CVE-2026-50263

A use-after-free flaw was found in the X.Org X server and Xwayland in CreateSaverWindow. A client can trigger a use-after-free read after changing window attributes and forcing the screen saver, leading to information disclosure...

Improperly Controlled Modification of Dynamically-Determined Object Attributes

Overview flowise is a Flowiseai Server Affected versions of this package are vulnerable to Improperly Controlled Modification of Dynamically-Determined Object Attributes via the PUT /api/v1/assistants/assistantId endpoint, when the server fails to validate and restrict modifications to...

CVE-2025-14341

Improperly controlled modification of Dynamically-Determined object attributes, Allocation of resources without limits or throttling vulnerability in DivvyDrive Information Technologies Inc. DivvyDrive allows Excessive Allocation, Flooding. This issue affects DivvyDrive: from 4.8.2.19 before...

sssd default kerberos configuration allows privilege escalation on ad-joined linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001214)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001214 advisory. In the Linux kernel before 4.17, a local attacker able to set attributes on an xfs filesystem could make this filesystem non-operational until the next mount by...

sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

EUVD-2023-27927

Malicious code in bioql PyPI...

CLSA-2023-1686586528 Fix CVE(s): CVE-2020-1938, CVE-2022-42252

SECURITY UPDATE: Apache Tomcat request smuggling - debian/patches/CVE-2022-42252.patch: Requests with invalid content-length should always be rejected. - CVE-2022-42252 SECURITY UPDATE: AJP Request Injection and potential Remote Code Execution - debian/patches/CVE-2020-1938.patch: Add new AJP...

Six Malicious Linux Shell Scripts Used to Evade Defenses and How to Stop Them

Siddartha Sharma and Adhokshaj Mishra Evasive techniques used by attackers, date back to the earlier days, when base64 and other common encoding schemes were used. Today, attackers are adopting new Linux shell script tactics and techniques to disable firewalls, monitoring agents and modifying...

Microsoft Internet Explorer Memory Corruption Vulnerability (CNVD-2016-01537)

Internet Explorer is a web browser from Microsoft. A memory corruption vulnerability exists in the handling of attribute changes to DOM elements in some versions of Internet Explorer, which can be exploited by a remote attacker to reuse a string ordering that has been freed in memory via a...

CVE-2014-7849

The Role Based Access Control RBAC implementation in JBoss Enterprise Application Platform EAP 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify, and undefine otherwise restricted attributes by leveraging the Maintainer...

CVE-2014-4509

The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager aka IDM 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters...

CVE-2014-4509

The MKDQUOTESAFE function in the Fan-out driver scripts in Fan-Out Platform Services in Novell Identity Manager aka IDM 4.0.2 allows local users to execute arbitrary commands by leveraging eDirectory POSIX attribute changes to insert shell metacharacters...