CVE-2026-3508

An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash BSOD via a read size that exceeds the buffer size.Refer to the ' Security Update for MyASUS ' section on the ASUS Security Advisory for more information...

CVE-2026-3508

An Out-of-bounds Read vulnerability in the IOCTL handler in ASUS System Control Interface allows a local user to cause system crash BSOD via a read size that exceeds the buffer size.Refer to the ' Security Update for MyASUS ' section on the ASUS Security Advisory for more information...

CVE-2026-3508

The CVE-2026-3508 entry describes an Out-of-bounds Read in the IOCTL handler of ASUS System Control Interface. This allows a local user to trigger a system crash (BSOD) by issuing a read size larger than the internal buffer. Affected component: IOCTL handling within ASUS System Control Interface;...

CVE-2026-6737

An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the ' Security Update for ASUS Precision...

CVE-2026-6737

An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the ' Security Update for ASUS Precision...

CVE-2026-6737

An Exposed IOCTL with Insufficient Access Control vulnerability in AsusPTPFilter allows a local user to bypass driver security mechanisms and obtain restricted touchpad information or render the touchpad unusable via crafted IOCTL requests.Refer to the ' Security Update for ASUS Precision...

CVE-2026-6737

The CVE-2026-6737 entry concerns AsusPTPFilter used by ASUS Precision Touchpad. It describes an Exposed IOCTL with Insufficient Access Control that allows a local user to bypass driver security, potentially exposing restricted touchpad data or rendering the touchpad unusable through crafted IOCTL...

CVE-2026-8127 eladmin Users API Endpoint UserController.java checkLevel access control

A vulnerability has been found in eladmin up to 2.7. Impacted is the function checkLevel of the file /rest/UserController.java of the component Users API Endpoint. Such manipulation leads to improper access controls. The attack can be executed remotely. The exploit has been disclosed to the publi...

CVE-2026-8127

The CVE covers eladmin up to version 2.7, where the checkLevel function in /rest/UserController.java (Users API Endpoint) is susceptible. The issue allows remote manipulation that leads to improper access controls. Exploitation is possible remotely and has been disclosed publicly; the CVSS metric...

EUVD-2026-28448

Improper access control in Azure Managed Instance for Apache Cassandra allows an authorized attacker to execute code over a network...

EUVD-2026-28454

Improper access control in Azure AI Foundry M365 published agents allows an unauthorized attacker to elevate privileges over a network...

PT-2026-39276

Name of the Vulnerable Software and Affected Versions Open WebUI versions prior to 0.9.0 Description The 'GET /api/v1/channels/id/members' endpoint fails to perform a channel has access check for standard channels, including private ones. While membership is verified for group and dm channel type...

PT-2026-38670

Name of the Vulnerable Software and Affected Versions Control Web Panel CWP versions prior to 0.9.8.1209 Description Unauthenticated attackers can inject and execute arbitrary OS commands with root privileges on the web server. This occurs because user input provided through the key GET parameter...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There are security vulnerabilities in the Linux kernel, stemming from multiple defects in the RINGCTRLABORT processing in MIPI I3C HCI DMA. These defects include...

Avo 访问控制错误漏洞

Avo is an open-source Ruby on Rails management panel framework developed by Avo itself. Versions of Avo prior to 3.31.2 contained a security vulnerability related to access control. This vulnerability stemmed from insecure operation search logic in the ActionsController, allowing authenticated...

From Conceptual Scaffold to Prototype: A Standardized Zonal Architecture for Wi-Fi Security Training

Wi-Fi is the dominant wireless access technology, but its widespread use also exposes systems to threats such as rogue access points, deauthentication attacks, and other IEEE 802.11-specific vulnerabilities. Although Cyber Ranges CRs have become valuable platforms for cybersecurity training and...

PT-2026-39001

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description A flaw exists in the SMB client where the parse dacl function incorrectly handles Access Control Entry ACE SIDs. The function treats an ACE SID matching sid unix NFS mode as an NFS mode...

Scoold 访问控制错误漏洞

Scoold is a team-based Q&A and knowledge-sharing platform developed by Erudika. Versions of Scoold prior to 1.67.0 contained an access control vulnerability. This vulnerability stemmed from the ability to modify administrators’ configuration values using a forged Bearer token, potentially leading...

langfuse 访问控制错误漏洞

Langfuse is an open-source large language model engineering platform developed by Langfuse. Versions 3.68.0 to 3.167.0 contained a access control vulnerability. This vulnerability stemmed from a role-based access control flaw in the LLM connection update process. It could allow low-privilege user...

Linux kernel 安全漏洞

The Linux kernel is the core of the open-source operating system Linux, developed by the Linux Foundation in the United States. There is a security vulnerability in the Linux kernel, which stems from a mismatch in the type of the bpf encryption kfunc destructor function. This vulnerability may...