Moderate: Red Hat Security Advisory: crun security update

An update for crun is now available for Red Hat Enterprise Linux 9.6 Extended Update Support. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for eac...

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. There is a security vulnerability in Google Chrome, which stems from incorrect security UI...

Incorrect User Management

Overview Affected versions of this package are vulnerable to Incorrect User Management via the session function. An attacker can gain unauthorized access to sensitive operations and escalate privileges by bypassing the intended verification step during authenticated sessions. Remediation Upgrade...

EUVD-2025-201403

moduserdir+suexec bypass via AllowOverride FileInfo vulnerability in Apache HTTP Server. Users with access to use the RequestHeader directive in htaccess can cause some CGI scripts to run under an unexpected userid. This issue affects Apache HTTP Server: from 2.4.7 through 2.4.65. Users are...

EUVD-2022-24454

Malicious code in bioql PyPI...

EUVD-2025-10307

Malicious code in bioql PyPI...

Incorrect User Management

Overview thorsten/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Incorrect User Management due to allowing multiple accounts connected to the same email address. An attacker can cause account ambiguity by registering...

Incorrect User Management

Overview jeecgboot-vue3 is an Agent =============== 当前最新版本： 3.8.1（预计发布时间：2025-04-21） Affected versions of this package are vulnerable to Incorrect User Management via the sendMsg function in the /message/sysMessageTemplate/sendMsg path. An attacker can gain unauthorized access to sensitive...

PT-2025-32766 · Microsoft · Edge For Android

Name of the Vulnerable Software and Affected Versions: Microsoft Edge for Android affected versions not specified Description: The user interface performs an incorrect action, potentially allowing an unauthorized attacker to perform spoofing over a network. Recommendations: At the moment, there i...

The vulnerability of VideoGrace video conferencing software lies in the insufficient validation of input data, allowing attackers to create new conferences with incorrect user names.

The vulnerability of VideoGrace video conferencing software is related to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to create new conferences with incorrect user names...

CVE-2024-46671

An Incorrect User Management vulnerability CWE-286 in FortiWeb version 7.6.2 and below, version 7.4.6 and below, version 7.2.10 and below, version 7.0.11 and below widgets dashboard may allow an authenticated attacker with at least read-only admin permission to perform operations on the dashboard...

USN-7287-1: libcap2 vulnerability

Tianjia Zhang discovered the libcap2 PAM module pamcap incorrectly handled parsing group names in the configuration file. This could result in certain users being granted capabilities, contrary to expectations...

Duplicate Advisory: Keycloak allows Incorrect Assignment of an Organization to a User

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-gvgg-2r3r-53x7. This link is maintained to preserve external references. Original Description A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a...

Incorrect User Management

Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Incorrect User Management in oidc/OrganizationMembershipMapper.java, which relies on matching the domain of a...

CVE-2025-1391

A flaw was found in the Keycloak organization feature, which allows the incorrect assignment of an organization to a user if their username or email matches the organization’s domain pattern. This issue occurs at the mapper level, leading to misrepresentation in tokens. If an application relies o...

CVE-2025-24502

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address...

CVE-2025-24502

An improper session validation allows an unauthenticated attacker to cause certain request notifications to be executed in the context of an incorrect user by spoofing the client IP address...

Vulnerability in core server (CVE-2024-10978)

PostgreSQL SET ROLE, SET SESSION AUTHORIZATION reset to wrong user ID Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an...

PT-2025-15427 · Fortinet · Fortiweb

Name of the Vulnerable Software and Affected Versions: FortiWeb versions 7.6.2 and below FortiWeb versions 7.4.6 and below FortiWeb versions 7.2.10 and below FortiWeb versions 7.0.11 and below Description: The issue is related to Incorrect User Management, allowing an authenticated attacker with ...

Incorrect User Management

github.com/ubuntu/authd is vulnerable to Incorrect User Management. The vulnerability is due to insufficient randomization of user IDs, allowing a local attacker to register usernames and spoof another user's ID, gaining their privileges. This issue affects Authd through version 0.3.6...