CVE-2026-2040 PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must first obtain the ability to execute low-privileged code on...

CLSA-2026-1771601553 Fix CVE(s): CVE-2026-21925, CVE-2026-21932, CVE-2026-21933, CVE-2026-21945

OpenJDK 8u482 release + CVE-2026-21945: enhance Certificate Checking + CVE-2026-21932: enhance Handling of URIs + CVE-2026-21933: improve HttpServer Request handling + CVE-2026-21925: improve JMX connections - Release notes: https://mail.openjdk.org/pipermail/jdk8u-dev/2026-January/020959.html...

PDF-XChange Editor TrackerUpdate Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

This vulnerability allows local attackers to escalate privileges on affected installations of PDF-XChange Editor. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the TrackerUpdate...

CVE-2026-2258 aardappel lobster wfc.h WaveFunctionCollapse memory corruption

A flaw has been found in aardappel lobster up to 2025.4. Affected by this vulnerability is the function WaveFunctionCollapse in the library dev/src/lobster/wfc.h. Executing a manipulation can lead to memory corruption. The attack can only be executed locally. The exploit has been published and ma...

EulerOS Virtualization 2.10.0 : glibc (EulerOS-SA-2026-1167)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : The regcomp function in the GNU C library version from 2.4 to 2.41 is subject to a double free if some previous allocation fails. It...

Security Bulletin: Multiple Vulnerabilities in IBM Cloud Pak System

Summary Multiple vulnerabilities were addressed in IBM Cloud Pak System version 2.3.6.1. Vulnerability Details CVEID:CVE-2025-0395 DESCRIPTION: When the assert function in the GNU C Library versions 2.13 to 2.40 fails, it does not allocate enough space for the assertion failure message string and...

Unity Linux 20.1050e / 20.1060e / 20.1070e Security Update: glibc (UTSA-2026-005215)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-005215 advisory. Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library...

MiracleLinux 7 : glibc-2.17-157.el7.4 (AXSA:2017-1702:02)

The remote MiracleLinux 7 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1702:02 advisory. The glibc package contains standard libraries which are used by multiple programs on the system. In order to save disk space and memory, as well as to make...

MiracleLinux 4 : glibc-2.12-1.209.AXS4.2 (AXSA:2017-1703:03)

The remote MiracleLinux 4 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2017-1703:03 advisory. Security issues fixed with this release: CVE-2017-1000366 glibc contains a vulnerability that allows specially crafted LDLIBRARYPATH values to manipulate the...

MiracleLinux 9 : glibc-2.34-168.el9_6.19 (AXSA:2025-10672:12)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2025-10672:12 advisory. glibc: static setuid binary dlopen may incorrectly search LDLIBRARYPATH CVE-2025-4802 Tenable has extracted the preceding description block directly from th...

CVE-2021-28249

CA eHealth Performance Manager through 6.3.2.12 is affected by Privilege Escalation via a Dynamically Linked Shared Object Library. To exploit the vulnerability, the ehealth user must create a malicious library in the writable RPATH, to be dynamically linked when the FtpCollector executable is ru...

PT-2026-2059

Name of the Vulnerable Software and Affected Versions PIONEER CORPORATION installers affected versions not specified Description The installers for multiple products provided by PIONEER CORPORATION have a flaw in how they handle Dynamic Link Library DLL search paths. This can result in the loadin...

Security Bulletin: IBM DataPower Gateway potentially vulnerable to library path manipulation

Summary GNU C is used by IBM DataPower Gateway as part of the Supervisor component. Vulnerability Details CVEID:CVE-2025-4802 DESCRIPTION: Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared...

Oracle Linux 8 : glibc (ELSA-2025-28054)

The remote Oracle Linux 8 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2025-28054 advisory. - CVE-2025-8058: Double free in regcomp RHEL-105326 - CVE-2025-4802: static setuid dlopen may search LDLIBRARYPATH RHEL-92685 Tenable has extracted the precedi...

Sony INZONE Hub 代码问题漏洞

Sony INZONE Hub is a software for managing and customizing gaming devices from Sony Japan. A code issue vulnerability exists in Sony INZONE Hub versions 1.0.10.3 through 1.0.17.0, which stems from a DLL search path issue that could lead to unsafe loading of dynamic link libraries, which could...

TencentOS Server 4: glibc (TSSA-2025:0403)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the TSSA-2025:0403 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities:...

EUVD-2013-1937

Malware in sbrugna...

Unity Linux 20.1050a / 20.1060a / 20.1070a Security Update: glibc (UTSA-2025-177646)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2025-177646 advisory. Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled loading of dynamically shared library...

Huawei EulerOS: Security Advisory for glibc (EulerOS-SA-2025-2160)

The remote host is missing an update for the Huawei EulerOS SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

EulerOS Virtualization 2.13.0 : glibc (EulerOS-SA-2025-2161)

According to the versions of the glibc packages installed, the EulerOS Virtualization installation on the remote host is affected by the following vulnerabilities : Untrusted LDLIBRARYPATH environment variable vulnerability in the GNU C Library version 2.27 to 2.38 allows attacker controlled...