SUSE CVE-2015-2667

Untrusted search path vulnerability in GNS3 1.2.3 allows local users to gain privileges via a Trojan horse uuid.dll in an unspecified directory...

CVE-2026-41953 BIG-IP Privilege Escalation vulnerability

A vulnerability exists in BIG-IP systems where a highly privileged, authenticated attacker with at least the Resource Administrator role can modify configuration objects resulting in privilege escalation. Note: Software versions which have reached End of Technical Support EoTS are not evaluated...

EUVD-2025-209737

RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration...

CVE-2025-69599

RayVentory Scan Engine through 12.6 Update 8 allows attackers to gain privileges if they control the value of the PATH environment variable. NOTE: this is disputed because ability of an attacker to control the environment is a site-specific misconfiguration...

Security update for python-pytest (moderate)

openSUSE security update: security update for python-pytest ------------------------------------------------------------- Announcement ID: openSUSE-SU-2026:20692-1 Rating: moderate References: bsc1257090 Cross-References: CVE-2025-71176 Affected Products: openSUSE Leap 16.0...

SUSE-SU-2026:1744-1 Security update for python-pytest

This update for python-pytest fixes the following issue - CVE-2025-71176: a TOCTOU race condition can cause a denial of service or possibly gain privileges bsc1257090...

OPENSUSE-SU-2026:20692-1 Security update for python-pytest

This update for python-pytest fixes the following issue: - CVE-2025-71176: a TOCTOU race condition can cause a denial of service or possibly gain privileges bsc1257090...

Astra Linux - уязвимость в linux

A memory-bound write flaw 1 or 2 bytes of memory was identified in the Linux kernel’s NFS subsystem, related to the way users use mirroring replication of files via NFS. A user with access to the NFS mount could potentially exploit this flaw to crash the system or escalate privileges on the syste...

CVE-2025-36568

Dell PowerProtect Data Domain BoostFS for client of Feature Release versions 7.7.1.0 through 8.5, LTS2025 release version 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.50, contain an insufficiently protected credentials vulnerability. A low privileged attacker with...

Microsoft Azure Custom Locations Resource Provider 代码问题漏洞

Microsoft Azure Custom Locations Resource Provider is a service component developed by Microsoft Corporation in the United States. It serves to extend, manage, and integrate custom data centers or edge resources. There is a code vulnerability in Microsoft Azure Custom Locations Resource Provider,...

cryptodev-linux 资源管理错误漏洞

cryptodev-linux is an open-source Linux kernel encryption device driver developed by cryptodev-linux. Versions of cryptodev-linux prior to 1.14 contain a resource management vulnerability. This vulnerability stems from a page reference handling flaw in the getuserbuf function of the /dev/crypto...

CVE-2025-62843

CVE-2025-62843 affects QHora/QuRouter where an improper restriction of a communication channel to intended endpoints allows a user with physical access to gain privileges intended for the original endpoint. The issue is fixed in QuRouter 2.6.3.009 and later. The CVSS-like metrics indicate physica...

PT-2026-26633

Name of the Vulnerable Software and Affected Versions QHora versions prior to 2.6.3.009 Description An issue exists in QHora where an improper restriction of communication channels to intended endpoints can allow an attacker with physical access to gain elevated privileges. The issue was exploite...

PT-2026-24448

In usim SendMCCMNCIndMsg of usim Registration.c, there is a possible out of bounds write due to memory corruption. This could lead to physical escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-20122

A vulnerability in the API of Cisco Catalyst SD-WAN Manager could allow an authenticated, remote attacker to overwrite arbitrary files on the local file system. To exploit this vulnerability, the attacker must have valid read-only credentials with API access on the affected system. This...

Cisco Catalyst SD-WAN Manager 安全漏洞

Cisco Catalyst SD-WAN Manager is a highly customizable dashboard provided by Cisco. It simplifies and automates the deployment, configuration, management, and operation of Cisco SD-WAN. There is a security vulnerability present in Cisco Catalyst SD-WAN Manager, which stems from improper handling ...

CVE-2020-36936

CVE-2020-36936 affects Magic Mouse 2 Utilities 2.20. It describes an unquoted service path in the Windows service configuration for the magicmouse2service, enabling an attacker to place a malicious file in the service path to gain elevated privileges. The provided documents do not specify a patch...

CVE-2025-71176

CVE-2025-71176 affects pytest up to 9.0.2 on UNIX: it relies on predictable temporary directories named /tmp/pytest-of-{user}, which can enable a local attacker to cause a denial of service and potentially gain privileges via insecure temporary directory handling. The provided sources describe th...

Hi-Rez Studios HiPatchService code-related vulnerabilities

Hi-Rez Studios HiPatchService is a software update service provided by Hi-Rez Studios in the United States. Version 5.1.6.3 of Hi-Rez Studios HiPatchService contains a code vulnerability. This vulnerability stems from the use of service paths without quotes in HiPatchService, which may allow loca...

Microsoft Graphics Component Resource Management Error Vulnerability

Microsoft Graphics Component is a graphics driver component of Microsoft Corporation USA. A security vulnerability exists in Microsoft Graphics Component. An attacker could exploit this vulnerability to gain elevated privileges...