CVE-2026-46330

In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, the TCP ULP support for SMC is fundamentally broken. The implementation attempts to convert an acti...

June 9, 2026—KB5095051 (OS Build 28000.2269)

June 9, 2026—KB5095051 OS Build 28000.2269 ​​​​​This cumulative update for Windows 11, version 26H1 KB5095051 includes the latest security fixes and improvements, along with non-security updates from last month's optional preview release. Visit the Windows release health dashboard for the latest...

NT OS Kernel Elevation of Privilege Vulnerability

Integer underflow wrap or wraparound in Windows NT OS Kernel allows an authorized attacker to elevate privileges locally...

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

...

Windows NTFS Remote Code Execution Vulnerability

Heap-based buffer overflow in Windows NTFS allows an unauthorized attacker to execute code locally...

Windows Projected File System Elevation of Privilege Vulnerability

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally...

Windows Common Log File System Driver Elevation of Privilege Vulnerability

Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...

Windows Projected File System Elevation of Privilege Vulnerability

Buffer over-read in Windows Projected File System Filter Driver allows an authorized attacker to elevate privileges locally...

Windows Universal Disk Format File System Driver (UDFS) Elevation of Privilege Vulnerability

...

ROOT-OS-DEBIAN-12-CVE-2024-41957 CVE-2024-41957 in rootio-vim - Patched by Root

Root has patched CVE-2024-41957 in the rootio-vim package for Root:Debian:12. Multiple fixed versions available...

CVE-2026-46330

The CVE describes a Linux kernel design flaw in the net/smc TCP ULP support that was reverted and resolved. The issue arose from attempting to convert an active TCP socket into an SMC socket by in-place modifications to the underlying file structures (struct file, dentry, inode), which violates V...

CVE-2026-46330 Revert "net/smc: Introduce TCP ULP support"

In the Linux kernel, the following vulnerability has been resolved: Revert "net/smc: Introduce TCP ULP support" This reverts commit d7cd421da9da2cc7b4d25b8537f66db5c8331c40. As reported by Al Viro, the TCP ULP support for SMC is fundamentally broken. The implementation attempts to convert an acti...

CVE-2016-20064 WP Vault 0.8.6.6 Local File Inclusion via wpv-image Parameter

WP Vault 0.8.6.6 contains a local file inclusion vulnerability that allows unauthenticated attackers to read arbitrary files by exploiting an unescaped parameter in the include functionality. Attackers can supply directory traversal sequences through the wpv-image GET parameter to access sensitiv...

CVE-2026-2638 X-VPN macOS website versions - Local Privilege Escalation

A vulnerability in the quarantine and restore workflow of the X-VPN macOS website versions 77.0 through 77.5 allow a local attacker to leverage a race condition and symlink manipulation to achieve privileged file corruption...

github.com/pallets/click: Pallets Click: Arbitrary command execution via command injection in click.edit()

A flaw was found in Pallets Click. This command injection vulnerability, located in the click.edit function, allows an attacker with an unprivileged account to execute arbitrary operating system OS commands. This could lead to unauthorized control over the affected system...

CVE-2026-49741

Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...

CVE-2026-47350

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

CVE-2026-49741 TYPO3 CMS - Privilege Escalation & SQL Injection in Form Framework

Backend users with write access to the formdefinition database table were able to directly create, update, or delete form definition records via DataHandler, bypassing the Form Framework's persistence validation and permission checks. This allowed injecting arbitrary form configurations,...

CVE-2026-47350 TYPO3 CMS - Broken Access Control in DataHandler

Backend users were able to move records to a different page without having edit permissions on the source page. This issue affects TYPO3 CMS versions 13.0.0-13.4.31 and 14.0.0-14.3.3...

CVE-2026-47349 TYPO3 CMS - Broken Access Control in Recycler

Backend users with access to the Recycler module were able to restore soft-deleted records on pages or for tables they were not authorized to modify. This issue affects TYPO3 CMS versions before 10.4.57, 11.0.0-11.5.51, 12.0.0-12.4.46, 13.0.0-13.4.31 and 14.0.0-14.3.3...