Monthly
HCL AION contains inadequate auditing and logging mechanisms that fail to properly track certain user actions, reducing the traceability of user activities and potentially compromising monitoring, accountability, and incident investigation capabilities. The vulnerability affects AION 2.0 and is classified as an Information Disclosure issue with a CVSS score of 5.8. An attacker with local access and low privileges could exploit this to perform actions without adequate logging, hindering forensic analysis and compliance audit trails.
MariaDB Server through version 11.8.5 fails to audit SQL statements when the server audit plugin is enabled and queries are prefixed with SQL comments (-- or #), allowing authenticated database users to execute DDL, DML, or DCL commands without logging. This bypass affects Relational Database Service, Aurora MySQL, and MariaDB deployments relying on audit logging for compliance and security monitoring. An attacker with database credentials could perform unauthorized administrative or data manipulation operations while evading audit trails.
Harden-Runner versions prior to 2.14.2 fail to log outbound network connections made through sendto, sendmsg, and sendmmsg socket calls when audit mode is enabled, allowing attackers to exfiltrate data from GitHub Actions runners without detection. This integrity bypass affects users relying on Harden-Runner's egress policy auditing for security monitoring. A patch is available in version 2.14.2 and later.
Dell PowerScale OneFS versions before 9.13.0.0 fail to adequately log security events, allowing unauthenticated remote attackers to tamper with information without leaving a detectable audit trail. The insufficient logging mechanism prevents administrators from identifying unauthorized modifications to system data. No patch is currently available for this medium-severity vulnerability.
A security vulnerability in Nextcloud Server and Enterprise Server (CVSS 4.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
CVE-2025-53498 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
OpenEMR is a free and open source electronic health records and medical practice management application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.
HCL AION contains inadequate auditing and logging mechanisms that fail to properly track certain user actions, reducing the traceability of user activities and potentially compromising monitoring, accountability, and incident investigation capabilities. The vulnerability affects AION 2.0 and is classified as an Information Disclosure issue with a CVSS score of 5.8. An attacker with local access and low privileges could exploit this to perform actions without adequate logging, hindering forensic analysis and compliance audit trails.
MariaDB Server through version 11.8.5 fails to audit SQL statements when the server audit plugin is enabled and queries are prefixed with SQL comments (-- or #), allowing authenticated database users to execute DDL, DML, or DCL commands without logging. This bypass affects Relational Database Service, Aurora MySQL, and MariaDB deployments relying on audit logging for compliance and security monitoring. An attacker with database credentials could perform unauthorized administrative or data manipulation operations while evading audit trails.
Harden-Runner versions prior to 2.14.2 fail to log outbound network connections made through sendto, sendmsg, and sendmmsg socket calls when audit mode is enabled, allowing attackers to exfiltrate data from GitHub Actions runners without detection. This integrity bypass affects users relying on Harden-Runner's egress policy auditing for security monitoring. A patch is available in version 2.14.2 and later.
Dell PowerScale OneFS versions before 9.13.0.0 fail to adequately log security events, allowing unauthenticated remote attackers to tamper with information without leaving a detectable audit trail. The insufficient logging mechanism prevents administrators from identifying unauthorized modifications to system data. No patch is currently available for this medium-severity vulnerability.
A security vulnerability in Nextcloud Server and Enterprise Server (CVSS 4.3). Remediation should follow standard vulnerability management procedures. Vendor patch is available.
CVE-2025-53498 is a security vulnerability (CVSS 5.3). Remediation should follow standard vulnerability management procedures.
OpenEMR is a free and open source electronic health records and medical practice management application. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. Public exploit code available and no vendor patch available.
Insufficient logging in the autotyping feature in Devolutions Remote Desktop Manager on Windows allows an authenticated user to use a stored password without generating a corresponding log event, via. Rated medium severity (CVSS 5.4), this vulnerability is remotely exploitable, low attack complexity. No vendor patch available.