2883 matches found
UBUNTU-CVE-2026-34990
OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That...
CVE-2026-27456
util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...
GHSA-453R-G2PG-CXXQ Local Incus UI web server vulnerable to nuthentication bypass
Summary The web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. Details incus webui runs a local web server on a random localhost port. For authentication, it provides the user with a URL containing an authentication token...
CVE-2025-12708
IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...
CVE-2026-3113
CVE-2026-3113 affects Mattermost (versions listed) where bulk exports fail to enforce file permissions during download, enabling other local server users to read exported contents. Root cause: permissions are not properly set on the downloaded bulk export, allowing access beyond the intended owne...
CVE-2026-4606
GV Edge Recording Manager ERM v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. During installation, ERM creates a Windows service that runs under the LocalSystem account. When the ERM application is...
CVE-2025-36258
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...
CVE-2025-36258 IBM InfoSphere Information Server is vulnerable due to plaintext storage of a password
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...
CVE-2025-36258
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...
CVE-2025-36258
CVE-2025-36258 affects IBM InfoSphere Information Server 11.7.0.0–11.7.1.6. The root cause is plaintext storage of user credentials and other sensitive information, allowing a local user to read them. IBM’s security bulletin notes a CVSSv3.1 base score of 7.1 (vector: AV:L/AC:L/PR:N/UI:N/S:C/C:H/...
CVE-2025-12708
IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...
CVE-2025-12708 Multiple Vulnerabilities in IBM Concert Software
IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...
PT-2026-28093
IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...
PT-2026-28113
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...
CVE-2025-36051
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user...
CVE-2025-36051
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user...
CVE-2025-36051 IBM QRadar SIEM Information Disclosure
IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user...
Incorrect Permission Assignment for Critical Resource
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the creation of session transcript files with overly broad default permissions. An attacker can access sensitive transcript...
NewStart CGSL MAIN 6.06 (SP) : util-linux Vulnerability (NS-SA-2026-0013)
The remote NewStart CGSL host, running version MAIN 6.06 SP, has util-linux packages installed that are affected by a vulnerability: - Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. CVE-2014-9114 Note that Nessus has not tested for these issues but has instead...
CVE-2026-29125
IDC SFX2100 Satalite Recievers set the /etc/resolv.conf file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service...