CVE-2026-45913

A flaw was found in the Linux kernel's bridge multicast module. This vulnerability arises from an inconsistency in how the system tracks multicast database entries mdbnentries for virtual local area network VLAN contexts. A local user with network configuration privileges could exploit this by...

PT-2026-42839

Name of the Vulnerable Software and Affected Versions Azure Entra ID affected versions not specified Description Improper privilege management allows an unauthorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...

EUVD-2026-28457

Server-side request forgery ssrf in Azure Notification Service allows an authorized attacker to elevate privileges over a network...

Microsoft 365 Copilot Elevation of Privilege Vulnerability

Url redirection to untrusted site 'open redirect' in M365 Copilot allows an unauthorized attacker to elevate privileges over a network...

Microsoft Partner Center Elevation of Privilege Vulnerability

Improper access control in Microsoft Partner Center allows an authorized attacker to elevate privileges over a network...

CVE-2026-25177

Improper restriction of names for files and other resources in Active Directory Domain Services allows an authorized attacker to elevate privileges over a network...

kernel: Bluetooth: hci_event: Fix UAF in hci_acl_create_conn_sync

A flaw was found in the Linux kernel’s Bluetooth subsystem HCI. Specifically, in the function hciaclcreateconnsync and related path hcilecreateconnsync, a connection object in state BTOPEN that is still pending command submission may be freed prematurely, leading to a use-after-free condition. An...

EUVD-2012-0362

Malware in sbrugna...

EUVD-2025-24284

Malicious code in bioql PyPI...

CVE-2025-49731

Improper handling of insufficient permissions or privileges in Microsoft Teams allows an authorized attacker to elevate privileges over a network...

Microsoft Azure Playwright 授权问题漏洞

Microsoft Azure Playwright is an open source framework for automated web application testing from Microsoft Corporation USA. An authorization issue vulnerability exists in Microsoft Azure Playwright that stems from improper authorization and could allow an unauthorized attacker to elevate...

OpenHarmony 安全漏洞

OpenHarmony is a kind of Hongmeng operating system open source project of China OpenAtom Foundation OpenAtom Foundation Foundation. A security vulnerability exists in OpenHarmony version v4.1.0 and earlier versions, which stems from a network administrative privilege bypass vulnerability...

CVE-2024-39868

A vulnerability has been identified in SINEMA Remote Connect Server All versions V3.2 SP1. Affected devices do not properly validate the authentication when performing certain actions in the web interface allowing an unauthenticated attacker to access and edit VxLAN configuration information of...

PT-2023-20375 · Dell · Dell Powerscale Onefs

Name of the Vulnerable Software and Affected Versions: Dell PowerScale OneFS versions 8.2.x through 9.4.x Description: The issue is related to an uncontrolled resource consumption vulnerability. A malicious network user with low privileges could potentially exploit this vulnerability in SMB,...

Code injection

OpenSIPS is a Session Initiation Protocol SIP server implementation. Prior to versions 3.1.7 and 3.2.4, sending a malformed Via header to OpenSIPS triggers a segmentation fault when the function calctagsuffix is called. A specially crafted Via header, which is deemed correct by the parser, will...

Design/Logic Flaw

FreeSWITCH is a Software Defined Telecom Stack enabling the digital transformation from proprietary telecom switches to a software implementation that runs on any commodity hardware. Prior to version 1.10.7, an attacker can perform a SIP digest leak attack against FreeSWITCH and receive the...

Oracle Database Server Database Filesystem component unauthorized access vulnerability

Oracle Database Server is a set of relational database management system of the United States Oracle Oracle. The database management system provides data management, distributed processing and other functions. An unauthorized access vulnerability exists in the Oracle Database Server Database...

Design/Logic Flaw

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology AMT and Intel Standard Manageability ISM. An unprivileged local attacker could provision manageability features gaining unprivileged network or local system...

CVE-2017-5689

An unprivileged network attacker could gain system privileges to provisioned Intel manageability SKUs: Intel Active Management Technology AMT and Intel Standard Manageability ISM. An unprivileged local attacker could provision manageability features gaining unprivileged network or local system...

Code injection

The twicca application 0.7.0 through 0.9.30 for Android does not properly restrict the use of network privileges, which allows remote attackers to read media files on an SD card via a crafted application...