Two vulnerabilities were discovered in pam-pkcs11, a PAM module which
allows to use PKCS#11 based smart cards in the PAM authentication stack,
which may allow to bypass the authentication in some scenarios.
The following vulnerabilities have been discovered in the WebKitGTK
web engine:
CVE-2025-24143
An anonymous researcher discovered that a maliciously crafted
webpage may be able to fingerprint the user.
CVE-2025-24150
Johan Carlsson discovered that copying a URL from Web Inspector
may lead to command injection.
CVE-2025-24158
Q1IQ and P1umer discovered that processing web content may lead to
a denial-of-service.
CVE-2025-24162
linjy and chluo discovered that processing maliciously crafted web
content may lead to an unexpected process crash.
