CVE-2026-34762

Ella Core’s vulnerability (CVE-2026-34762) affects versions prior to 1.8.0. The PUT /api/v1/subscriber/{imsi} endpoint accepts an IMSI in both the URL path and the JSON body without verifying they match, enabling an authenticated NetworkManager to modify any subscriber’s QoS policy while the audi...

EUVD-2026-7437

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. Prior to version...

CVE-2026-25966

ImageMagick is free and open-source software used for editing and manipulating digital images. The shipped "secure" security policy includes a rule intended to prevent reading/writing from standard streams. However, ImageMagick also supports fd: pseudo-filenames e.g., fd:0, fd:1. Prior to version...

CVE-2026-25965

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, ImageMagick’s path security policy is enforced on the raw filename string before the filesystem resolves it. As a result, a policy rule such as /etc/ can be...

GHSA-FM6W-RRP3-2X4W Keycloak Affected by Broken Access Control Vulnerability in the UserManagedPermissionService

A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService UMA Protection API. When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first...

CVE-2025-14778

A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService UMA Protection API. When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first...

CVE-2025-14778 Keycloak: incorrect ownership checks in /uma-policy/

A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService UMA Protection API. When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first...

CVE-2025-14778

A flaw was found in Keycloak. A significant Broken Access Control vulnerability exists in the UserManagedPermissionService UMA Protection API. When updating or deleting a UMA policy associated with multiple resources, the authorization check only verifies the caller's ownership against the first...

CVE-2023-53652 vdpa: Add features attr to vdpa_nl_policy for nlattr length check

In the Linux kernel, the following vulnerability has been resolved: vdpa: Add features attr to vdpanlpolicy for nlattr length check The vdpanlpolicy structure is used to validate the nlattr when parsing the incoming nlmsg. It will ensure the attribute being described produces a valid nlattr point...

EUVD-1999-1339

Malware in sbrugna...

keylime-ima-policy-0.2.7+141-1.1 on GA media (moderate)

keylime-ima-policy-0.2.7+141-1.1 on GA media Announcement ID: openSUSE-SU-2025:15426-1 Rating: moderate Cross-References: CVE-2025-58266 Affected Products: openSUSE Tumbleweed An update that solves one vulnerability can now be installed. Description: These are all security issues fixed in the...

CVE-2021-31222

SES Evolution before 2.1.0 allows updating some parts of a security policy by leveraging access to a computer having the administration console installed...

selinux-policy bug fix and enhancement update

An update is available for selinux-policy. This update affects Rocky Linux 8. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...

selinux-policy bug fix and enhancement update

An update is available for selinux-policy. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...

UBUNTU-CVE-2024-58016

In the Linux kernel, the following vulnerability has been resolved: safesetid: check size of policy writes syzbot attempts to write a buffer with a large size to a sysfs entry with writes handled by handlepolicyupdate, triggering a warning in kmalloc. Check the size specified for write buffers...

CISCO-SA-20180718-POLICY

creationtimestamp| type| source ---|---|--- 2024-12-17 06:41:50+00:00| seen| https://social.circl.lu/users/vulnerabilitylookup/statuses/113666793827013630...

Linux kernel 安全漏洞

Linux kernel is the kernel used by Linux, the open source operating system of the Linux Foundation in the United States. A security vulnerability exists in the Linux kernel, which stems from an issue with the DML2 policy update for the drm/amd/display module...

CVE-2024-10133

A vulnerability has been found in ESAFENET CDG 5 and classified as critical. Affected by this vulnerability is the function updateNetSecPolicyPriority of the file /com/esafenet/servlet/ajax/NetSecPolicyAjax.java. The manipulation of the argument id/frontId leads to sql injection. The attack can b...

CVE-2024-39689

Certifi is a curated collection of Root Certificates for validating the trustworthiness of SSL certificates while verifying the identity of TLS hosts. Certifi starting in 2021.5.30 and prior to 2024.7.4 recognized root certificates from GLOBALTRUST. Certifi 2024.7.04 removes root certificates fro...

selinux-policy bug fix and enhancement update

An update is available for selinux-policy. This update affects Rocky Linux 9. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list For detailed information on changes in this release, see the Rocky Lin...