CVE-2025-54838

An Incorrect Authorization vulnerability CWE-863 in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests...

EUVD-2025-202273

An Incorrect Authorization vulnerability CWE-863 in FortiPortal 7.4.0 through 7.4.5 may allow an authenticated attacker to reboot a shared FortiGate device via crafted HTTP requests...

EUVD-2025-36502

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

CVE-2025-12390

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

CVE-2025-12390

A flaw was found in Keycloak. In Keycloak where a user can accidentally get access to another user's session if both use the same device and browser. This happens because Keycloak sometimes reuses session identifiers and doesn’t clean up properly during logout when browser cookies are missing. As...

PT-2025-44156

Name of the Vulnerable Software and Affected Versions Keycloak affected versions not specified Description A flaw exists in Keycloak that could allow a user to gain unintended access to another user's session when both users share the same device and browser. This occurs because Keycloak may reus...

EUVD-2025-31859

A vulnerability was identified in projectworlds Advanced Library Management System 1.0. Affected is an unknown function of the file /editadmin.php. The manipulation of the argument firstname leads to cross site scripting. It is possible to initiate the attack remotely. The exploit is publicly...

EUVD-2025-3998

Malicious code in bioql PyPI...

SUSE CVE-2025-39892

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on sndsoclookupcomponentnolocked soc-generic-dmaengine-pcm.c uses same dev for both CPU and Platform. In such case, CPU component driver might not have driver-name, then...

CVE-2025-39892 ASoC: soc-core: care NULL dirver name on snd_soc_lookup_component_nolocked()

In the Linux kernel, the following vulnerability has been resolved: ASoC: soc-core: care NULL dirver name on sndsoclookupcomponentnolocked soc-generic-dmaengine-pcm.c uses same dev for both CPU and Platform. In such case, CPU component driver might not have driver-name, then...

CVE-2025-4975

When a notification relating to low battery appears for a user with whom the device has been shared, tapping the notification grants full access to the power settings of that device...

TP-LINK Tapo 安全漏洞

TP-LINK Tapo is a series of secure WiFi cameras from China P&L TP-LINK. A security vulnerability exists in TP-LINK Tapo versions prior to 3.10.513, which stems from a low battery notification that could lead to a user of a shared device gaining full power settings access...

CVE-2025-24973 Concorde not removing authentication tokens after logging out

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker ...

CVE-2025-24973

CVE-2025-24973 (Concorde/Nexkey) affects Concorde versions prior to 12.25Q1.1. The root cause is an improper logout implementation where authentication credentials remain in cookies after logout, potentially allowing an attacker to steal tokens. Impact is severe if a user with admin privileges is...

CVE-2025-24973 Concorde not removing authentication tokens after logging out

Concorde, formerly know as Nexkey, is a fork of the federated microblogging platform Misskey. Prior to version 12.25Q1.1, due to an improper implementation of the logout process, authentication credentials remain in cookies even after a user has explicitly logged out, which may allow an attacker ...

A week in security (May 20 – May 26)

Last week on Malwarebytes Labs: How AI will change your credit card behind the scenes Criminal record database of millions of Americans dumped online Microsoft AI "Recall" feature records everything, secures far less How to remove a user from a shared Android device How to remove a user from a...

Cisco Anyconnect Secure Mobility Client Security Vulnerability

Cisco Anyconnect Secure Mobility Client is a VPN client software for secure connections from Cisco. A security vulnerability exists in the Cisco Anyconnect Secure Mobility Client, which can be exploited by an attacker by logging on to an affected device at the same time that another user is...

Cisco ASDM Information Disclosure (cisco-sa-asdm-logging-jnLOY422)

An information disclosure vulnerability exists in Cisco Adaptive Security Device Manager ASDM due to the storage of unencrypted credentials in certain logs. An authenticated, local attacker can exploit this, by accessing the logs on an affected system, to view the credentials of other users of th...

Azure Active Directory empowers frontline workers with simplified and secure access

Howdy folks, The past year has shown us all just how critical frontline workers are to our communities and our economy. They’re the people behind the counter, in the call centers, in hospital ICUs, on the supermarket floor—doing the critical work that makes the difference in feeding our families,...

Shared device requirements and Prerequisites for Enrolling Shared Devices in XenMobile.

Shared Device Requirements For the best user experience, including silent installation and removal of apps, Citrix recommends configuring shared devices on the following platforms: iOS 10 iOS 9 Android M Android 5.x Android 4.4.x Android 4.0.x MDM-only mode Prerequisites for Enrolling Shared...