Oracle VM VirtualBox 安全漏洞

Oracle VM VirtualBox is a virtual machine management software developed by Oracle Corporation. Version 7.2.6 of Oracle VM VirtualBox contains a security vulnerability. This vulnerability stems from issues with the Core component, which may allow attackers with high privileges to log in and execut...

BIT-AUTHENTIK-2024-47070 authentik vulnerable to password authentication bypass via X-Forwarded-For HTTP header

authentik is an open-source identity provider. A vulnerability that exists in versions prior to 2024.8.3 and 2024.6.5 allows bypassing password login by adding X-Forwarded-For header with an unparsable IP address, e.g. a. This results in a possibility of logging into any account with a known logi...

Security update for util-linux

This update for util-linux fixes the following issues: CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for "login -h" bsc1258859. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

SUSE-SU-2026:21016-1 Security update for util-linux

This update for util-linux fixes the following issues: Security issues: - CVE-2025-14104: heap buffer overread in setpwnam when processing 256-byte usernames bsc1254666. - CVE-2026-3184: access control bypass due to improper hostname canonicalization in login bsc1258859. Non security issues: -...

Security update for util-linux

This update for util-linux fixes the following issues: CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for "login -h" bsc1258859. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

openSUSE 15 Security Update : util-linux (SUSE-SU-2026:0856-1)

The remote openSUSE 15 host has a package installed that is affected by a vulnerability as referenced in the SUSE- SU-2026:0856-1 advisory. - CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for 'login -h' bsc1258859. Tenable has extracted the preceding description...

Security update for util-linux

This update for util-linux fixes the following issues: CVE-2026-3184: Fix full hostname usage for PAM to ensure correct access control for "login -h" bsc1258859. Patch Instructions: To install this SUSE update use the SUSE recommended installation methods like YaST onlineupdate or "zypper patch"...

openSUSE Security Advisory (SUSE-SU-2026:0803-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2026-28778 Hardcoded FTP Credentials and LPE(via Insecure Permissions) for `xd` Local Account on IDC SFX2100

International Datacasting Corporation IDC SFX Series SuperFlex Satellite Receiver contains undocumented, hardcoded/insecure credentials for the xd user account. A remote unauthenticated attacker can log in via FTP using these credentials. Because the xd user has write permissions to their home...

CVE-2025-70866

CVE-2025-70866 — LavaLite CMS 10.1.0 is vulnerable to Incorrect Access Control. An authenticated user with low privileges (User role) can directly access the admin backend via /admin/login because the admin and user authentication guards share the same user provider without role-based access cont...

SSH Key Persistence

This Metasploit module will add an SSH key to a specified user or all, to allow remote login via SSH at any time. No payload is required for this module to work. If an SSH key is not provided, a new 4096 bit RSA keypair will be generated. The private key will be stored as loot for later use...

CVE-2025-59091

CVE-2025-59091 affects the Kaba exos 9300 datapoint server used for relaying status information to Access Managers. The description across multiple sources indicates hard-coded credentials for four users that can sign in to the datapoint server on ports 1004/1005, enabling login to send/receive i...

CVE-2025-59091 Hardcoded Legacy Accounts Allowing Control Over Access Managers in dormakaba Kaba exos 9300

Multiple hardcoded credentials have been identified, which are allowed to sign-in to the exos 9300 datapoint server running on port 1004 and 1005. This server is used for relaying status information from and to the Access Managers. This information, among other things, is used to graphically...

Chainlit vulnerable to improper access restriction

Overview Chainlit provided by Chainlit contains the following vulnerability. Authorization bypass through user-controlled key CWE-639 - CVE-2025-68492 Shotaro Kimura of NRI SecureTechnologies, Ltd. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information...

CVE-2021-41511

The username and password field of login in Lodging Reservation Management System V1 can give access to any user by using SQL injection to bypass authentication...

CVE-2022-23126

TeslaMate before 1.25.1 when using the default Docker configuration allows attackers to open doors of Tesla vehicles, start Keyless Driving, and interfere with vehicle operation en route. This occurs because an attacker can leverage Grafana login access to obtain a token for Tesla API calls...

CVE-2019-20859

An issue was discovered in Mattermost Server before 5.15.0. Login access control can be bypassed via crafted input...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989444)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989444 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: iscsitcp: Fix UAF during login when accessing the shost ipaddress If during...

When the Call Comes from Inside: The Rising Threat of Insider Recruitment in Ransomware Campaigns

In cybersecurity, we often say that attackers only need to be right once – and defenders need to be right every time. Traditionally, we’ve focused on perimeter breaches, phishing campaigns, and zero-day exploits. But increasingly, attackers are bypassing these hardened defenses and taking a...

EUVD-2019-11396

Malware in sbrugna...