Spring gRPC SecurityContext leaks across requests upon authorization failure

When an authenticated user is denied access to a gRPC method, their authenticated identity remains bound to the gRPC worker thread and can be inherited by a subsequent unauthenticated request on the same thread. This may allow the subsequent user to gain escalated permissions. Affected versions:...

Security update for go-sendxmpp (moderate)

openSUSE Security Update: Security update for go-sendxmpp Announcement ID: openSUSE-SU-2025:0332-1 Rating: moderate References: 1241814 Cross-References: CVE-2025-22872 CVSS scores: CVE-2025-22872 SUSE: 6.3 CVSS:4.0/AV:N/AC:L/AT:P/PR:N/UI:N/VC:L/VI:L/VA:L/SC:L/SI:L/SA:L Affected Products: openSUS...

CVE-2023-20924

In TBD of TBD, there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

SUSE CVE-2014-1948

OpenStack Image Registry and Delivery Service Glance 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading th...

Design/Logic Flaw

In TBD of TBD, there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

CVE-2023-20924

In TBD of TBD, there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

PT-2023-17715 · Google · Android

Name of the Vulnerable Software and Affected Versions: Android versions affected versions not specified Description: The issue is related to a Biometric Auth Failure, allowing a possible bypass of the lockscreen. This could lead to local escalation of privilege with physical access to the device,...

CVE-2023-20924

In TBD of TBD, there is a possible way to bypass the lockscreen due to Biometric Auth Failure. This could lead to local escalation of privilege with physical access to the device with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

PT-2021-23346 · Unknown · Passport-Oauth2

Name of the Vulnerable Software and Affected Versions: passport-oauth2 versions prior to 1.6.1 Description: The issue concerns the mishandling of the error condition when failing to obtain an access token in certain use cases. Specifically, it is exploitable when an OAuth identity provider uses a...