Aggregator

CVE-2026-27609 | parse-community parse-dashboard up to 9.0.0-alpha.7 /apps/ cross-site request forgery (GHSA-3534-xp88-25rc)

Vuldb Updates
2 months ago
A vulnerability classified as problematic has been found in parse-community parse-dashboard up to 9.0.0-alpha.7. Affected is an unknown function of the file /apps/. This manipulation causes cross-site request forgery. This vulnerability is handled as CVE-2026-27609. The attack can be initiated remotely. There is not any exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2026-2914 | CyberArk Endpoint Privilege Manager Agent up to 25.11 improper authorization

Vuldb Updates
2 months ago
A vulnerability was found in CyberArk Endpoint Privilege Manager Agent up to 25.11 and classified as critical. This issue affects some unknown processing. The manipulation results in improper authorization. This vulnerability is identified as CVE-2026-2914. The attack is only possible with local access. There is not any exploit available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2026-27595 | parse-community parse-dashboard up to 9.0.0-alpha.7 /apps/ missing authentication (GHSA-qwc3-h9mg-4582 / EUVD-2026-8595)

Vuldb Updates
2 months ago
A vulnerability was found in parse-community parse-dashboard up to 9.0.0-alpha.7 and classified as critical. Affected by this issue is some unknown functionality of the file /apps/. Executing a manipulation can lead to missing authentication. This vulnerability is tracked as CVE-2026-27595. The attack can be launched remotely. No exploit exists. It is suggested to upgrade the affected component.
vuldb.com

CVE-2022-50513 | Linux Kernel up to 5.4.219/5.10.149/5.15.74/5.19.16/6.0.2 staging rtw_init_cmd_priv memory leak (WID-SEC-2025-2229)

Vuldb Updates
2 months ago
A vulnerability marked as critical has been reported in Linux Kernel up to 5.4.219/5.10.149/5.15.74/5.19.16/6.0.2. Affected by this vulnerability is the function rtw_init_cmd_priv of the component staging. This manipulation causes memory leak. This vulnerability is registered as CVE-2022-50513. The attack requires access to the local network. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2022-50512 | Linux Kernel up to 5.10.149/5.15.74/5.19.16/6.0.2 ext4_fc_record_regions memory leak (WID-SEC-2025-2229)

Vuldb Updates
2 months ago
A vulnerability was found in Linux Kernel up to 5.10.149/5.15.74/5.19.16/6.0.2. It has been declared as critical. This impacts the function ext4_fc_record_regions. Executing a manipulation can lead to memory leak. The identification of this vulnerability is CVE-2022-50512. The attack needs to be done within the local network. There is no exploit available. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-50514 | Linux Kernel up to 6.1.1 usb f_hid reference count (WID-SEC-2025-2229)

Vuldb Updates
2 months ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 6.1.1. Impacted is the function f_hid of the component usb. The manipulation results in improper update of reference count. This vulnerability is known as CVE-2022-50514. Access to the local network is required for this attack. No exploit is available. You should upgrade the affected component.
vuldb.com

CVE-2022-50515 | Linux Kernel up to 5.15.74/5.19.16/6.0.2 amdgpu hpd_rx_irq_create_workqueue memory leak (WID-SEC-2025-2229)

Vuldb Updates
2 months ago
A vulnerability was found in Linux Kernel up to 5.15.74/5.19.16/6.0.2. It has been classified as critical. Impacted is the function hpd_rx_irq_create_workqueue of the component amdgpu. This manipulation causes memory leak. The identification of this vulnerability is CVE-2022-50515. The attack needs to be done within the local network. There is no exploit available. Upgrading the affected component is recommended.
vuldb.com

CVE-2022-50509 | Linux Kernel up to 6.1.1 media return value (WID-SEC-2025-2229)

Vuldb Updates
2 months ago
A vulnerability classified as critical has been found in Linux Kernel up to 6.1.1. This affects an unknown part of the component media. Performing a manipulation results in unchecked return value. This vulnerability is reported as CVE-2022-50509. The attacker must have access to the local network to execute the attack. No exploit exists. It is recommended to upgrade the affected component.
vuldb.com

CVE-2022-50511 | Linux Kernel up to 5.4.228/5.10.162/5.15.85/6.0.15/6.1.1 get_default_font out-of-bounds (WID-SEC-2025-2229)

Vuldb Updates
2 months ago
A vulnerability, which was classified as critical, was found in Linux Kernel up to 5.4.228/5.10.162/5.15.85/6.0.15/6.1.1. This affects the function get_default_font. Such manipulation leads to out-of-bounds read. This vulnerability is traded as CVE-2022-50511. Access to the local network is required for this attack to succeed. There is no exploit available. You should upgrade the affected component.
vuldb.com

CVE-2022-50510 | Linux Kernel up to 5.4.228/5.10.162/5.15.85/6.0.15/6.1.1 smmuv3 arm_smmu_pmu_init state issue (Nessus ID 278484 / WID-SEC-2025-2229)

Vuldb Updates
2 months ago
A vulnerability was found in Linux Kernel up to 5.4.228/5.10.162/5.15.85/6.0.15/6.1.1 and classified as critical. This issue affects the function arm_smmu_pmu_init of the component smmuv3. The manipulation results in state issue. This vulnerability was named CVE-2022-50510. The attack needs to be approached within the local network. There is no available exploit. It is suggested to upgrade the affected component.
vuldb.com

CVE-2023-53732 | Linux Kernel up to 5.15.112/6.1.80/6.3.3 ntfs3 mi_init null pointer dereference (WID-SEC-2025-2394)

Vuldb Updates
2 months ago
A vulnerability was found in Linux Kernel up to 5.15.112/6.1.80/6.3.3. It has been rated as critical. This impacts the function mi_init of the component ntfs3. This manipulation causes null pointer dereference. This vulnerability is handled as CVE-2023-53732. The attack can only be done within the local network. There is not any exploit available. Upgrading the affected component is advised.
vuldb.com

CVE-2023-53731 | Linux Kernel up to 4.14.321/4.19.290/5.4.250/5.10.187/5.15.120 netlink_set_err deadlock (WID-SEC-2025-2394)

Vuldb Updates
2 months ago
A vulnerability marked as critical has been reported in Linux Kernel up to 4.14.321/4.19.290/5.4.250/5.10.187/5.15.120. This affects the function netlink_set_err. The manipulation leads to deadlock. This vulnerability is referenced as CVE-2023-53731. The attack needs to be initiated within the local network. No exploit is available. It is suggested to upgrade the affected component.
vuldb.com

CVE-2023-53730 | Linux Kernel up to 5.10.187/5.15.120/6.1.38/6.3.12/6.4.3 adjust_inuse_and_calc_cost deadlock (WID-SEC-2025-2394)

Vuldb Updates
2 months ago
A vulnerability labeled as critical has been found in Linux Kernel up to 5.10.187/5.15.120/6.1.38/6.3.12/6.4.3. Affected by this issue is the function adjust_inuse_and_calc_cost. Executing a manipulation can lead to deadlock. The identification of this vulnerability is CVE-2023-53730. The attack needs to be done within the local network. There is no exploit available. The affected component should be upgraded.
vuldb.com

NDSS 2025 – JBomAudit: Assessing The Landscape, Compliance, And Security Implications Of Java SBOMS

Security Boulevard
2 months ago

Session 14A: Software Security: Applications & Policies

Authors, Creators & Presenters: Yue Xiao (IBM Research), Dhilung Kirat (IBM Research), Douglas Lee Schales (IBM Research), Jiyong Jang (IBM Research), Luyi Xing (Indiana University Bloomington), Xiaojing Liao (Indiana University)

PAPER
JBomAudit: Assessing the Landscape, Compliance, and Security Implications of Java SBOMs

A Software Bill of Materials (SBOM) is a detailed inventory that lists the dependencies that make up a software product. Accurate, complete, and up-to-date SBOMs are essential for vulnerability management, reducing license compliance risks, and maintaining high software integrity. The US National Institute of Standards and Technology (NTIA) has established minimum requirements for SBOMs to comply with, especially the correctness and completeness of listed dependencies in SBOMs. However, these requirements remain unexamined in practice. This paper presents the first systematic study on the landscape of SBOMs, including their prevalence, release trends, and characteristics in the Java ecosystem. We developed an end-to-end tool to evaluate the completeness and accuracy of dependencies in SBOMs. Our tool analyzed 25,882 SBOMs and associated JAR files, identifying that 7,907 SBOMs failed to disclose direct dependencies, highlighting the prevalence and severity of SBOM noncompliance issues. Furthermore, 4.97% of these omitted dependencies were vulnerable, leaving software susceptible to potential exploits. Through detailed measurement studies and analysis of root causes, this research uncovers significant security implications of non-compliant SBOMs, especially concerning vulnerability management. These findings, crucial for enhancing SBOM compliance assurance, are being responsibly reported to relevant stakeholders.

ABOUT NDSS
The Network and Distributed System Security Symposium (NDSS) fosters information exchange among researchers and practitioners of network and distributed system security. The target audience includes those interested in practical aspects of network and distributed system security, with a focus on actual system design and implementation. A major goal is to encourage and enable the Internet community to apply, deploy, and advance the state of available security technologies.

Our thanks to the Network and Distributed System Security (NDSS) Symposium for publishing their Creators, Authors and Presenter’s superb NDSS Symposium 2025 Conference content on the Organizations' YouTube Channel.

Permalink

The post NDSS 2025 – JBomAudit: Assessing The Landscape, Compliance, And Security Implications Of Java SBOMS appeared first on Security Boulevard.

Marc Handelman

Things Were Even Worse at CISA Than We Thought

Security Boulevard
2 months ago

Just last week I wrote that CISA was on life support. That was before we knew how bad it really was. When Jen Easterly stepped down and the agency was left without a Senate-confirmed director, it was already troubling. The Cybersecurity and Infrastructure Security Agency — the nerve center for defending federal networks and coordinating..

The post Things Were Even Worse at CISA Than We Thought appeared first on Security Boulevard.

Alan Shimel

Managed ad