CVE-2026-29203

A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path...

EUVD-2026-28812

A chmod call in the cPanel Nova plugin's Cpanel::Nova::Connector follows symlinks, allowing setting root permissions on arbitrary system files or directories. That can cause DoS or local privilege escalation when an authenticated cPanel user places a symlink at a user-controlled legacy Nova path...

CVE-2026-29203

CVE-2026-29203 affects the cPanel Nova plugin component Cpanel::Nova::Connector. A chmod call follows symlinks, enabling an authenticated cPanel user to set root permissions on arbitrary system files or directories by placing a symlink at a user-controlled legacy Nova path in their home directory...

GHSA-VM69-H85X-8P85 SiYuan has an Incomplete Fix for IsSensitivePath Denylist Allows File Read from /opt, /usr, /home (GHSA-h5vh-m7fg-w5h6 Bypass)

Summary The IsSensitivePath function in kernel/util/path.go uses a denylist approach that was recently expanded GHSA-h5vh-m7fg-w5h6, commit 9914fd1 but remains incomplete. Multiple security-relevant Linux directories are not blocked, including /opt application data, /usr local configs/binaries,...

MiracleLinux 4 : openssh-5.3p1-122.AXS4 (AXSA:2017-1374:01)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1374:01 advisory. SSH Secure SHell is a program for logging into and executing commands on a remote machine. SSH is intended to replace rlogin and rsh, and to provide secure...

MAL-2025-191274 Malicious code in @oku-ui/slider (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 71cb82e7b11eea9aa7260ed7a7e31a29e21d10d81735768c536e42ee88d28b71 The package @oku-ui/slider was found to contain malicious code. Source: google-open-source-security...

CVE-2025-65083

GoSign Desktop through 2.4.1 disables TLS certificate validation when configured to use a proxy server. This can be problematic if the GoSign Desktop user selects an arbitrary proxy server without consideration of whether outbound HTTPS connections from the proxy server to Internet servers succee...

EUVD-2025-33387

An Authentication Bypass by Primary Weakness in the FTP server of Juniper Networks Junos OS allows an unauthenticated, network-based attacker to get limited read-write access to files on the device. When the FTP server is enabled and a user named "ftp" or "anonymous" is configured, that user can...

EUVD-2004-0158

Malware in sbrugna...

EUVD-2021-26499

Malware in sbrugna...

EUVD-2011-1501

Malware in sbrugna...

EUVD-2022-28462

Malicious code in bioql PyPI...

EUVD-2023-31289

Malicious code in bioql PyPI...

oath-toolkit: Local root exploit in a PAM module

A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...

Missing Encryption of Sensitive Data

Overview Affected versions of this package are vulnerable to Missing Encryption of Sensitive Data due to the ordering of code used to start an MCP server container. An attacker can read secrets without needing access to the secrets store itself by gaining access to the home folder of the user who...

oath-toolkit: Local root exploit in a PAM module

A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...

Linux : Session closes immediately while getting gray screen for 10 seconds

When launch connection on linux vda from cloud, for a user the connection closes after a grey windows on vda user home folder is not created but other users may login fine...

oath-toolkit: Local root exploit in a PAM module

A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...

paicoding 访问控制错误漏洞

paicoding is an open source community system for individual developers at itwanger. An access control error vulnerability exists in paicoding version 1.0.3, which originates from an incorrect operation of the file /user/home?userId=1&homeSelectType=read that results in information disclosure...

oath-toolkit: Local root exploit in a PAM module

A vulnerability was found in a PAM module, the oath-toolkit. The module gained a feature that allowed placing the OTP state file, called the usersfile, in the home directory of the to-be-authenticated user. The PAM module performed unsafe file operations in the users' home directories. Since PAM...