PT-2026-41139

Impact A Python operator precedence bug in pyzipper/zipfile aes.py caused the AE-2 format to never be automatically selected during encryption, regardless of file size or compression type. As a result, all encrypted entries are written in AE-1 format unless AE-2 is explicitly forced by the caller...

Exploit for Operator Precedence Logic Error in Freebsd

CVE-2026-7270 FreeBSD local privilege escalation via exec...

CVE-2026-7270

An operator precedence bug in the kernel results in a scenario where a buffer overflow causes attacker-controlled data to overwrite adjacent execve2 argument buffers. The bug may be exploitable by an unprivileged user to obtain superuser privileges...

FreeBSD-SA-26:13.exec

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-26:13.exec Security Advisory The FreeBSD Project Topic: Local privilege escalation via execve Category: core Module: execve2 Announced: 2026-04-29 Credits: Ryan...

GHSA-39Q2-94RC-95CP DOMPurify's ADD_TAGS function form bypasses FORBID_TAGS due to short-circuit evaluation

Summary In src/purify.ts:1117-1123, ADDTAGS as a function via EXTRAELEMENTHANDLING.tagCheck bypasses FORBIDTAGS due to short-circuit evaluation. The condition: !tagChecktagName && !ALLOWEDTAGStagName || FORBIDTAGStagName When tagChecktagName returns true, the entire condition is false and the...

CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

CVE-2026-34733

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

CVE-2026-34733 AVideo: Unauthenticated File Deletion via PHP Operator Precedence Bug in CLI Guard

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo installation script install/deleteSystemdPrivate.php contains a PHP operator precedence bug in its CLI-only access guard. The script is intended to run exclusively from the command line, but the guard condition...

PT-2026-29363

Name of the Vulnerable Software and Affected Versions AVideo versions 26.0 and prior Description AVideo is an open source video platform. The installation script, install/deleteSystemdPrivate.php, contains a PHP operator precedence bug in its command-line interface CLI-only access guard. The guar...

CVE-2026-25233

PEAR framework (PHP) is affected by a logic bug in the roadmap role check that allowed non-lead maintainers to create, update, or delete roadmaps. The issue is caused by an operator precedence/authorization flaw and has been patched in version 1.33.0. Red Hat/Ubuntu/NVD references describe the sa...

CVE-2024-30410

An Incorrect Behavior Order in the routing engine RE of Juniper Networks Junos OS on EX4300 Series allows traffic intended to the device to reach the RE instead of being discarded when the discard term is set in loopback lo0 interface. The intended function is that the lo0 firewall filter takes...

SUSE CVE-2023-52626

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix operation precedence bug in port timestamping napipoll context Indirection is of lower precedence than postfix increment ++. Logic in napipoll context would cause an out-of-bound read by first increment the pointer...

DEBIAN-CVE-2023-52626

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix operation precedence bug in port timestamping napipoll context Indirection is of lower precedence than postfix increment ++. Logic in napipoll context would cause an out-of-bound read by first increment the pointer...

CVE-2023-52626 net/mlx5e: Fix operation precedence bug in port timestamping napi_poll context

In the Linux kernel, the following vulnerability has been resolved: net/mlx5e: Fix operation precedence bug in port timestamping napipoll context Indirection is of lower precedence than postfix increment ++. Logic in napipoll context would cause an out-of-bound read by first increment the pointer...

PT-2024-14666 · Linux +7 · Linux Kernel +7

Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The issue is related to an operation precedence bug in the port timestamping napi poll context of the net/mlx5e driver. The logic in napi poll context would cause an out-of-bound read ...