CVE-2026-2584

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

CVE-2026-2584 SQL Injection in Ciser System SL firmware

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

CVE-2026-2584 SQL Injection in Ciser System SL firmware

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

CVE-2026-2584

CVE-2026-2584 describes a critical SQL injection in the authentication module of the Ciser System SL firmware. An unauthenticated, remote attacker can exploit the login interface by sending crafted SQL queries, with attack vector NETWORK and attack complexity LOW . The impact per metrics: total c...

PT-2026-22571

A critical SQL Injection SQLi vulnerability has been identified in the authentication module of the system. An unauthenticated, remote attacker AV:N/PR:N can exploit this flaw by sending specially crafted SQL queries through the login interface. Due to low attack complexity AC:L and the absence o...

Advisory ROSA-SA-2026-3179

Software: pam 1.3.1 OS: ROSA Virtualization 3.0 unaffected versions = pam-1.3.1-39.0.2.rv30 affected versions pam-1.3.1-39.0.2.rv30 CVE-ID: CVE-2025-6020 BDU-ID: 2025-07273 CVE-Crit: HIGH CVE-DESC.: A vulnerability in the pamnamespace module of the Linux-PAM authentication module is caused by a...

Exploit for Incorrect Authorization in Suse Pam-Config

https://cdn2.qualys.com/2025/06/17/suse15-pam-udisks-lpe.txt...

OESA-2026-1325 libsoup security update

libsoup is an HTTP client/server library for GNOME. It uses GObjects and the glib main loop, to integrate well with GNOME applications, and also has a synchronous API, for use in threaded applications. Security Fixes: A flaw in libsoup’s HTTP header handling allows multiple Host: headers in a...

CLEANSTART-2026-AX77726 vulnerability was found in PAM

Multiple security vulnerabilities affect the gitlab-shell-fips package. A vulnerability was found in PAM. See references for individual vulnerability details...

CVE-2025-31510

In the portal in LemonLDAP::NG before 2.21.0, cross-site scripting XSS allows remote attackers to inject arbitrary web script or HTML into the login page via the tab parameter, for Choice authentication...

CVE-2025-24531

In OpenSC pampkcs11 before 0.6.13, pamsmauthenticate wrongly returns PAMIGNORE in many error situations such as an error triggered by a smartcard before login, allowing authentication bypass...

Stack-based Buffer Overflow

Overview Affected versions of this package are vulnerable to Stack-based Buffer Overflow in the md4sum function of the NTLM authentication module. An attacker can execute arbitrary code with the privileges of the affected application. Remediation A fix was pushed into the master branch but not ye...

CLSA-2025-1767001153 pam: Fix of CVE-2025-8941

CVE-2025-8941: fix additiinally potential privilege escalationvia multiple symlink attacks and race conditions...

Important Photon OS Security Update - PHSA-2025-5.0-0710

Updates of 'httpd', 'Linux-PAM' packages of Photon OS have been released...

RHEL 10 : pam (RHSA-2025:22019)

The remote Redhat Enterprise Linux 10 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2025:22019 advisory. Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle...

RHSA-2025:20181 Red Hat Security Advisory: pam security update

Bulletin has no description...

Missing Authorization

Overview Affected versions of this package are vulnerable to Missing Authorization in the AuthN implementation. An attacker can access sensitive information by sending unauthorized requests. Remediation Upgrade github.com/NVIDIA/aistore/api/authn to version 1.3.31 or higher. References - GitHub...

Use of Hard-coded Credentials

Overview Affected versions of this package are vulnerable to Use of Hard-coded Credentials in the AuthN implementation. An attacker can gain unauthorized access to sensitive information, escalate privileges, and tamper with data by leveraging hard-coded credentials. Remediation Upgrade...

Astra Linux - уязвимость в pam

A vulnerability was found in PAM. The secret information is stored in memory, where the attacker can trigger the victim program to execute by sending characters to its standard input stdin. As this occurs, the attacker can train the branch predictor to execute an ROP chain speculatively. This fla...

OpenVPN Access Server 安全漏洞

OpenVPN Access Server is a web-based VPN management interface from OpenVPN, Inc. A security vulnerability exists in OpenVPN Access Server versions 2.14.0 through 2.14.3, which stems from the RelayState parameter in the SAML Authentication module not being filtered correctly, which could lead to...