CVE-2026-12189

The CVE-2026-12189 entry concerns Moovit Bus & Public Transit App 1.18 on Android, affecting the com.tranzmate component. The flaw is described as improper authorization in the handler for a custom URL scheme, enabling a local attacker to manipulate the app. Exploitability is local with low attac...

exploitGuard

Run and deploy your AI Studio app This contains everything yo...

Lenovo Accessories and Display Manager for Enterprise 访问控制错误漏洞

Lenovo Accessories and Display Manager for Enterprise is an enterprise-level platform for managing peripherals and display devices by Lenovo. There is an access control vulnerability in Lenovo Accessories and Display Manager for Enterprise. This vulnerability stems from a potential flaw that coul...

PT-2026-48009

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description A heap-based buffer overflow allows an unauthorized attacker to execute arbitrary code locally and remotely, affecting the system. A heap-based buffer overflow occurs when an...

PT-2026-47945

Name of the Vulnerable Software and Affected Versions Microsoft Office affected versions not specified Description A type confusion issue occurs when a resource is accessed using an incompatible type. This allows an unauthorized attacker to execute code locally within Microsoft Outlook and Word...

CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2026-1342

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts fro...

Astra Linux - уязвимость в linux-5.10, linux

A null pointer dereference was detected in the Linux kernel’s Integrated Sensor Hub ISH driver. This issue could allow a local user to crash the system...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021641)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021641 advisory. In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm...

CVE-2026-42832

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally...

CVE-2026-41100

Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally...

PT-2026-40194

Name of the Vulnerable Software and Affected Versions Microsoft Office Excel affected versions not specified Description A use after free issue in Microsoft Office Excel allows an unauthorized attacker to execute code locally. Use after free is a memory corruption flaw that occurs when an...

Microsoft Windows Admin Center 安全漏洞

Microsoft Windows Admin Center is a browser-based, locally deployed application developed by Microsoft. This tool is primarily used for managing servers and clusters. There are security vulnerabilities in Microsoft Windows Admin Center. Attackers can exploit these vulnerabilities to gain higher...

OESA-2026-2025 openjpeg2 security update

OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group JPEG. Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000...

EUVD-2026-25174

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

VulnCheck KEV: CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

Lenovo Software Fix 安全漏洞

Lenovo Software Fix is a system repair tool developed by the Chinese company Lenovo. Lenovo Software Fix has a security vulnerability, which stems from improper permission verification during the installation process. This vulnerability may allow locally authenticated users to execute write...

EUVD-2026-22581

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

Package Catalog Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...