141 matches found
Astra Linux – Vulnerability in Firefox and Thunderbird
A bug in the calculation of popup notification delays could have allowed an attacker to trick a user into granting permissions. This vulnerability affects Firefox 122, Firefox ESR 115.7, and Thunderbird 115.7...
CVE-2026-0046
In InputInterceptor of Letterbox.java, there is a possible way to trick a user into accepting a permission due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
krb5 security and bug fix update
An update is available for krb5. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Kerberos is a network authentication system, which can improve the security of...
RLSA-2023:6699 Moderate: krb5 security and bug fix update
Kerberos is a network authentication system, which can improve the security of your network by eliminating the insecure practice of sending passwords over the network in unencrypted form. It allows clients and servers to authenticate to each other with the help of a trusted third party, the...
CVE-2026-31535
In the Linux kernel, the following vulnerability has been resolved: smb: client: make use of smbdirectsocket.recvio.credits.available The logic off managing recv credits by counting posted recvio and granted credits is racy. That's because the peer might already consumed a credit, but between...
PT-2026-34891
In the Linux kernel, the following vulnerability has been resolved: smb: smbdirect: introduce smbdirect socket.recv io.credits.available The logic off managing recv credits by counting posted recv io and granted credits is racy. That's because the peer might already consumed a credit, but between...
CVE-2026-35337
Deserialization of Untrusted Data vulnerability in Apache Storm. Versions Affected: before 2.8.6. Description: When processing topology credentials submitted via the Nimbus Thrift API, Storm deserializes the base64-encoded TGT blob using ObjectInputStream.readObject without any class filtering or...
EUVD-2026-17569
Discourse is an open-source discussion platform. From versions 2026.1.0-latest to before 2026.1.3, 2026.2.0-latest to before 2026.2.2, and 2026.3.0-latest to before 2026.3.0, a user may be able to purchase a lower tier subscription but grant themselves the benefits that comes along with a higher...
CVE-2025-67856 Moodle: moodle: privilege escalation via incomplete role checks in badge awarding
A flaw was found in Moodle. An authorization logic flaw, specifically due to incomplete role checks during the badge awarding process, allowed badges to be granted without proper verification. This could enable unauthorized users to obtain badges they are not entitled to, potentially leading to...
PT-2026-5964
Name of the Vulnerable Software and Affected Versions Moodle affected versions not specified Description A flaw exists in Moodle related to authorization logic. Incomplete role checks during the badge awarding process can allow badges to be granted without proper verification. This could enable...
MiracleLinux 9 : krb5-1.21.1-1.el9 (AXSA:2023-6633:07)
The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6633:07 advisory. krb5: Denial of service through freeing uninitialized pointer CVE-2023-36054 krb5: double-free in KDC TGS processing CVE-2023-39975 Tenable has...
TencentOS Server 3: idm:DL1 (TSSA-2024:0307)
The version of Tencent Linux installed on the remote TencentOS Server 3 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2024:0307 advisory. Package updates are available for TencentOS Server 3 that fix the following vulnerabilities...
PT-2025-43482
Name of the Vulnerable Software and Affected Versions Android affected versions not specified Description A flaw exists in the Android Framework component where insufficient input validation can be exploited to trick a user into accepting a permission through a tapjacking or overlay attack. This...
EUVD-2021-26963
Malware in sbrugna...
EUVD-2010-3674
Malware in sbrugna...
EUVD-2010-0046
Malware in sbrugna...
EUVD-2010-3676
Malware in sbrugna...
EUVD-2024-44551
Malicious code in bioql PyPI...
PT-2025-39701
Name of the Vulnerable Software and Affected Versions SysReptor versions 2024.74 through 2025.82 Description Authenticated, unprivileged users can assign the is project admin permission to themselves, granting them unauthorized access to read, modify, and delete pentesting projects they are not...
CVE-2025-54882
Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. In versions 0.8.0 through 0.9.21 and 1.0.0-beta through 1.1.0, Himmelblau stores the cloud TGT received during logon in the Kerberos credential cache. The created credential cache collection and received credentials...