sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

Cross-Site Scripting (XSS) vulnerability through unescaped HTML attribute values

Impact The prosemirrortohtml gem is vulnerable to Cross-Site Scripting XSS attacks through malicious HTML attribute values. While tag content is properly escaped, attribute values are not, allowing attackers to inject arbitrary JavaScript code. Who is impacted: - Any application using...

CVE-2025-11704

The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

[SECURITY] Fedora 43 Update: rust-attribute-derive-0.10.5-1.fc43

Clap like parsing for attributes in proc-macros...

Liferay Portal 7.2.0 < 7.4.3.112 XSS

Cross-site scripting XSS vulnerability in the Blogs widget in Liferay Portal allows remote attackers to inject arbitrary web script or HTML via a crafted injected into a blog entry's 'Content' text field. The Blogs widget does not add the sandbox attribute to elements, which allows remote attacke...

Unity Linux 20.1070e Security Update: kernel (UTSA-2025-989316)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989316 advisory. In the Linux kernel, the following vulnerability has been resolved: scsi: qedi: Fix crash while reading debugfs attribute The qedidbgdonotrecovercmdread function...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-989355)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-989355 advisory. In the Linux kernel, the following vulnerability has been resolved: net/sched: actmpls: Fix warning during failed attribute validation The 'TCAMPLSLABEL' attribute i...

Unity Linux 20.1070a Security Update: kernel (UTSA-2025-990280)

"The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-990280 advisory. In the Linux kernel, the following vulnerability has been resolved: jfs: fix slab-out-of-bounds read in eaget During the sizecheck label in eaget, the code checks i...

CVE-2025-11812

The Reuse Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'reusebuildersingleposttitle' shortcode in all versions up to, and including, 1.7. This is due to insufficient input sanitization and output escaping on the 'style' attribute. This makes it possible for...

CVE-2025-11704

The Elegance Menu plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.9 via the 'elegance-menu' attribute of the elegance-menu shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and...

WordPress plugin Reuse Builder 跨站脚本漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A cross-site...

PT-2025-44940

The Reuse Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'reuse builder single post title' shortcode in all versions up to, and including, 1.7. This is due to insufficient input sanitization and output escaping on the 'style' attribute. This makes it possible fo...

[SECURITY] Fedora 42 Update: rust-attribute-derive-macro-0.10.5-1.fc42

Clap for proc macro attributes...

[SECURITY] Fedora 42 Update: rust-attribute-derive-0.10.5-1.fc42

Clap like parsing for attributes in proc-macros...

[SECURITY] Fedora 41 Update: rust-attribute-derive-0.10.5-1.fc41

Clap like parsing for attributes in proc-macros...

[SECURITY] Fedora 41 Update: rust-attribute-derive-macro-0.10.5-1.fc41

Clap for proc macro attributes...

x86/mm/pat: Fix VM_PAT handling when fork() fails in copy_page_range()

...

CVE-2025-36249

IBM Jazz for Service Management 1.1.3.0 through 1.1.3.25 does not set the secure attribute on authorization tokens or session cookies. Attackers may be able to get the cookie values by sending a http:// link to a user or by planting this link in a site the user goes to. The cookie will be sent to...