Aiven Operator has cross-namespace secret exfiltration via ClickhouseUser connInfoSecretSource

Impact A developer with create permission on ClickhouseUser CRDs in their own namespace can exfiltrate secrets from any other namespace — production database credentials, API keys, service tokens — with a single kubectl apply. The operator reads the victim's secret using its ClusterRole and write...

EUVD-2010-0018

Malware in sbrugna...

EUVD-2025-30863

Malicious code in bioql PyPI...

Linux Distros Unpatched Vulnerability : CVE-2025-39880

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - libceph: fix invalid accesses to cephconnectionv1info There is a place where generic code in messenger.c is reading and another place where it is writing to...

AZL-74936 CVE-2025-39880 affecting package kernel for versions less than 5.15.200.1-1

In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to cephconnectionv1info There is a place where generic code in messenger.c is reading and another place where it is writing to con-v1 union member without checking that the union member is active i.e...

CVE-2025-39880 libceph: fix invalid accesses to ceph_connection_v1_info

In the Linux kernel, the following vulnerability has been resolved: libceph: fix invalid accesses to cephconnectionv1info There is a place where generic code in messenger.c is reading and another place where it is writing to con-v1 union member without checking that the union member is active i.e...

CVE-2025-39880

CVE-2025-39880 is a Linux kernel vulnerability affecting the libceph code path. Affected component: ceph_connection_v1_info access in the generic messenger code can read/write a union member (v1 vs v2) without validating which member is active. On 64-bit systems, con->v1.auth_retry can overlap...

kernel: cifs: Fix lost destroy smbd connection when MR allocate failed

A memory leak flaw was found in the Linux kernel's CIFS SMB Direct implementation. When memory region MR allocation fails during SMB Direct connection setup, the smbddestroy function returns early without cleaning up the connection info structure, resulting in a memory leak...

CVE-2023-37379

Apache Airflow, in versions prior to 2.7.0, contains a security vulnerability that can be exploited by an authenticated user possessing Connection edit privileges. This vulnerability allows the user to access connection information and exploit the test connection feature by sending many requests,...

SUSE CVE-2020-10755

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleI...

A use-after-free in function hci_sock_bound_ioctl() of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hci_unregister_dev() together with one of the calls hci_sock_blacklist_add() hci_sock_blacklist_del() hci_get_conn_info() hci_get_auth_info(). A privileged local user could use this flaw to crash the system or escalate their privileges on the system. This flaw affects the Linux kernel versions prior to 5.13-rc5.

...

UBUNTU-CVE-2021-3573

A use-after-free in function hcisockboundioctl of the Linux kernel HCI subsystem was found in the way user calls ioct HCIUNBLOCKADDR or other way triggers race condition of the call hciunregisterdev together with one of the calls hcisockblacklistadd, hcisockblacklistdel, hcigetconninfo,...

UBUNTU-CVE-2020-10755

An insecure-credentials flaw was found in all openstack-cinder versions before openstack-cinder 14.1.0, all openstack-cinder 15.x.x versions before openstack-cinder 15.2.0 and all openstack-cinder 16.x.x versions before openstack-cinder 16.1.0. When using openstack-cinder with the Dell EMC ScaleI...

CVE-2018-1902

CVE-2018-1902 is a spoofing vulnerability in IBM WebSphere Application Server. The Connected IBM bulletins show it affects WebSphere AS in multiple IBM products (e.g., Tivoli Netcool/Netcool Configuration Manager, Tivoli System Automation Application Manager, Tivoli Storage/Spectrum Control, IBM ...

DEBIAN-CVE-2015-8749

The volumeutils.parsevolumeinfo function in OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty includes the connectioninfo dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading l...

UBUNTU-CVE-2015-8749

The volumeutils.parsevolumeinfo function in OpenStack Compute Nova before 2015.1.3 kilo and 12.0.x before 12.0.1 liberty includes the connectioninfo dictionary in the StorageError message when using the Xen backend, which might allow attackers to obtain sensitive password information by reading l...

Windows Gather mRemote Saved Password Extraction

This module extracts saved passwords from mRemote. mRemote stores connections for RDP, VNC, SSH, Telnet, rlogin and other protocols. It saves the passwords in an encrypted format. The module will extract the connection info and decrypt the saved passwords. This module requires Metasploit:...

kernel: bt sco_conninfo infoleak

The scosockgetsockoptold function in net/bluetooth/sco.c in the Linux kernel before 2.6.39 does not initialize a certain structure, which allows local users to obtain potentially sensitive information from kernel stack memory via the SCOCONNINFO option...

Coppermine Photo Gallery 1.4.19 Remote PHP File Upload Vulnerability

No description provided by source. Written By Michael Brooks Special thanks to str0ke! Coppermine Photo gallery - Remote PHP File Upload Affects: v1.4.19 Homepage: http://coppermine-gallery.net/ 5,239,057 downloads from sf.net! For this attack we need registerglobals=on . The problem is that the...

Coppermine Photo Gallery 1.4.19 Remote PHP File Upload Vulnerability

Exploit for unknown platform in category web applications ==================================================================== Coppermine Photo Gallery 1.4.19 Remote PHP File Upload Vulnerability ==================================================================== Written By Michael Brooks...