CVE-2026-25705 Rancher Extensions have arbitrary file access via path traversal

A vulnerability has been identified in Rancher's Extensions where malicious code can be injected in Rancher through a path traversal in the compressedEndpoint field inside a UIPlugin deployment. A malicious UI extension could abuse that to: Overwrite Rancher binaries or configuration to inject...

kernel: "Dirty Frag" ESP XFRM variant is a new universal Local Privilege Escalation (LPE) vulnerability in the Linux kernel

A flaw was found in the Linux kernel's xfrm-ESP and RxRPC subsystems. Unsafe in-place cryptographic processing of shared socket buffer fragments allows a low-privileged local attacker to corrupt page-cache contents of readable files, including sensitive system files, and gain root privileges. The...

CVE-2026-41326

A flaw was found in Kata Containers. An oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations inside the guest workload image. This can be used to overwrite binaries inside the guest and exfiltrate data from containers; even those...

CVE-2026-41326

Kata Containers is an open source project focusing on a standard implementation of lightweight Virtual Machines VMs that perform like containers. From v3.4.0 to v3.28.0, an oversight in the CopyFile policy and perhaps the CopyFile handler allows untrusted hosts to write to arbitrary locations...

PT-2026-35062

Name of the Vulnerable Software and Affected Versions Kata Containers versions 3.4.0 through 3.28.0 Description An oversight in the CopyFile policy and potentially the CopyFile handler allows untrusted hosts to write to arbitrary locations within the guest workload image. This flaw can be exploit...

CVE-2026-0539

Incorrect Default Permissions in pcvisit service binary on Windows allows a low-privileged local attacker to escalate their privileges by overwriting the service binary with arbitrary contents. This service binary is automatically launched with NT\SYSTEM privileges on boot. This issue affects all...

CVE-2026-0539

Summary: CVE-2026-0539 describes a local privilege escalation in the pcvisit Windows service. The issue arises from incorrect default permissions on the pcvisit service binary, allowing a low-privileged local attacker to replace the binary with arbitrary contents. The service binary runs with SYS...

MiracleLinux 7 : rh-nodejs8-nodejs-8.17.0-2.el7 (AXSA:2020-200:01)

The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2020-200:01 advisory. nodejs-brace-expansion: Regular expression denial of service CVE-2017-18077 nodejs-chownr: TOCTOU vulnerability in chownr function in chownr.js...

EUVD-2019-0774

Malware in sbrugna...

CVE-2024-36586

An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary...

CVE-2022-36562

Incorrect access control in the install directory C:\Ruby31-x64 of Rubyinstaller2 v3.1.2 and below allows authenticated attackers to execute arbitrary code via overwriting binaries located in the directory...

CVE-2022-28999

Insecure permissions in the install directories and binaries of Dev-CPP v4.9.9.2 allows attackers to execute arbitrary code via overwriting the binary devcpp.exe...

GHSA-7JP9-VGMQ-C8R5 AdGuardHome privilege escalation vulnerability

An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary...

AdGuardHome privilege escalation vulnerability

An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary...

CVE-2024-36586

An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary...

CVE-2024-36587

Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy...

CVE-2024-36587

Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy...

CVE-2024-36587

Insecure permissions in DNSCrypt-proxy v2.0.0alpha9 to v2.1.5 allows non-privileged attackers to escalate privileges to root via overwriting the binary dnscrypt-proxy...

AdGuardHome privilege escalation vulnerability

An issue in AdGuardHome v0.93 to latest allows unprivileged attackers to escalate privileges via overwriting the AdGuardHome binary...

AdGuardHome Security Breach

AdGuardHome is AdguardTeam's block DNS servers for network-wide advertising and tracking. A security vulnerability exists in AdGuardHome version v0.93 and later. An attacker exploited the vulnerability to elevate privileges by overwriting the AdGuardHome binary...