Linux Distros Unpatched Vulnerability : CVE-2022-50025

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - cxl: Fix a memory leak in an error handling path A bitmapzalloc must be balanced by a corresponding bitmapfree in the error handling path of afuallocateirqs...

IBM App Connect Enterprise (ACE) Detection (Linux)

Binary data ibmacelinuxinstalled.nbin...

Hackers Exploit SAP Vulnerability to Breach Linux Systems and Deploy Auto-Color Malware

Threat actors have been observed exploiting a now-patched critical SAP NetWeaver flaw to deliver the Auto-Color backdoor in an attack targeting a U.S.-based chemicals company in April 2025. "Over the course of three days, a threat actor gained access to the customer's network, attempted to downlo...

RLSA-2025:10027 Important: pam security update

Pluggable Authentication Modules PAM provide a system to set up authentication policies without the need to recompile programs to handle authentication. Security Fixes: linux-pam: Linux-pam directory Traversal CVE-2025-6020 For more details about the security issues, including the impact, a CVSS...

Exploit for Incorrect Authorization in Sudo_Project Sudo

CVE-2025-32462 - Sudo Host Bypass Exploit Original Discove...

uptux

uptux Specialized privilege escalation checks for Linux systems. Implemented so far: - Writable systemd paths, services, timers, and socket units - Disassembles systemd unit files looking for: - References to executables that are writable - References to broken symlinks pointing to writeable...

pentest-wiki

This repository is an online security knowledge library for pentesters/researchers, providing information on various topics related to information gathering. The repository contains documentation on how to gather whois and DNS information, as well as Linux system architecture, processes, and user...

Oracle Java SE Unknown Vulnerability (Jul 2025) - Linux

Oracle Java SE is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Apache HTTP Server 2.4.35 < 2.4.64 Access Control Bypass Vulnerability - Linux

Apache HTTP Server is prone to an access control bypass vulnerability in modssl. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

PT-2025-27661

Name of the Vulnerable Software and Affected Versions: Laundry version 2.3.0 Description: A Cross-Site Request Forgery CSRF issue allows for Account Takeover. This affects Linux and MacOS systems. Recommendations: For Laundry version 2.3.0, update to a version that includes a fix for this issue, ...

CVE-2025-49491 Resource leaks in traffic_stat

Improper Resource Shutdown or Release vulnerability in ASR FalconLinux、Kestrel、LapwingLinux on Linux trafficstat modules allows Resource Leak Exposure. This vulnerability is associated with program files trafficstat/trafficservice/trafficservice.C. This issue affects...

CVE-2025-49489

CVE-2025-49489 concerns ASR Falcon_Linux, Kestrel, and Lapwing_Linux (con_mgr components) on Linux. The vulnerability is an improper Resource Shutdown/Release that leads to a Resource Leak Exposure in the dialer_task.C file. Affected versions are Falcon_Linux, Kestrel, and Lapwing_Linux before v1...

Insecure Temporary File Handling Vulnerability in llama-index-core

Description The getcachedir function in llama-index-core uses a predictable, hardcoded directory path /tmp/llamaindex on Linux systems without proper security controls. This vulnerability allows attackers on multi-user systems to steal proprietary models, poison cached embeddings, or conduct...

CVE-2025-34034

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege...

CVE-2025-34034

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege...

CVE-2025-34034 5VTechnologies Blue Angel Software Suite Hardcoded Credentials

A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and hardcoded user accounts that are not disclosed in public documentation. These accounts allow unauthenticated or low-privilege...

PT-2025-26661

Name of the Vulnerable Software and Affected Versions: Blue Angel Software Suite affected versions not specified Description: A hardcoded credential vulnerability exists in the Blue Angel Software Suite deployed on embedded Linux systems. The application contains multiple known default and...

Exploit for CVE-2025-6019

CVE-2025-6019: Privilege Escalation Exploit via UDisks2 Filesy...

VMware Spring Framework 6.0.5 - 6.0.28, 6.1.0 - 6.1.20, 6.2.0 - 6.2.7 RFD Vulnerability - Linux

The VMware Spring Framework is prone to a reflected file download RFD vulnerability. SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Automic Agent 24.3.0 HF4 - Privilege Escalation

Exploit Title: Automic Agent 24.3.0 HF4 - Privilege Escalation Date: 26.05.2025 Exploit Author: Flora Schäfer Vendor Homepage: https://www.broadcom.com/products/software/automation/automic-automation Version: /tmp/sh.so 2. Run the ucxjlx6 executable as follows $ ./ucxjlx6 ini=echo -e...