JLSEC-2026-107 Deno permission escalation vulnerability via open of privileged files with missing `--deny` flag

The Deno sandbox may be unexpectedly weakened by allowing file read/write access to privileged files in various locations on Unix and Windows platforms. For example, reading /proc/self/environ may provide access equivalent to --allow-env, and writing /proc/self/mem may provide access equivalent t...

CVE-2026-21000

Improper access control in Galaxy Store prior to version 4.6.03.8 allows local attacker to create file with Galaxy Store privilege...

CVE-2026-2464

Path traversal vulnerability in the AMR Printer Management 1.01 Beta web service, which allows remote attackers to read arbitrary files from the underlying Windows system by using specially crafted path traversal sequences in requests directed to the web management service. The service is...

SUSE CVE-2025-64324

KubeVirt is a virtual machine management add-on for Kubernetes. The hostDisk feature in KubeVirt allows mounting a host file or directory owned by the user with UID 107 into a VM. However, prior to version 1.6.1 and 1.7.0, the implementation of this feature and more specifically the DiskOrCreate...

CVE-2020-36868 Nagios XI < 5.7.3 Privilege escalation via Insecure getprofile.sh Script

Nagios XI versions prior to 5.7.3 contain a privilege escalation vulnerability in the getprofile.sh helper script. The script performed profile retrieval and initialization routines using insecure file/command handling and insufficient validation of attacker-controlled inputs, and in some...

JLSEC-2025-159 A flaw was found in glib before version 2.63.6

A flaw was found in glib before version 2.63.6. Due to random charset alias, pkexec can leak content from files owned by privileged users to unprivileged ones under the right condition...

EUVD-2005-0653

Malware in sbrugna...

EUVD-2019-8363

Malware in sbrugna...

EUVD-2002-1122

Malware in sbrugna...

EUVD-2019-10557

Malware in sbrugna...

EUVD-2021-1691

Malware in sbrugna...

EUVD-2021-7300

Malicious code in bioql PyPI...

A flaw was found in pesign. The pesign package provides a systemd service used to start the pesign daemon. This service unit runs a script to set ACLs for /etc/pki/pesign and /run/pesign directories to grant access privileges to users in the 'pesign' group. However, the script doesn't check for symbolic links. This could allow an attacker to gain access to privileged files and directories via a path traversal attack.

...

CVE-2025-53503

Trend Micro Cleaner One Pro is vulnerable to a Privilege Escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own...

CVE-2025-52521

Trend Micro Security 17.8 Consumer is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own...

CVE-2025-52521

Trend Micro Security 17.8 Consumer is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own...

Trend Micro Cleaner One Pro 安全漏洞

Trend Micro Cleaner One Pro is a computer cleaner and optimization software from Trend Micro. A security vulnerability exists in Trend Micro Cleaner One Pro that stems from an elevation of privilege vulnerability that could allow a local attacker to delete privileged files...

Microsoft Edge (Chromium-based) Privilege Escalation

This repository contains a conceptual proof-of-concept PoC for CVE-2025-47181, a link following privilege escalation vulnerability in Microsoft Edge Chromium-based. This vulnerability allows an attacker to exploit improper link resolution and symbolic link symlink handling by a trusted Edge updat...

CVE-2025-49385

Trend Micro Security 17.8 Consumer is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own...

CVE-2025-49384

Trend Micro Security 17.8 Consumer is vulnerable to a link following local privilege escalation vulnerability that could allow a local attacker to unintentionally delete privileged Trend Micro files including its own...