Linux Distros Unpatched Vulnerability : CVE-2025-71306

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ima: Fix stack-out-of-bounds in isbprmcredsforexec KASAN reported a stack-out-of-bounds access in imaappraisemeasurement from isbprmcredsforexec: BUG: KASAN:...

CVE-2026-32625 LibreChat Exfiltrates Server Secrets via MCP Server URL Injection

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

CVE-2026-32625 LibreChat Exfiltrates Server Secrets via MCP Server URL Injection

LibreChat is an enhanced ChatGPT clone that supports multiple AI providers. In versions up to and including 0.8.3, the Model Context Protocol MCP server integration resolves $VAR placeholders against the server's process.env during Zod schema validation of user-supplied MCP server URLs. Any...

MAL-2026-3150 Malicious code in apple-cktool-api-v2 (npm)

Malicious npm package published by threat actor "raya4321" as part of a coordinated typosquatting campaign impersonating Apple internal infrastructure services authentication, PKI, telemetry, CloudKit, and cloud infrastructure. All packages in this campaign execute credential-theft payloads durin...

GO-2026-4884 Incus has an abitrary file write through its systemd-creds options in github.com/lxc/incus

Incus has an abitrary file write through its systemd-creds options in github.com/lxc/incus...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003619)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003619 advisory. The Linux kernel before 4.8 allows local users to bypass ASLR on setuid programs such as /bin/su because installexeccreds is called too late in loadelfbinary in...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002383)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002383 advisory. The scmcheckcreds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-001790)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-001790 advisory. The copycreds function in kernel/cred.c in the Linux kernel before 3.3.2 provides an invalid replacement session keyring to a child process, which allows local users...

CVE-2025-57430

Creacast Creabox Manager 4.4.4 exposes sensitive configuration data via a publicly accessible endpoint /get. When accessed, this endpoint returns internal configuration including the creacodec.lua file, which contains plaintext admin credentials...

WordPress Total Upkeep Unauthenticated Backup Downloader

This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'WordPress Total Upkeep Unauthenticated Backup Downloader', 'Description' = %q This module exploits an unauthenticated database backup vulnerabili...

UBUNTU-CVE-2024-27388

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssxdecoptionarray The creds and oa-data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths...

CVE-2024-27388

In the Linux kernel, the following vulnerability has been resolved: SUNRPC: fix some memleaks in gssxdecoptionarray The creds and oa-data need to be freed in the error-handling paths after their allocation. So this patch add these deallocations in the corresponding paths...

SUSE CVE-2013-4300

The scmcheckcreds function in net/core/scm.c in the Linux kernel before 3.11 performs a capability check in an incorrect namespace, which allows local users to gain privileges via PID spoofing...

SUSE CVE-2019-12098

In the client side of Heimdal before 7.6.0, failure to verify anonymous PKINIT PA-PKINIT-KX key exchange permits a man-in-the-middle attack. This issue is in krb5initcredsstep in lib/krb5/initcredspw.c...

GSD-2022-1000975 io_uring: abort file assignment prior to assigning creds

iouring: abort file assignment prior to assigning creds This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.17.4 by commit...

polkit 代码问题漏洞

polkit is a component for controlling system-wide permissions in Unix-like operating systems. It enables communication between processes of different priority by defining and auditing permission rules. A code issue vulnerability exists in polkit that stems from the inability of a requesting proce...

FortiOS Path Traversal Credential Gatherer

Fortinet FortiOS versions 5.4.6 to 5.4.12, 5.6.3 to 5.6.7 and 6.0.0 to 6.0.4 are vulnerable to a path traversal vulnerability within the SSL VPN web portal which allows unauthenticated attackers to download FortiOS system files through specially crafted HTTP requests. This module exploits this...

CVE-2021-3131

The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter...

CVE-2021-3131

The Web server in 1C:Enterprise 8 before 8.3.17.1851 sends base64 encoded credentials in the creds URL parameter...

kernel: perf_event_open() and execve() race in setuid programs allows a data leak

A race condition in perfeventopen allows local attackers to leak sensitive data from setuid programs. As no relevant locks in particular the credguardmutex are held during the ptracemayaccess call, it is possible for the specified target task to perform an execve syscall with setuid execution...