CVE-2025-8791

A vulnerability was found in LitmusChaos Litmus up to 3.19.0. It has been rated as critical. This issue affects some unknown processing of the file /auth/listprojects. The manipulation of the argument role leads to improper authorization. The attack may be initiated remotely. The exploit has been...

Linux Distros Unpatched Vulnerability : CVE-2020-14869

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: Security: LDAP Auth. Supported versions that are affected are 5.7.31 and prior and...

Linux Distros Unpatched Vulnerability : CVE-2022-21457

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Vulnerability in the MySQL Server product of Oracle MySQL component: Server: PAM Auth Plugin. Supported versions that are affected are 8.0.28 and prior. Difficu...

Oracle Linux 8 / 9 : Unbreakable Enterprise kernel (ELSA-2025-20520)

The remote Oracle Linux 8 / 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2025-20520 advisory. - perf: Fix perfeventvalidatesize lockdep splat Mark Rutland Orabug: 36261485 CVE-2023-6931 - perf: Fix perfeventvalidatesize Peter Zijlstra Orabu...

CVE-2025-8807

A vulnerability was found in xujeff tianti 天梯 up to 2.3. It has been declared as critical. This vulnerability affects unknown code of the file /tianti-module-admin/user/ajax/save. The manipulation leads to missing authorization. The attack can be initiated remotely. The exploit has been disclosed...

CVE-2025-8795

LitmusChaos Litmus up to 3.19.0 is affected by an Access Control vulnerability in the /auth/login process where manipulating the projectID parameter can bypass access controls. This allows remote exploitation with high impact on confidentiality, integrity, and availability. Public PoCs exist; ven...

CVE-2025-54887

jwe is a Ruby implementation of the RFC 7516 JSON Web Encryption JWE standard. In versions 1.1.0 and below, authentication tags of encrypted JWEs can be brute forced, which may result in loss of confidentiality for those JWEs and provide ways to craft arbitrary JWEs. This puts users at risk becau...

LitmusChaos 安全漏洞

LitmusChaos is a program open-sourced by Litmus Chaos that practices chaos engineering in a cloud-native manner. A security vulnerability exists in LitmusChaos 3.19.0 and earlier versions, which stems from improper access control of the parameter projectID in the file /auth/login, which could lea...

PT-2025-32481 · Unknown · Xujeff Tianti 天梯

Name of the Vulnerable Software and Affected Versions: xujeff tianti 天梯 versions prior to 2.3 Description: A critical issue exists in xujeff tianti 天梯, potentially leading to missing authorization. The vulnerability affects unknown code within the /tianti-module-admin/user/ajax/save API endpoint...

CVE-2025-54999 OpenBao: Timing Side-Channel in Userpass Auth Method

OpenBao exists to provide a software solution to manage, store, and distribute sensitive data including secrets, certificates, and keys. In versions 0.1.0 through 2.3.1, when using OpenBao's userpass auth method, user enumeration was possible due to timing difference between non-existent users an...

CVE-2025-54998

CVE-2025-54998 affects OpenBao versions 0.1.0–2.3.1, where an aliasing mismatch between pre-flight and full login user entity attributes allowed bypass of automatic user lockout in Userpass/LDAP auth. The issue is fixed in version 2.3.2. Remediation: upgrade to 2.3.2; as a workaround, apply rate-...

CVE-2012-10053

CVE-2012-10053 affects Simple Web Server 2.2 rc2 and is a stack-based buffer overflow in processing the Connection HTTP header. The server uses vsprintf() without bounds checking, allowing a remote attacker to trigger a stack overflow and execute arbitrary code with the web server process privile...

Linux Distros Unpatched Vulnerability : CVE-2023-52440

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - In the Linux kernel, the following vulnerability has been resolved: ksmbd: fix slub overflow in ksmbddecodentlmsspauthblob If authblob-SessionKey.Length is bigg...

Linux Distros Unpatched Vulnerability : CVE-2025-27154

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Spotipy is a lightweight Python library for the Spotify Web API. The CacheHandler class creates a cache file to store the auth token. Prior to version 2.25.1, t...

Linux Distros Unpatched Vulnerability : CVE-2025-22038

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ksmbd: validate zero numsubauth before subauth is accessed Access psid-subauthpsid-numsubauth - 1 without checking if numsubauth is non-zero leads to an...

HashiCorp Vault ldap auth method may not have correctly enforced MFA

Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

CVE-2025-6013

Vault and Vault Enterprise’s “Vault” ldap auth method may not have correctly enforced MFA if usernameasalias was set to true and a user had multiple CNs that are equal but with leading or trailing spaces. Fixed in Vault Community Edition 1.20.2 and Vault Enterprise 1.20.2, 1.19.8, 1.18.13, and...

The vulnerability of the getAuthCode() function in D-Link DIR-605L router microprogramming software allows a hacker to execute any code with root privileges.

The vulnerability of the getAuthCode function in D-Link DIR-605L router microprogramming software is related to buffer overflows in the CAPTCHA processing stack. Exploiting this vulnerability allows a remote attacker to execute arbitrary commands with root privileges...

kernel: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

A flaw was found in the Linux kernel, where a specially crafted RPC packet could cause data corruption or trigger a system panic. This flaw allows a remote attacker who can make RPC calls to send an intentionally malformed packet, potentially compromising system integrity or causing a denial of...

kernel: sunrpc: handle SVC_GARBAGE during svc auth processing as auth error

A flaw was found in the Linux kernel, where a specially crafted RPC packet could cause data corruption or trigger a system panic. This flaw allows a remote attacker who can make RPC calls to send an intentionally malformed packet, potentially compromising system integrity or causing a denial of...