EUVD-2026-36147

A privilege escalation PE vulnerability in the Palo Alto Networks Prisma Access Agent app on Linux devices enables a local user to execute code with elevated privileges. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

Palo Alto Networks Prisma Access Agent 安全漏洞

Palo Alto Networks Prisma Access Agent is a zero-trust network access client agent developed by Palo Alto Networks. There is a security vulnerability in the Palo Alto Networks Prisma Access Agent for Linux, which stems from an issue related to privilege escalation. This vulnerability may allow...

Palo Alto Networks GlobalProtect app 日志信息泄露漏洞

The Palo Alto Networks GlobalProtect app is a network protection software developed by Palo Alto Networks. The GlobalProtect app for macOS has a vulnerability related to log information leakage. This vulnerability allows local users to obtain the configuration passwords necessary to disable,...

PT-2026-48451

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

Lenovo Smart Connect 安全漏洞

Lenovo Smart Connect is a cross-device collaboration platform developed by China’s Lenovo Corporation. There is a security vulnerability in Lenovo Smart Connect for Windows. This vulnerability stems from a potential authentication bypass, which may allow locally authenticated users to execute...

Lenovo LanSchool Classic 代码问题漏洞

Lenovo LanSchool Classic is a classroom teaching management software developed by Lenovo Corporation. Lenovo LanSchool Classic has code vulnerabilities, which stem from potentially uncontrolled search paths. These vulnerabilities may allow locally authenticated users to execute arbitrary code wit...

EulerOS 2.0 SP13 : tigervnc (EulerOS-SA-2026-2359)

According to the versions of the tigervnc packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : In TigerVNC before 1.16.2, Image.cxx in x0vncserver allows other users to observe or manipulate the screen contents, or cause an application...

EUVD-2026-35466

Insufficient authentication and input validation in the listed NETGEAR models allow users connected to the local network to execute commands impacting product's confidentiality or change certain configurations...

Waves Central 代码问题漏洞

Waves Central is an audio software licensing and product management tool developed by Waves Corporation. Versions of Waves Central for macOS from 13.0.9 to 16.5.5 contain code vulnerabilities. These vulnerabilities stem from the use of a trusted XPC client component that employs enhanced runtime...

PT-2026-47859

Name of the Vulnerable Software and Affected Versions NETGEAR affected versions not specified Description Insufficient authentication and input validation allow users connected to the local network to execute commands, which can impact product confidentiality or allow the modification of certain...

AMD uProf 安全漏洞

AMD uProf is a cross-platform performance analysis tool developed by AMD, a company specializing in semiconductors. AMD uProf has a security vulnerability that stems from improper access control. This vulnerability could allow local attackers with user privileges to write to the kernel’s shared...

CVE-2026-44119

Improper Privilege Management vulnerability in Apache HTTP Server 2.4.67 and earlier allows local .htaccess authors to read files with the privileges of the httpd user. This issue affects Apache HTTP Server: from through 2.4.67. Users are recommended to upgrade to version 2.4.68, which fixes the...

CVE-2025-36335

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

CVE-2026-47326

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a memory leak in the handling of big responses to AppArmor notifications. The bug can be triggered by an unprivileged local user. The memory leak could lead to resource exhaustion...

CVE-2026-45246

Summarize prior to 0.15.1 contains an insecure file permission vulnerability in the refresh-free configuration rewrite path that allows local users to read sensitive credentials by exploiting default filesystem permissions. When the refresh-free path rewrites the configuration file, it creates th...

CVE-2022-49036

An inclusion of functionality from untrusted control sphere vulnerability in OpenSSL configuration in Synology Active Backup for Business Recovery Media Creator before 2.5.0-2081 allows local users to execute arbitrary code via unspecified vectors...

CVE-2026-4482

The installer certificate files in the …/bootstrap/common/ssl folder do not seem to have restricted permissions on Windows systems users have read and execute access. For the client.key file in particular, this could potentially lead to exploits, as this exposes agent identity material to any...

Synology Active Backup for Business Recovery Media Creator 安全漏洞

Synology Active Backup for Business Recovery Media Creator is a tool developed by the Chinese company Synology, designed to generate system recovery boot media and perform device disaster recovery operations. Versions of Synology Active Backup for Business Recovery Media Creator prior to 2.5.0-20...

USN-8238-2 editorconfig-core vulnerability

USN-8238-1 fixed a vulnerability in EditorConfig. This update contains the corresponding fix for Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 20.04 LTS, and Ubuntu 22.04 LTS. Original advisory details: It was discovered that EditorConfig incorrectly handled specially crafted configuration files. A...

CVE-2025-66593

An origin validation error vulnerability in Synology Assistant before 7.0.6-50085 allows local users to write arbitrary files with restricted content and conduct denial-of-service during installation...