EUVD-2026-10567

Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network...

CVE-2026-20967

Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network...

CVE-2026-20967

Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network...

USN-8082-1: GIMP vulnerabilities

Michael Randrianantenaina discovered that GIMP incorrectly handled certain malformed ICO files. An attacker could possibly use this to cause a denial of service or execute arbitrary code. CVE-2025-5473 Seungho Kim discovered that GIMP incorrectly handled certain memory operations when running the...

CVE-2026-20967

CVE-2026-20967 affects Microsoft System Center Operations Manager. The issue is due to improper input validation, enabling an authorized attacker to elevate privileges over the network. The CVSSv3.1 vector indicates a network-based, low-attack-complexity with low privileges required and high impa...

CVE-2026-20967 System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability

...

CVE-2026-20967 System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability

...

CVE-2026-2261

Due to a programming error, blocklistd leaks a socket descriptor for each adverse event report it receives. Once a certain number of leaked sockets is reached, blocklistd becomes unable to run the helper script: a child process is forked, but this child dereferences a null pointer and crashes...

System Center Operations Manager (SCOM) Elevation of Privilege Vulnerability

Improper input validation in System Center Operations Manager allows an authorized attacker to elevate privileges over a network...

Microsoft System Center Operations Manager 输入验证错误漏洞

Microsoft System Center Operations Manager is a large-scale monitoring and management software developed by Microsoft for use in corporate environments. This software was originally known as MOM Microsoft Operations Manager and is primarily used for monitoring IT systems, providing monitoring...

ImageMagick 安全漏洞

ImageMagick is a set of open-source image processing software developed by the ImageMagick project. It allows for reading, converting, and writing images in various formats. Versions of ImageMagick prior to 7.1.2-16 and 6.9.13-41 contained security vulnerabilities. These vulnerabilities stemmed...

PT-2026-24259

Name of the Vulnerable Software and Affected Versions System Center Operations Manager affected versions not specified Description Improper input validation exists in System Center Operations Manager, potentially allowing an authorized attacker to elevate privileges over a network. Recommendation...

NervesHub 安全漏洞

NervesHub is a software developed under open source by NervesHub for managing firmware updates of Nerves devices. Versions of NervesHub from 1.0.0 to 2.4.0 contained security vulnerabilities. These vulnerabilities stemmed from the lack of authorization checks in device batch operations and the...

EulerOS 2.0 SP13 : python-virtualenv (EulerOS-SA-2026-1260)

According to the versions of the python-virtualenv package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : virtualenv is a tool for creating isolated virtual python environments. Prior to version 20.36.1, TOCTOU Time-of-Check-Time-of-Use...

KLA90923 PE vulnerability in Microsoft System Center

An elevation of privilege vulnerability was found in Microsoft System Center. Malicious users can exploit this vulnerability to gain privileges. Original advisories CVE-2026-20967 Exploitation Related products Microsoft-System-Center-Operations-Manager CVE list CVE-2026-20967 critical Solution...

CVE-2026-26982 Ghostty affected by arbitrary command execution via control characters in paste and drag-and-drop operations

Ghostty is a cross-platform terminal emulator. Ghostty allows control characters such as 0x03 Ctrl+C in pasted and dropped text. These can be used to execute arbitrary commands in some shell environments. This attack requires an attacker to convince the user to copy and paste or drag and drop...

GHSA-HMQR-WJMJ-376C Netmaker has Insufficient Authorization in Host Token Verification

The Authorise middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorisation checks without verifying that the host is authorised to access the specific requested resource. Any entit...

Netmaker has Insufficient Authorization in Host Token Verification

The Authorise middleware in Netmaker incorrectly validates host JWT tokens. When a route permits host authentication hostAllowed=true, a valid host token bypasses all subsequent authorisation checks without verifying that the host is authorised to access the specific requested resource. Any entit...

⚡ Weekly Recap: Qualcomm 0-Day, iOS Exploit Chains, AirSnitch Attack & Vibe-Coded Malware

Another week in cybersecurity. Another week of "you've got to be kidding me." Attackers were busy. Defenders were busy. And somewhere in the middle, a whole lot of people had a very bad Monday morning. That's kind of just how it goes now. The good news? There were some actual wins this week. Real...

EUVD-2025-208399

A SQL injection vulnerability has been found in Eventobot. This vulnerability allows an attacker to retrieve, create, update and delete databases through the 'promosend' parameter in the '/assets/php/calculatediscount.php'...