CVE-2026-45250 Stack buffer overflow via setcred(2)

The setcred2 system call is only available to privileged users. However, before the privilege level of the caller is checked, the user-supplied list of supplementary groups is copied into a fixed-size kernel stack buffer without first validating its length. If the supplied list exceeds the capaci...

Exploit for CVE-2026-45250

FreeBSD setcred2 — research artifacts This subdirectory col...

Astra Linux - уязвимость в linux-5.10

In TBD of TBD, there is a potential use-after-free due to a race condition. This could lead to a local escalation of privileges in the kernel, as execution privileges are required. User interaction is not necessary for exploitation. Product: Android Versions: Android kernel Android ID: A-21951397...

darksword-Exploit

🗡️ DarkSword — iOS Full-Chain Exploit Analysis Reference:...

Important: Red Hat Security Advisory: OpenShift Container Platform 4.18.41 bug fix and security update

Red Hat OpenShift Container Platform release 4.18.41 is now available with updates to packages and images that fix several bugs and add enhancements. This release includes a security update for Red Hat OpenShift Container Platform 4.18. Red Hat Product Security has rated this update as having a...

CVE-2026-28819

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges...

EUVD-2026-29215

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges...

CVE-2026-28819

An out-of-bounds write issue was addressed with improved bounds checking. This issue is fixed in iOS 18.7.9 and iPadOS 18.7.9, macOS Sequoia 15.7.7, macOS Sonoma 14.8.7, macOS Tahoe 26.5. An app may be able to execute arbitrary code with kernel privileges...

Exploit for CVE-2026-31431

CVE-2026-31431 "Copy Fail" — Detection & Response Package P...

darksword-Exploit

🗡️ DarkSword — iOS Full-Chain Exploit Analysis Reference:...

(Pwn2Own) Red Hat Enterprise Linux vmwgfx Driver Integer Overflow Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of Red Hat Enterprise Linux. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

host-based-vulnerability-assessments

Host-Based Vulnerability Assessments Overview This reposi...

CVE-2025-35998

Missing protection mechanism for alternate hardware interface in the IntelR Quick Assist Technology for some IntelR Platforms within Ring 0: Kernel may allow an escalation of privilege. System software adversary with a privileged user combined with a low complexity attack may enable escalation of...

varstored: TOCTOU issues with mapped guest memory

ISSUE DESCRIPTION varstored is a component of the Xapi toolstack handling UEFI Variables for a VM. It has a communication path with OVMF inside the VM involving mapping a buffer prepared by OVMF. Within varstored, there were insufficient compiler barriers, creating TOCTOU issues with data in the...

MiracleLinux 9 : microcode_ctl-20240910-1.el9 (AXSA:2024-9072:11)

The remote MiracleLinux 9 host has a package installed that is affected by multiple vulnerabilities as referenced in the AXSA:2024-9072:11 advisory. kernel: local privilege escalation on Intel microcode on IntelR XeonR CVE-2023-22655 kernel: Local information disclosure on IntelR AtomR processors...

MiracleLinux 9 : kernel-5.14.0-427.13.1.el9_4 (AXSA:2024-8139:13)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2024-8139:13 advisory. kernel: GSM multiplexing race condition leads to privilege escalation CVE-2023-6546 kernel: multiple use-after-free vulnerabilities CVE-2024-1086,...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-000821)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000821 advisory. kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002691)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002691 advisory. The ecryptfsprivilegedopen function in fs/ecryptfs/kthread.c in the Linux kernel before 4.6.3 allows local users to gain privileges or cause a denial of service stac...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002592)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002592 advisory. kernel/events/core.c in the performance subsystem in the Linux kernel before 4.0 mismanages locks during certain migrations, which allows local users to gain...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-003133)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003133 advisory. An elevation of privilege vulnerability in the Upstream kernel bluez. Product: Android. Versions: Android kernel. Android ID: A-63527053. Tenable has extracted the...