Astra Linux - уязвимость в freerdp2

FreeRDP is a free implementation of the Remote Desktop Protocol RDP. Prior to version 2.7.0, server-side authentication against a SAM file might succeed with invalid credentials if the server had configured an invalid SAM file path. Clients based on FreeRDP are not affected by this issue. However...

@antv/li-sam-assets (>=0.1.1 <=0.1.4) potentially affected by unknown CVE via @antv/insight-component (=1.0.0)

@antv/insight-component NPM version =1.0.0 is affected by a known vulnerability. The following packages have a transitive dependency on @antv/insight-component and may be impacted: - @antv/li-sam-assets =0.1.1, =0.1.4 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4029...

@antv/l7-editor (>=1.1.0 <=1.1.13), @antv/li-aiearth-assets (>=0.0.1 <=0.4.7) +2 more potentially affected by unknown CVE via @antv/sam (>=0.0.1 <=0.1.0)

@antv/sam NPM version =0.0.1, =1.1.0, =0.0.1, =0.1.1, =0.1.4 - @tommy2gis/geo-editor =1.1.9 Source cves: unknown CVE Source advisory: OSV:MAL-2026-4082...

CLSA-2026-1778146905 freerdp: Fix of CVE-2022-24883

Reuse centos7els branch for oraclelinux7els - CVE-2022-24883: fix server-side NTLM auth bypass against a SAM database by rejecting auth when SamOpen fails or the user entry is missing...

Unity Linux 20.1070e Security Update: freerdp (UTSA-2026-006940)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-006940 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol RDP. Prior to version 2.7.0, server side authentication against a SAM file might be successful for...

Malicious code in polymarkets-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 facfcba74011619f5bb2eaf096e41239f81520cb4effff3b45f8b42c84d42060 During import, the code attempts to exfiltrate to a hardcoded location sensitive data, including private SSH keys, cloud credentials and Windows SAM database...

MAL-2026-2403 Malicious code in polymarkets-sdk (PyPI)

--- -= Per source details. Do not edit below this line.=- Source: kam193 facfcba74011619f5bb2eaf096e41239f81520cb4effff3b45f8b42c84d42060 During import, the code attempts to exfiltrate to a hardcoded location sensitive data, including private SSH keys, cloud credentials and Windows SAM database...

[SECURITY] Fedora 43 Update: samtools-1.23.1-1.fc43

SAM Sequence Alignment/Map is a flexible generic format for storing nucleotide sequence alignment. SAM Tools provide various utilities for manipulating alignments in the SAM format, including sorting, merging, indexing and generating alignments in a per-position format...

CVE-2026-31967 HTSlib CRAM reader has out-of-bounds read due to improper validation of input

HTSlib is a library for reading and writing bioinformatics file formats. CRAM is a compressed format which stores DNA sequence alignment data. In the cramdecodeslice function called while reading CRAM records, the value of the mate reference id field was not validated. Later use of this value, fo...

Jervis 安全漏洞

Jervis is an automation tool from the individual developer Sam Gleske. A security vulnerability exists in versions prior to Jervis 2.2 that stems from the deterministic derivation of AES IV from passwords, which could lead to cryptographic vulnerabilities...

Jervis 加密问题漏洞

Jervis is an automation tool from the personal developer Sam Gleske. Versions of Jervis prior to 2.2 suffer from a cryptographic issue vulnerability that stems from the lack of authentication in AES/CBC/PKCS5Padding, which makes it susceptible to padded predicate attacks and ciphertext manipulati...

CVE-2025-14451

The Solutions Ad Manager plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.0.0. This is due to insufficient validation on the redirect URL supplied via the 'sam-redirect-to' parameter. This makes it possible for unauthenticated attackers to redirect users...

CVE-2025-14451

The Solutions Ad Manager plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.0.0. This is due to insufficient validation on the redirect URL supplied via the 'sam-redirect-to' parameter. This makes it possible for unauthenticated attackers to redirect users...

CVE-2025-14451 Solutions Ad Manager <= 1.0.0 - Unauthenticated Open Redirect via 'sam-redirect-to' Parameter

The Solutions Ad Manager plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.0.0. This is due to insufficient validation on the redirect URL supplied via the 'sam-redirect-to' parameter. This makes it possible for unauthenticated attackers to redirect users...

CVE-2025-14451

CVE-2025-14451 – The WordPress plugin Solutions Ad Manager is vulnerable to an unauthenticated Open Redirect via the sam-redirect-to parameter in versions up to 1.0.0. The issue stems from insufficient validation of the redirect URL, potentially allowing attackers to redirect users to deceptive s...

CVE-2025-14451 Solutions Ad Manager <= 1.0.0 - Unauthenticated Open Redirect via 'sam-redirect-to' Parameter

The Solutions Ad Manager plugin for WordPress is vulnerable to Open Redirect in all versions up to, and including, 1.0.0. This is due to insufficient validation on the redirect URL supplied via the 'sam-redirect-to' parameter. This makes it possible for unauthenticated attackers to redirect users...

WordPress Solutions Ad Manager plugin <= 1.0.0 - Unauthenticated Open Redirect via 'sam-redirect-to' Parameter vulnerability

Unauthenticated Open Redirect via 'sam-redirect-to' Parameter vulnerability discovered by Ivan Cese in WordPress Plugin Solutions Ad Manager versions = 1.0.0...

WordPress plugin Solutions Ad Manager 输入验证错误漏洞

WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a set of blogging platforms developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. An input...

sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...

sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems

A flaw was found in the integration of Active Directory and the System Security Services Daemon SSSD on Linux systems. In default configurations, the Kerberos local authentication plugin sssdkrb5localauthplugin is enabled, but a fallback to the an2ln plugin is possible. This fallback allows an...