EUVD-2026-33055

LinkAce is a self-hosted archive to collect website links. Prior to 2.5.6, LinkAce contains a stored cross-site scripting vulnerability that allows a low-privilege user to execute arbitrary JavaScript in an administrator's browser session. This affects instances configured with SSO/OAuth...

CVE-2024-54450

An issue was discovered in Kurmi Provisioning Suite 7.9.0.33. If an X-Forwarded-For header is received during authentication, the Kurmi application will record the possibly forged IP address mentioned in that header rather than the real IP address that the user logged in from. This fake IP addres...

LTSP LDM Elevation of Privilege Vulnerability

LTSP is a well-known Linux Terminal Server Project program that adds thin client support to Linux servers. An elevation of privilege vulnerability exists in LTSP LDM, which can be exploited by an attacker with certain privileges to gain privileges by performing a symbolic link attack on files wit...

UBUNTU-CVE-2019-20373

LTSP LDM through 2.18.06 allows fat-client root access because the LDMUSERNAME variable may have an empty value if the user's shell lacks support for Bourne shell syntax. This is related to a run-x-session script...

April 17, 2018—KB4093117 (OS Build 15063.1058)

April 17, 2018—KB4093117 OS Build 15063.1058 Improvements and fixes This update includes quality improvements. No new operating system features are being introduced in this update. Key changes include: Addresses an issue that causes Microsoft Edge to stop working after a few seconds when running ...