CVE-2025-59048

OpenBao's AWS Plugin (auth-aws) is affected by CVE-2025-59048: prior to v0.1.1, cross-account IAM role impersonation is possible when an untrusted account has a role with the same name as a trusted account, enabling unauthorized access in multi-account AWS setups. The issue has a patch in v0.1.1;...

The vulnerability of the btf_dump_name_dups() function in the tools/lib/bpf/btf_dump.c library of the libbpf library (Berkeley Packet Filters) in the Linux operating system’s kernel allows a attacker to compromise the confidentiality, integrity, and accessibility of the protected information.

The vulnerability of the libbpf library Berkeley Packet Filters in the Linux operating system is related to the reutilization of previously freed memory. Exploiting this vulnerability can allow an attacker to compromise the confidentiality, integrity, and accessibility of protected information...

PT-2023-34259 · Linux · Linux Kernel

Name of the Vulnerable Software and Affected Versions: Linux Kernel versions prior to v5.15.86 Description: The issue is related to a use-after-free in btf dump name dups. The actual impact and attack plausibility have not yet been proven. Recommendations: For Linux Kernel versions prior to...

CVE-2022-0442

The UsersWP WordPress plugin before 1.2.3.1 is missing access controls when updating a user avatar, and does not make sure file names for user avatars are unique, allowing a logged in user to overwrite another users avatar...