CVE-2025-32976 – Quest KACE Systems Management Appliance Two-Factor Authentication Bypass Vulnerability

June 24, 2025

CVE ID : CVE-2025-32976

Published : June 24, 2025, 3:15 p.m. | 3 hours, 38 minutes ago

Description : Quest KACE Systems Management Appliance (SMA) 13.0.x before 13.0.385, 13.1.x before 13.1.81, 13.2.x before 13.2.183, 14.0.x before 14.0.341 (Patch 5), and 14.1.x before 14.1.101 (Patch 4) contains a logic flaw in its two-factor authentication implementation that allows authenticated users to bypass TOTP-based 2FA requirements. The vulnerability exists in the 2FA validation process and can be exploited to gain elevated access.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-32975 – Quest KACE Systems Management Appliance Authentication Bypass Vulnerability

Next Article CVE-2023-47030 – NCR Terminal Handler Remote Code Execution and Information Disclosure Vulnerability

Highlights

CVE-2025-53032 – Oracle MySQL Server Optimizer DOS Vulnerability

July 16, 2025

CVE ID : CVE-2025-53032

Published : July 15, 2025, 8:15 p.m. | 6 hours, 37 minutes ago

Description : Vulnerability in the MySQL Server product of Oracle MySQL (component: Server: Optimizer). Supported versions that are affected are 9.0.0-9.1.0. Easily exploitable vulnerability allows high privileged attacker with network access via multiple protocols to compromise MySQL Server. Successful attacks of this vulnerability can result in unauthorized ability to cause a hang or frequently repeatable crash (complete DOS) of MySQL Server. CVSS 3.1 Base Score 4.9 (Availability impacts). CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:N/A:H).

Severity: 4.9 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

CodeSOD: One Last ID

9 Ways AI Code Generation in React.js Reduces Technical Debt for Product Teams

GitHub details upcoming changes to improve security in wake of Shai-Hulud worm in npm ecosystem

Syncfusion restructures Essential Studio into multiple different suites to provide greater flexibility for developers

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

Development Release: MX Linux 25 Beta 1

DistroWatch Weekly, Issue 1140

A Stream-Oriented UI library for interactive web applications

A Stream-Oriented UI library for interactive web applications

billboard.js 3.17.0: ✨ New Axis Customization, Label Styling & Image Labels!

AEM and Cloudflare Workers: The Ultimate Duo for Blazing Fast Pages

Distribution Release: Kali Linux 2025.3

Distribution Release: Kali Linux 2025.3

Distribution Release: SysLinuxOS 13

How I Configure Polybar to Customize My Linux Desktop

CVE-2025-32976 – Quest KACE Systems Management Appliance Two-Factor Authentication Bypass Vulnerability

Cursor AI Code Editor Flaw Enables Silent Code Execution via Malicious Repositories

Introducing HybridPetya: Petya/NotPetya copycat with UEFI Secure Boot bypass

CVE-2025-46836 – Net-tools Unvalidated Stack Buffer Overflow

Key Considerations Before Outsourcing Your Mobile App Development

FACTS Grounding: A new benchmark for evaluating the factuality of large language models

Apple may have bigger fish to fry with OpenAI’s rumored ChatGPT Screenless phone — beyond President Trump’s stringent tariffs on the iPhone

CVE-2025-53032 – Oracle MySQL Server Optimizer DOS Vulnerability

CVE-2025-20323 – Splunk Enterprise Missing Access Control Vulnerability

Pinout with Dan Johnson

CVE-2025-6974 – SOLIDWORKS eDrawings Uninitialized Variable Code Execution Vulnerability

CVE-2025-32976 – Quest KACE Systems Management Appliance Two-Factor Authentication Bypass Vulnerability

Related Posts