoreβ’ for Intel Coffee Lake, Phoenix SecureCoreβ’ for Intel Comet Lake, Phoenix SecureCoreβ’ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCoreβ’ for Intel Kaby Lake: before 4.0.1.1012; SecureCoreβ’ for Intel Coffee Lake: before 4.1.0.568; SecureCoreβ’ for Intel Comet Lake: before 4.2.1.292; SecureCoreβ’ for Intel Ice Lake: before 4.2.0.334.
π@cveNotify
Phoenix Technologies - Leading PC Innovation since 1979 - Phoenix Technologies Website
Unsafe Handling of Phoenix UEFI Variables - Phoenix Technologies - Leading PC Innovation since 1979
CVE-2024-29979 Phoenix has identified a potential vulnerability that involves unsafe UEFI variable handling in Phoenix SCT Firmware, potentially leading to unsafe memory access that could cause temporary denial of service.
π¨ CVE-2024-29980
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCoreβ’ for Intel Kaby Lake, Phoenix SecureCoreβ’ for Intel Coffee Lake, Phoenix SecureCoreβ’ for Intel Comet Lake, Phoenix SecureCoreβ’ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCoreβ’ for Intel Kaby Lake: before 4.0.1.1012; SecureCoreβ’ for Intel Coffee Lake: before 4.1.0.568; SecureCoreβ’ for Intel Comet Lake: before 4.2.1.292; SecureCoreβ’ for Intel Ice Lake: before 4.2.0.334.
π@cveNotify
Improper Check for Unusual or Exceptional Conditions vulnerability in Phoenix SecureCoreβ’ for Intel Kaby Lake, Phoenix SecureCoreβ’ for Intel Coffee Lake, Phoenix SecureCoreβ’ for Intel Comet Lake, Phoenix SecureCoreβ’ for Intel Ice Lake allows Input Data Manipulation.This issue affects SecureCoreβ’ for Intel Kaby Lake: before 4.0.1.1012; SecureCoreβ’ for Intel Coffee Lake: before 4.1.0.568; SecureCoreβ’ for Intel Comet Lake: before 4.2.1.292; SecureCoreβ’ for Intel Ice Lake: before 4.2.0.334.
π@cveNotify
Phoenix Technologies - Leading PC Innovation since 1979 - Phoenix Technologies Website
Unsafe Handling of IHV UEFI Variables - Phoenix Technologies - Leading PC Innovation since 1979
CVE-2024-29980 Phoenix has identified a potential vulnerability that involves unsafe UEFI variable handling in Phoenix SCT Firmware, potentially leading to unsafe memory access that could cause temporary denial of service.
π¨ CVE-2025-10974
A vulnerability has been found in giantspatula SewKinect up to 7fd963ceb3385af3706af02b8a128a13399dffb1. This affects the function pickle.loads of the file /calculate of the component Endpoint. Such manipulation of the argument body_parts/point_cloud leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
π@cveNotify
A vulnerability has been found in giantspatula SewKinect up to 7fd963ceb3385af3706af02b8a128a13399dffb1. This affects the function pickle.loads of the file /calculate of the component Endpoint. Such manipulation of the argument body_parts/point_cloud leads to deserialization. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product operates on a rolling release basis, ensuring continuous delivery. Consequently, there are no version details for either affected or updated releases.
π@cveNotify
GitHub
Security Report: Remote Code Execution Vulnerability in `/calculate` Endpoint Β· Issue #3 Β· giantspatula/SewKinect
Summary The /calculate endpoint in the application is vulnerable to Remote Code Execution (RCE) due to unsafe deserialization using Python's pickle.loads on user-supplied data. Details The endp...
π¨ CVE-2025-10975
A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server of the file experiments/robot/bridge/reasoning_server.py of the component ZeroMQ. Performing manipulation of the argument Message results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
π@cveNotify
A vulnerability was found in GuanxingLu vlarl up to 31abc0baf53ef8f5db666a1c882e1ea64def2997. This vulnerability affects the function experiments.robot.bridge.reasoning_server::run_reasoning_server of the file experiments/robot/bridge/reasoning_server.py of the component ZeroMQ. Performing manipulation of the argument Message results in deserialization. Remote exploitation of the attack is possible. The exploit has been made public and could be used. This product follows a rolling release approach for continuous delivery, so version details for affected or updated releases are not provided.
π@cveNotify
GitHub
Security Report: Remote Code Execution Vulnerability in `experiments.robot.bridge.reasoning_server::run_reasoning_server` Β· Issueβ¦
Summary A critical Remote Code Execution (RCE) vulnerability exists in experiments.robot.bridge.reasoning_server::run_reasoning_server. The server accepts incoming messages and deserializes them us...
π¨ CVE-2025-10976
A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify
A vulnerability was determined in JeecgBoot up to 3.8.2. This issue affects some unknown processing of the file /api/getDepartUserList. Executing manipulation of the argument departId can lead to improper authorization. The attack can be executed remotely. This attack is characterized by high complexity. The exploitability is assessed as difficult. The exploit has been publicly disclosed and may be utilized. The vendor was contacted early about this disclosure but did not respond in any way.
π@cveNotify