CVE-2026-0138

In lwisiobufferwrite of lwisiobuffer.c, there is a possible out of bounds write due to memory corruption. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0137

In edgetpusyncfencegroupshutdown of edgetpu-dmabuf.c, there is a possible elevation of privilege due to a use after free. This could lead to local escalation of privilege with System execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0137

CVE-2026-0137 affects the EdgeTPU kernel driver. The root cause is a use-after-free in the function edgetpu_sync_fence_group_shutdown() within edgetpu-dmabuf.c, which can enable a local elevation of privilege. The impact is local escalation to System execution privileges, with no user interaction...

CVE-2026-0133

In smmuattachdev of arm-smmu-v3.c, there is a possible way to sign malicious Android Runtime bootclass artifacts due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-0133

Affected component: arm-smmu-v3.c (smmu_attach_dev). The issue is a missing permission check that can allow signing malicious Android Runtime bootclass artifacts, enabling local escalation of privilege without extra execution privileges. Exploitation requires local access; user interaction is not...

CVE-2026-0131

In RtpPacket::decodePacket, there is a possible out of bounds access due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

CVE-2026-0131

The CVE-2026-0131 entry affects the code path In RtpPacket::decodePacket, where an integer overflow can cause an out-of-bounds access. This vulnerability could enable local escalation of privilege with no additional execution privileges required, and exploitation requires user interaction. Connec...

CVE-2026-0125

CVE-2026-0125 is a local elevation-of-privilege issue caused by a use-after-free in vpu_ioctl.c across multiple functions, triggered by a race condition. The vulnerability allows a local attacker to escalate privileges without additional execution privileges or user interaction, as described in s...

CVE-2026-0125

In multiple functions of vpuioctl.c, there is a possible use after free due to a race condition. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-53854

OpenClaw is affected by a privilege escalation in versions before 2026.4.25. The issue arises from wildcard inheritance of ownerAllowFrom state across channel boundaries in internal and webchat command authentication, allowing a sender to execute owner-like commands outside the intended channel s...

CVE-2026-53849

CVE-2026-53849 — OpenClaw prior to 2026.5.7 : A privilege-escalation in which the allowFrom feature validates Discord identity via mutable display names instead of immutable user IDs. An attacker with a Discord account can alter their display name to align with a policy entry and gain unauthorize...

CVE-2026-53847

OpenClaw CVE-2026-53847 affects versions prior to 2026.5.6. It describes a privilege-escalation in the Active Memory write scope where Gateway operators with operator.write access can modify global configuration without operator.admin privileges due to insufficient scope validation. The vulnerabi...

CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability

...

CVE-2026-50656 Microsoft Defender Elevation of Privilege Vulnerability

...

CVE-2026-50656

Technical details about CVE-2026-50656 (affected components, root cause, impact specifics, remedies) are not publicly available in the provided documents. Monitor official advisories for updates.

CVE-2026-46331

A flaw was found in the Linux kernel's traffic control packet editing pedit subsystem. In tcfpeditact, the copy-on-write COW range for skbensurewritable is computed once before iterating over edit keys, but the calculation does not account for runtime header offsets added by typed keys. This can...

rsync: TOCTOU symlink race condition allowing local privilege escalation in daemon mode without chroot.

A flaw was found in rsync. An rsync daemon configured with "use chroot = no" is exposed to a time-of-check / time-of-use race on parent path components. A local attacker with write access to a module can replace a parent directory component with a symlink between the receiver's check and its open...

CVE-2026-24155

NVIDIA NeMo Framework for all platforms contains a code injection vulnerability. A successful exploit of this vulnerability might lead to code execution, escalation of privileges, information disclosure, and data tampering...

CVE-2026-24228

NVIDIA NeMo Framework for Linux contains a vulnerability where an attacker may cause deserialization of untrusted data. A successful exploit of this vulnerability may lead to code execution, escalation of privileges, data tampering, and information disclosure...

CVE-2024-30476

PowerStore contains a Stored Cross-Site Scripting Vulnerability in the PowerStore Manager. A remote authenticated low-privileged malicious actor could potentially exploit this vulnerability, it could lead to script execution in the client browser...