Acer PredatorSense 路径遍历漏洞

Acer PredatorSense is a system management software developed by Acer, a company based in Taiwan, China. Versions 3.00.3136 to 3.00.3196 of Acer PredatorSense contain a path traversal vulnerability. This vulnerability stems from an exposed Windows named pipe configuration error in the program. It...

PT-2026-38677

Name of the Vulnerable Software and Affected Versions PredatorSense versions 3.00.3136 through 3.00.3196 Description A misconfigured Windows Named Pipe uses a custom protocol to invoke internal functions. This allows any authenticated local user to execute arbitrary code and delete arbitrary file...

ASUS System Control Interface 缓冲区错误漏洞

ASUS System Control Interface is a computer system control interface developed by ASUS, a Chinese company. There is a buffer overflow vulnerability in the ASUS System Control Interface. This vulnerability arises from reading sizes that exceed the size of the buffer within the IOCTL handler, which...

Security Bulletin: IBM MQ is vulnerable to a password disclosure vulnerability (CVE-2026-2607)

Summary IBM MQ has addressed a password disclosure vulnerability CVE-2026-2607 Vulnerability Details CVEID:CVE-2026-2607 DESCRIPTION: IBM MQ stores potentially sensitive information in log files that could be read by a local user. CWE:CWE-532: Insertion of Sensitive Information into Log File CVSS...

WatchGuard Agent 安全漏洞

WatchGuard Agent is a terminal security protection and device management agent provided by the American company WatchGuard. There is a security vulnerability in WatchGuard Agent, which stems from improper resource permission allocation in the patch management component. This vulnerability may all...

Sandboxie-Plus 注入漏洞

Sandboxie-Plus is a sandbox isolation software developed by Sandboxie-Plus Inc. Versions of Sandboxie-Plus 1.17.2 and earlier had an injection vulnerability. This vulnerability stems from an INI injection flaw that allows standard local users to bypass configuration restrictions and inject...

Amazon WorkSpaces 安全漏洞

Amazon WorkSpaces is a fully managed, persistent desktop virtualization service provided by Amazon, Inc. It allows your users to access the data, applications, and resources they need from any supported device, at any time. Versions of Amazon WorkSpaces prior to 2.6.2034.0 contained a security...

Astra Linux – Vulnerability in Linux 5.10

The nftablesnewset function in net/netfilter/nftablesapi.c in the Linux kernel before version 5.12.13 allows local users to cause a denial of service due to NULL pointer dereferencing and general protection faults, caused by the absence of initialization for nftsetelemexpralloc. A local user can...

Astra Linux – Vulnerability in sudo

In Sudo before 1.9.12p2, the sudoedit also known as -e feature improperly handles additional arguments passed in the user-provided environment variables SUDOEDITOR, VISUAL, and EDITOR. This allows a local attacker to append arbitrary entries to the list of files to process. This can lead to...

Astra Linux - уязвимость в intel-microcode

Sequence of processor instructions leads to unexpected behavior for some IntelR Processors may allow an authenticated user to potentially enable escalation of privilege and/or information disclosure and/or denial of service via local access...

EUVD-2026-26424

CVE-2026-33452 is a buffer overflow vulnerability in the Secure Access Windows client prior to 14.50. Attackers with local control of the Windows client can use it to ‘blue screen’ the system...

IBM watsonx.data intelligence 安全漏洞

IBM Watsonx.Data Intelligence is a data intelligence platform developed by IBM. Versions 5.2.0, 5.2.1, 5.3.0, and 5.3.1 of IBM Watsonx.Data Intelligence contain security vulnerabilities. These vulnerabilities stem from the storage of user credentials in plaintext, which could be read by local use...

CVE-2026-6970

authd prior to version 0.6.4 contains a logic error in primary group ID assignment that can lead to local privilege escalation. When a user's primary group ID GID differs from their UID, either because the account was created with authd prior to version 0.5.4 or because the primary group was...

Fan Control 安全漏洞

Fan Control is a cooling fan control software developed by Rémi Mercier. The Fan Control V251 version contains a security vulnerability, which stems from improper handling of Open File Dialog permissions. This vulnerability could allow local attackers to execute operations with administrator...

CVE-2026-41477

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...

CVE-2026-41477 Deskflow: Local privilege escalation via unauthenticated IPC

Deskflow is a keyboard and mouse sharing app. In 1.20.0, 1.26.0.134, and earlier, Deskflow daemon runs as SYSTEM and exposes an IPC named pipe with WorldAccessOption enabled. The daemon processes privileged commands without authentication, allowing any local unprivileged user to execute arbitrary...

deskflow 访问控制错误漏洞

Deskflow is an open-source tool for sharing keyboards and mice across devices. Versions of Deskflow such as 1.20.0, 1.26.0.134, and earlier had access control vulnerabilities. These vulnerabilities stemmed from the Deskflow daemon running as the SYSTEM account, exposing IPC named pipes that have...

CVE-2026-6861

A flaw was found in GNU Emacs. This vulnerability, a memory corruption issue, occurs when Emacs processes specially crafted SVG Scalable Vector Graphics CSS Cascading Style Sheets data. A local user could exploit this by convincing a victim to open a malicious SVG file, which may lead to a denial...

AVAST Antivirus 25.11 - Unquoted Service Path

Exploit Title: AVAST Antivirus 25.11 - Unquoted Service Path Exploit Author: Milad Karimi Ex3ptionaL Contact: [email protected] Date: 2025-12-17 Vendor Homepage:https://www.avast.com/ Software Link : https://www.avast.com/es-mx/download-thank-you.php?product=SLN&locale=es-mx Tested Version:...

Canonical Livepatch 安全漏洞

Canonical Livepatch is a system component developed by Canonical OpenSource that manages kernel hotfix updates and patches. Versions of Canonical Livepatch prior to 10.15.0 contained security vulnerabilities. These vulnerabilities were caused by improper access control, allowing local...