1696 matches found
CVE-2026-41154
Software installed and run as a non-privileged user may cause OOB kernel memory reads or writes through GPU API calls. When indexing pages larger than 4kB in the page freeing logic of the sparse memory implementation, incorrect buffer indexing leads to OOB access...
PT-2026-56660
Name of the Vulnerable Software and Affected Versions Ray Enterprise Translation versions 0.0.0 through 4.0.4 Ray Enterprise Translation versions 4.1.0 through 4.1.4 Ray Enterprise Translation versions 11.0.0 through 11.0.4 Description Cross-Site Request Forgery CSRF occurs when a module fails to...
CVE-2026-48947
An improper access check allows privileged users to overwrite media files without editing permissions...
CVE-2026-48947
An improper access check allows privileged users to overwrite media files without editing permissions...
EUVD-2026-42069
An improper access check allows privileged users to overwrite media files without editing permissions...
CVE-2026-48947 Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints
An improper access check allows privileged users to overwrite media files without editing permissions...
CVE-2026-48947 Joomla! Core - [20260701] - Incorrect Access Control in com_media webservice endpoints
An improper access check allows privileged users to overwrite media files without editing permissions...
PT-2026-56220
Name of the Vulnerable Software and Affected Versions Joomla! Core affected versions not specified Description An improper access check in the com media webservice endpoints allows privileged users to overwrite media files even if they lack the necessary editing permissions. Recommendations At th...
CVE-2026-13384
CVE-2026-13384 is an Out-of-bounds Write vulnerability in WatchGuard Fireware OS wgagent. An authenticated privileged user could remotely execute arbitrary code via specially crafted requests to the Management Web UI. Affected: Fireware OS 12.1–12.12 and 2025.1–2026.2. CVSS details indicate netwo...
CVE-2026-56149
Allocation of Resources Without Limits or Throttling CWE-770 in Elasticsearch can lead to a denial of service via Excessive Allocation CAPEC-130. A user with elevated privileges can submit a specially crafted machine learning request that causes excessive memory consumption, which may render the...
CVE-2026-58036 Users API leaks whether privileged users have their user groups disabled for lack of 2FA
Exposure of Sensitive Information to an Unauthorized Actor vulnerability in Wikimedia Foundation MediaWiki. This vulnerability is associated with program files includes/Api/ApiQueryAllUsers.Php, includes/Api/ApiQueryUsers.Php, includes/Permissions/PermissionManager.Php,...
Linux Distros Unpatched Vulnerability : CVE-2026-53236
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks...
tcp: restrict SO_ATTACH_FILTER to priv users
...
SUSE CVE-2026-53249
In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options to users with CAPNETRAW capability. This prevents unprivileged...
CVE-2020-37256 Grav - Cross-Site Scripting in Admin Plugin Page Editor
Grav before 1.6.30 contains a cross-site scripting vulnerability in the Admin plugin page editor default security configuration. Privileged users with page editing capabilities can inject malicious scripts to execute arbitrary code and install malicious plugins for system access...
CVE-2026-53236
CVE-2026-53236 affects the Linux kernel where a patch restricts SO_ATTACH_FILTER (cBPF) usage on TCP sockets to CAP_NET_ADMIN, mitigating a potential side-channel leaking TCP sequence/ACK data. Debian/Ubuntu entries show patches across newer kernel builds (e.g., Linux 6.1 series with 6.1.176-1~de...
CVE-2026-53236
In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...
EUVD-2026-39327
In the Linux kernel, the following vulnerability has been resolved: tcp: restrict SOATTACHFILTER to priv users This patch restricts the use of SOATTACHFILTER cBPF on TCP sockets to users with CAPNETADMIN capability. This blocks potential side-channel attack where an unprivileged application...
PT-2026-52168
Name of the Vulnerable Software and Affected Versions Drupal AI versions 0.0.0 through 1.2.17 Drupal AI versions 1.3.0 through 1.3.8 Drupal AI versions 1.4.0 through 1.4.3 Description A missing authorization issue allows forceful browsing. Certain Drupal core actions exposed as agent tools lack...
CVE-2026-12163
Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting XSS vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or database configuration fields...