Gokapi has privilege escalation via incomplete API-key permission revocation on user rank demotion

Summary A privilege escalation vulnerability in the user rank demotion logic allows a demoted user's existing API keys to retain ApiPermManageFileRequests and ApiPermManageLogs permissions, enabling continued access to upload-request management and log viewing endpoints after the user has been...

RHEL 9 : kernel (RHSA-2025:17377)

The remote Redhat Enterprise Linux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2025:17377 advisory. The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fixes: kernel: security/keys: fix...

EUVD-2025-14013

Malicious code in bioql PyPI...

The vulnerability of the Elastic App Search application discovery tool, related to incorrect permission configuration, allows a violator to increase their privileges.

The vulnerability of the Elastic App Search application discovery tool is related to the improper assignment of permissions for API keys. Exploiting this vulnerability can allow a malicious actor to enhance their privileges remotely...