[SECURITY] Fedora 43 Update: freeipa-4.13.1-7.fc43

IPA is an integrated solution to provide centrally managed Identity users, hosts, services, Authentication SSO, 2FA, and Authorization host access control, SELinux user roles, services. The solution provides features for further integration with Linux based clients SUDO, automount and integration...

Directory Traversal

Overview Affected versions of this package are vulnerable to Directory Traversal via the cloudstore.file.upload action. An attacker can write arbitrary files to the filesystem and potentially execute code by supplying crafted filenames that exploit path traversal and zip slip vulnerabilities...

Identity Prioritization isn't a Backlog Problem - It's a Risk Math Problem

Most identity programs still prioritize work the way they prioritize IT tickets: by volume, loudness, or “what failed a control check.” That approach breaks the moment your environment stops being mostly-human and mostly-onboarded. In modern enterprises, identity risk is created by a compound of...

EUVD-2021-1468

Malware in sbrugna...

EUVD-2025-12649

Malicious code in bioql PyPI...

EUVD-2022-51018

Malicious code in bioql PyPI...

EUVD-2024-18192

Malicious code in bioql PyPI...

EUVD-2024-54494

Malicious code in bioql PyPI...

EUVD-2024-18153

Malicious code in bioql PyPI...

CVE-2025-20348

A vulnerability in the REST API endpoints of Cisco Nexus Dashboard and Cisco Nexus Dashboard Fabric Controller NDFC could allow an authenticated, low-privileged, remote attacker to view sensitive information or upload and modify files on an affected device. This vulnerability exists because of...

CVE-2025-20347

Cisco Nexus Dashboard and Nexus Dashboard Fabric Controller (NDFC) have missing authorization controls on certain REST API endpoints. An authenticated, low-privileged attacker could view sensitive information or upload/modify files via crafted API requests, potentially executing limited Administr...

CVE-2024-45164

Akamai SIA Secure Internet Access Enterprise ThreatAvert, in SPS Security and Personalization Services before the latest 19.2.0 patch and Apps Portal before 19.2.0.3 or 19.2.0.20240814, has incorrect authorization controls for the Admin functionality on the ThreatAvert Policy page. An authenticat...

Bookgy 安全漏洞

Bookgy is an online reservation management and booking system for all types of small and medium-sized businesses from Bookgy, Inc. A security vulnerability exists in Bookgy that stems from insufficient authorization controls and could lead to unauthenticated users accessing private areas...

CVE-2025-42605

This vulnerability exists in Meon Bidding Solutions due to improper authorization controls on certain API endpoints for the initiation, modification, or cancellation operations. An authenticated remote attacker could exploit this vulnerability by manipulating parameter in the API request body to...

CVE-2025-32863

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockTraceLevelSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

CVE-2025-32871

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'MigrateDatabase' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from and...

CVE-2025-32870

CVE-2025-32870 affects TeleControl Server Basic (versions before 3.1.2.2). A SQL injection via the internal GetTraces method can bypass authorization, enabling reading/writing the application database and executing code with NT AUTHORITY\NetworkService. The attack requires network access to port ...

CVE-2025-32868

CVE-2025-32868 affects Siemens TeleControl Server Basic prior to v3.1.2.2. An SQL injection via the internal ExportCertificate method can let an attacker read/write the database and execute code with NT AUTHORITY\NetworkService privileges, given network access to port 8000. Multiple sources confi...

CVE-2025-32853

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockDatabaseSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read...

CVE-2025-32849

A vulnerability has been identified in TeleControl Server Basic All versions V3.1.2.2. The affected application is vulnerable to SQL injection through the internally used 'UnlockSmtpSettings' method. This could allow an authenticated remote attacker to bypass authorization controls, to read from...