DEBIAN-CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

CVE-2026-48693

FastNetMon Community Edition through 1.2.9 is vulnerable to a local symlink attack via predictable file paths in /tmp. The statistics file path defaults to '/tmp/fastnetmon.dat' src/fastnetmon.cpp line 159. The printscreencontentsintofile function src/fastnetmonlogic.cpp line 2186 opens this path...

SUSE SLED15 / SLES15 Security Update : ntfs-3g_ntfsprogs (SUSE-SU-2026:1571-1)

The remote SUSE Linux SLED15 / SLEDSAP15 / SLES15 / SLESSAP15 host has packages installed that are affected by a vulnerability as referenced in the SUSE-SU-2026:1571-1 advisory. This update for ntfs-3gntfsprogs fixes the following issue: - CVE-2026-40706: heap buffer overflow in...

Azure Linux 3.0 Security Update: CBL-Mariner Releases (CVE-2026-40706)

The version of CBL-Mariner Releases installed on the remote Azure Linux 3.0 host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the CVE-2026-40706 advisory. - In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in...

UBUNTU-CVE-2026-35353

The mkdir utility in uutils coreutils incorrectly applies permissions when using the -m flag by creating a directory with umask-derived permissions typically 0755 before subsequently changing them to the requested mode via a separate chmod system call. In multi-user environments, this introduces ...

CVE-2026-40706

In NTFS-3G 2022.10.3 before 2026.2.25, a heap buffer overflow exists in ntfsbuildpermissionsposix in acls.c that allows an attacker to corrupt heap memory in the SUID-root ntfs-3g binary by crafting a malicious NTFS image. The overflow is triggered on the READ path stat, readdir, open when...

CVE-2026-35488 Tandoor Recipes — CustomIsShared permits DELETE/PUT on RecipeBook by shared (read-only) users

Tandoor Recipes is an application for managing recipes, planning meals, and building shopping lists. Prior to 2.6.4, RecipeBookViewSet and RecipeBookEntryViewSet use CustomIsShared as an alternative permission class, but CustomIsShared.hasobjectpermission returns True for all HTTP methods —...

PT-2026-33153

Name of the Vulnerable Software and Affected Versions Google Chrome on Android versions prior to 147.0.7727.101 Description A use after free issue in Permissions allows a remote attacker to execute arbitrary code via a crafted HTML page if a user is convinced to perform specific UI gestures. Use...

GHSA-6H7H-M7P5-HJQP Sulu checks fix permissions for subentities endpoints

Impact A user which has permission for the Sulu Admin via atleast one role could have access to the subentities of contacts via the admin API without even have permission for contacts. Patches The issue was patched in release 2.6.22 and 3.0.5. Workarounds Create a Symfony Request Listener checkin...

EUVD-2026-5626

Gogs is an open source self-hosted Git service. In version 0.13.3 and prior, the endpoint "PUT /repos/:owner/:repo/contents/" does not require write permissions and allows access with read permission only via repoAssignment. After passing the permission check, PutContents invokes UpdateRepoFile,...

PT-2026-3474

Name of the Vulnerable Software and Affected Versions OpenProject versions prior to 17.0.1 OpenProject versions prior to 16.6.5 Description OpenProject is a web-based project management software. A permission check failure in earlier versions allowed users with the 'View Members' permission in an...

MiracleLinux 3 : bind-9.3.6-20.P1.4.0.1.AXS3 (AXSA:2012-942:04)

"The remote MiracleLinux 3 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2012-942:04 advisory. BIND Berkeley Internet Name Domain is an implementation of the DNS Domain Name System protocols. BIND includes a DNS server named, which resolves host names ...

EUVD-2021-1457

Malware in sbrugna...

Linux Distros Unpatched Vulnerability : CVE-2022-49783

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - x86/fpu: Drop fpregs lock before inheriting FPU permissions Mike Galbraith reported the following against an old fork of preempt-rt but the same issue also...

Linux Distros Unpatched Vulnerability : CVE-2023-45364

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in includes/page/Article.php in MediaWiki 1.36.x through 1.39.x before 1.39.5 and 1.40.x before 1.40.1. Deleted revision existence is...

CVE-2023-1071

An issue has been discovered in GitLab affecting all versions from 15.5 before 15.8.5, all versions starting from 15.9 before 15.9.4, all versions starting from 15.10 before 15.10.1. Due to improper permissions checks it was possible for an unauthorised user to remove an issue from an epic...

CVE-2025-32915

Packages downloaded by Checkmk's automatic agent updates on Linux and Solaris have incorrect permissions in Checkmk 2.4.0p1, 2.3.0p32, 2.2.0p42 and = 2.1.0p49 EOL. This allows a local attacker to read sensitive data...

RUSTSEC-2025-0149 World Writable Directory in /var/log/below Allows Local Privilege Escalation

Below is a tool for recording and displaying system data like hardware utilization and cgroup information on Linux. Symlink Attack in /var/log/below/errorroot.log Below's systemd service runs with full root privileges. It attempts to create a world-writable directory in /var/log/below. Even if th...

CVE-2024-44228

This issue was addressed with improved permissions checking. This issue is fixed in Xcode 16. An app may be able to inherit Xcode permissions and access user data...

PT-2024-36426

Name of the Vulnerable Software and Affected Versions The LearnPress – WordPress LMS Plugin plugin for WordPress versions up to, and including, 4.2.6.8 Description The issue is related to Sensitive Information Exposure due to the incorrect implementation of the get items permissions check functio...