Amazon Linux 2 : opencryptoki, --advisory ALAS2-2026-3283 (ALAS-2026-3283)

The version of opencryptoki installed on the remote host is prior to 3.7.0-1. It is, therefore, affected by a vulnerability as referenced in the ALAS2-2026-3283 advisory. openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to...

openCryptoki: openCryptoki: Privilege Escalation or Data Exposure via Symlink Following

A flaw was found in openCryptoki, a PKCS11 library and tooling for Linux and AIX. A token-group user can exploit a symlink-following vulnerability by planting symbolic links in group-writable token directories. When an administrator runs a PKCS11 application or administrative tool as root, it may...

CVE-2026-26270 InvoicePlane has Stored Cross-Site Scripting Issue in Identifier Formatting

InvoicePlane is a self-hosted open source application for managing invoices, clients, and payments. A Stored Cross-Site Scripting XSS vulnerability exists in InvoicePlane latest version that allows an authenticated user with permissions to manage Invoice Groups to inject malicious JavaScript into...

SUSE CVE-2026-23893

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

CVE-2026-23893

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

CVE-2026-23893

openCryptoki is a PKCS11 library and provides tooling for Linux and AIX. Versions 2.3.2 and above are vulnerable to symlink-following when running in privileged contexts. A token-group user can redirect file operations to arbitrary filesystem targets by planting symlinks in group-writable token...

CVE-2025-27236

A regular Zabbix user can search other users in their user group via Zabbix API by select fields the user does not have access to view. This allows data-mining some field values the user does not have access to...

Linux Distros Unpatched Vulnerability : CVE-2024-10043

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions...

CVE-2024-10043

An issue has been discovered in GitLab EE affecting all versions starting from 14.3 before 17.4.6, all versions starting from 17.5 before 17.5.4 all versions starting from 17.6 before 17.6.2, that allows group users to view confidential incident title through the Wiki History Diff feature,...

SUSE CVE-2019-3827

An incorrect permission check in the admin backend in gvfs before version 1.39.4 was found that allows reading and modify arbitrary files by privileged users without asking for password when no authentication agent is running. This vulnerability can be exploited by malicious programs running unde...

SUDO_KILLER - A Tool To Identify And Exploit Sudo Rules' Misconfigurations And Vulnerabilities Within Sudo

Linux Privilege Escalation through SUDO abuse. If you like the tool and for my personal motivation so as to develop other tools please a +1 star The tool can be used by pentesters, system admins, CTF players, students, System Auditors and trolls :. INTRO WARNING: SUDOKILLER is part of the KILLER...

MGASA-2019-0080 Updated gvfs packages fix security vulnerability

The backend currently allows to access and modify files without prompting for password if any polkit authentication agent isn't available. This affects only users which belong to wheel group i.e. those who are already allowed to use sudo. It doesn't allow privilege escalation for users, who don't...