[SECURITY] Fedora 43 Update: freeipa-4.13.1-7.fc43

IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...

GHSA-HPV4-5H6F-WQR3 russh server userauth state is not reset when authentication principal changes

Summary The russh server authentication path keeps internal userauth state across SSHMSGUSERAUTHREQUEST messages without separating that state when the request principal changes. RFC 4252 allows the user name and service name fields to change between authentication requests. The issue is not that...

[SECURITY] Fedora 44 Update: coturn-4.11.0-1.fc44

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

PT-2026-36737

Name of the Vulnerable Software and Affected Versions GV-VMS version V20 Description A stack overflow exists in the WebCam Server component of the video monitoring software. When remote access is enabled, the gvapi endpoint utilizes a specific authentication mechanism via an HTTP Authorization...

wrong reuse of HTTP Negotiate connection

libcurl might in some circumstances reuse the wrong connection when asked to do an authenticated HTTPS request after a Negotiate-authenticated one, when both use the same host. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid...

[SECURITY] Fedora 43 Update: coturn-4.10.0-1.fc43

The Coturn TURN Server is a VoIP media traffic NAT traversal server and gatew ay. It can be used as a general-purpose network traffic TURN server/gateway, too. This implementation also includes some extra features. Supported RFCs: TURN specs: - RFC 5766 - base TURN specs - RFC 6062 - TCP relaying...

Mattermost 安全漏洞

Mattermost is an open-source collaboration platform developed by the American company Mattermost. There is a security vulnerability in Mattermost, which stems from the authentication endpoint not verifying the CSRF token. This could allow attackers to update users’ authentication methods through...

Citrix NetScaler Under Active Recon for CVE-2026-3055 (CVSS 9.3) Memory Overread Bug

A recently disclosed critical security flaw impacting Citrix NetScaler ADC and NetScaler Gateway is witnessing active reconnaissance activity, according to Defused Cyber and watchTowr. The vulnerability, CVE-2026-3055 CVSS score: 9.3, refers to a case of insufficient input validation leading to...

CVE-2026-25171

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

PT-2026-25661

Tinycontrol devices such as tcPDU and LAN Controllers LK3.5, LK3.9 and LK4 have two separate authentication mechanisms - one solely for interface management and one for protecting all other server resources. When the latter is turned off which is a default setting, an unauthenticated attacker on...

UBUNTU-CVE-2026-1965

libcurl can in some circumstances reuse the wrong connection when asked to do an Negotiate-authenticated HTTP or HTTPS request. libcurl features a pool of recent connections so that subsequent requests can reuse an existing connection to avoid overhead. When reusing a connection a range of...

EUVD-2026-10636

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

EUVD-2026-10637

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2026-25171

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2026-25171

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

CVE-2026-25171

Use after free in Windows Authentication Methods allows an authorized attacker to elevate privileges locally...

PT-2026-24298

Уязвимость компонента Windows Authentication операционных систем Windows связана с использованием памяти после её освобождения. Эксплуатация уязвимости может позволить нарушителю повысить свои привилегии...

CVE-2026-2974 AliasVault App Backup aliasvault.xml backup

A vulnerability was identified in AliasVault App up to 0.25.3 on Android/iOS. This vulnerability affects unknown code of the file sharedprefs/aliasvault.xml of the component Backup Handler. The manipulation of the argument accessToken/refreshToken/metadata/keyderivationparams/authmethods leads to...

EUVD-2026-5555

Improper access control in the TeamViewer Full and Host clients Windows, macOS, Linux prior version 15.74.5 allows an authenticated user to bypass additional access controls with “Allow after confirmation” configuration in a remote session. An exploit could result in unauthorized access prior to...

MiracleLinux 4 : postfix-2.6.6-2.2.AXS4 (AXSA:2011-720:02)

The remote MiracleLinux 4 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2011-720:02 advisory. Postfix is a Mail Transport Agent MTA, supporting LDAP, SMTP AUTH SASL, TLS Security issues fixed with this release: CVE-2011-1720 The SMTP server in Postfix...