CVE-2026-24440 Tenda W30E V2 Allows Password Changes Without Verifying Current Password

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected endpoint is obtained...

CVE-2026-24440

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected endpoint is obtained...

CVE-2026-24440

The issue affects Shenzhen Tenda W30E V2 with firmware up to version V16.01.0.19(5037). The maintenance interface allows an account password to be changed without verifying the existing password, enabling unauthorized password changes if an attacker can reach the affected endpoint. The available ...

CVE-2025-15062

Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a...

PT-2026-4279

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A low-privileged user can bypass account credentials without confirming the user's current authentication state, potentially leading to unauthorized privilege escalation. Recommendations At the momen...

[slackware-security] bind

New bind packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bind-9.18.44-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: Fix incorrect length checks for BRID and HHIT records...

MiracleLinux 9 : gtk3-3.24.31-5.el9 (AXSA:2024-9213:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9213:03 advisory. gtk3: gtk2: Library injection from CWD CVE-2024-6655 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

MiracleLinux 9 : qt5 (AXSA:2023-4961:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4961:01 advisory. qt: QProcess could execute a binary from the current working directory when not found in the PATH CVE-2022-25255 Tenable has extracted the preceding...

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2026-11773)

Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. Adobe InDesign suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

btrfs: don't log conflicting inode if it's a dir moved in the current transaction

...

CVE-2025-68778

A data corruption flaw was found in the Linux kernel's Btrfs filesystem log replay mechanism. When a directory is moved between parent directories in the same transaction and then a file with the same name is created and synced, the log replay can create a directory with two hard links. This caus...

SUSE CVE-2025-68778

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

SUSE CVE-2025-68811

In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rcpageoff for memcpy byte offset svcrdmacopyinlinerange added rccurpage page index to the page base instead of the byte offset rcpageoff. Use rcpageoff so copies land within the current page. Found by ZeroPath...

Slackware: Security Advisory (SSA:2026-014-01)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Slackware: Security Advisory (SSA:2026-014-03)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-140.7.0esr-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For...

[slackware-security] mozilla-firefox

New mozilla-firefox packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-firefox-140.7.0esr-i686-1slack15.0.txz: Upgraded. This update contains security fixes and improvements. For more...

[slackware-security] libpng

New libpng packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/libpng-1.6.54-i586-1slack15.0.txz: Upgraded. This update fixes security issues: Heap buffer over-read in the libpng simplified API...

CVE-2026-21280

Illustrator versions 29.8.3, 30.0 and earlier are affected by an Untrusted Search Path vulnerability that could result in arbitrary code execution in the context of the current user. If the application uses a search path to locate critical resources such as programs, an attacker could modify that...

UBUNTU-CVE-2025-71115

In the Linux kernel, the following vulnerability has been resolved: um: init cputasks earlier This is currently done in umlfinishsetup, but e.g. with KCOV enabled we'll crash because some init code can call into e.g. memparse, which has coverage annotations, and then the checks in checkkcovmode...