linux-pam: Linux-pam directory Traversal

A flaw was found in linux-pam. The module pamnamespace may use access user-controlled paths without proper protection, allowing local users to elevate their privileges to root via multiple symlink attacks and race conditions...

EUVD-2025-60984

Due to insufficient validation of connection property values, the SAP HANA JDBC Client allows a high-privilege locally authenticated user to supply crafted parameters that lead to unauthorized code loading, resulting in low impact on confidentiality and integrity and high impact on availability o...

CVE-2025-12779

Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract...

CVE-2025-12779

Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract...

CVE-2025-12779

Improper handling of the authentication token in the Amazon WorkSpaces client for Linux, versions 2023.0 through 2024.8, may expose the authentication token for DCV-based WorkSpaces to other local users on the same client machine. Under certain circumstances, a local user may be able to extract...

CVE-2025-12779

The CVE-2025-12779 issue affects the Amazon WorkSpaces client for Linux (versions 2023.0 through 2024.8). The vulnerability arises from improper handling of the authentication token, which may allow a local user to expose another local user’s DCV-based WorkSpaces token from a shared client machin...

CVE-2025-21077

Improper input validation in Samsung Email prior to version 6.2.06.0 allows local attackers to launch arbitrary activity with Samsung Email privilege...

PT-2025-45164

Name of the Vulnerable Software and Affected Versions Amazon WorkSpaces client for Linux versions 2023.0 through 2024.8 Description A flaw in the handling of the authentication token within the Amazon WorkSpaces client for Linux may allow exposure of the authentication token for DCV-based...

CVE-2025-62276

The Document Library and the Adaptive Media modules in Liferay Portal 7.4.0 through 7.4.3.111, and older unsupported versions, and Liferay DXP 2023.Q4.0 through 2023.Q4.10, 2023.Q3.1 through 2023.Q3.10, 7.4 GA through update 92, and older unsupported versions uses an incorrect cache-control heade...

CVE-2025-64103

CVE-2025-64103 concerns Zitadel where, starting from versions 2.53.6, 2.54.3, and 2.55.0, MFA could be bypassed if the login policy did not explicitly require MFA, allowing sessions authenticated with a single factor to remain valid. An attacker could target a six‑digit TOTP code and bypass passw...

memoQ 安全漏洞

memoQ is a computer-assisted translation software from the Hungarian company memoQ. A security vulnerability exists in memoQ 10.1.13.ef1b2b52aae and earlier versions, which stems from an unquoted service path and could allow a local user to achieve elevation of privilege to SYSTEM by placing a...

CVE-2025-54968

An issue was discovered in BAE SOCET GXP before 4.6.0.2. The SOCET GXP Job Service does not require authentication. In some configurations, this may allow remote users to submit jobs, or local users to submit jobs that will execute with the permissions of other users...

Liferay Portal Vulnerable to Information Exposure Through a Log File Vulnerability in LDAP Import Feature

Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows local users t...

CVE-2025-62262

Information exposure through log file vulnerability in LDAP import feature in Liferay Portal 7.4.0 through 7.4.3.97, and older unsupported versions, and Liferay DXP 2023.Q3.1 through 2023.Q3.4, 7.4 GA through update 92, 7.3 GA through update 35, and older unsupported versions allows local users t...

CVE-2025-61035

The seffaflik thru 0.0.9 is vulnerable to symlink attacks due to incorrect default permissions given to the .kimlik file and .seffaflik file, which is created with mode 0777 and 0775 respectively, exposing secrets to other local users. Additionally, the .kimlik file is written without symlink...

EUVD-2025-35578

The seffaflik thru 0.0.9 is vulnerable to symlink attacks due to incorrect default permissions given to the .kimlik file and .seffaflik file, which is created with mode 0777 and 0775 respectively, exposing secrets to other local users. Additionally, the .kimlik file is written without symlink...

OpenWrt 缓冲区错误漏洞

OpenWrt is the OpenWrt open source set of Linux operating systems for embedded devices. A buffer error vulnerability exists in versions prior to OpenWrt 24.10.4, which stems from the ioctls of the ltq-ptm driver that allows a local user to read and write arbitrary kernel memory, potentially leadi...

dotnet: .NET Denial of Service Vulnerability

A flaw was found in MSBuild’s temporary directory handling on Linux where predictable, non-randomized temporary paths are used. Local users can create or manipulate those paths before MSBuild runs, causing build failures or unexpected behavior and resulting in denial of service for build operatio...

dotnet: .NET Denial of Service Vulnerability

A flaw was found in MSBuild’s temporary directory handling on Linux where predictable, non-randomized temporary paths are used. Local users can create or manipulate those paths before MSBuild runs, causing build failures or unexpected behavior and resulting in denial of service for build operatio...

dotnet: .NET Denial of Service Vulnerability

A flaw was found in MSBuild’s temporary directory handling on Linux where predictable, non-randomized temporary paths are used. Local users can create or manipulate those paths before MSBuild runs, causing build failures or unexpected behavior and resulting in denial of service for build operatio...