CVE-2026-0828 Kernel driver vulnerability in Safetica Endpoint Client

Kernel driver ProcessMonitorDriver.sys in Safetica's endpoint client x64 , versions 10.5.75.0 and 11.11.4.0, allows unprivileged user to abuse IOCTL path and terminate protected system processes...

PT-2026-51300

Name of the Vulnerable Software and Affected Versions ArubaSign versions prior to 4.6.6 Description Incorrect default permissions are assigned during the installation of the software. The main executable and other program files located in "C:Program Files" have excessive permissions for the...

Astra Linux – Vulnerability in Linux, Linux 5.10

preallocelemsandfreelist in kernel/bpf/stackmap.c in the Linux kernel before version 5.14.12 allows unprivileged users to trigger an eBPF multiplication integer overflow, resulting in an out-of-bounds write...

Astra Linux – Vulnerabilities in Linux-6.1, Linux-5.15, Linux-5.10

In the Linux kernel, the following vulnerability has been resolved: arm64: bpf: Mitigation is only applied to cBPF programs loaded by unprivileged users. Support for eBPF programs loaded by unprivileged users is typically disabled. This means that only cBPF programs need to be mitigated for BHB...

PT-2026-48988

Name of the Vulnerable Software and Affected Versions Discourse versions 2026.1.0 through 2026.1.3 Discourse versions 2026.3.0 Discourse versions 2026.4.0 Description When the SiteSetting.tags listed by group setting is enabled, the DetailedTagSerializertag group names function returns all tag...

CVE-2026-47163 Quest Bot: Unprivileged users can create and remove AutoMod rules.

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash commands can use /automod add, /automod remove, and /automod list because the command has no Discord default permission requirement and no runti...

CVE-2026-47163 Quest Bot: Unprivileged users can create and remove AutoMod rules.

Quest Bot is an opensource modern Discord Bot built for moderation, utilities and support. Prior to version 1.0.1, any guild member who can invoke slash commands can use /automod add, /automod remove, and /automod list because the command has no Discord default permission requirement and no runti...

CVE-2026-47163

Quest Bot prior to v1.0.1 allowed any guild member who can invoke slash commands to use /automod add, /automod remove, and /automod list due to missing Discord default permission and runtime moderator checks. An attacker could add a rule matching common text and cause the bot to delete other user...

FreeBSD : FreeBSD -- Missing permission check in thr_kill2(2) (91163897-6472-11f1-958d-bc241121aa0a)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 91163897-6472-11f1-958d-bc241121aa0a advisory. When used to deliver a signal to a specific thread, thrkill22 called pcansignal to determine whether th...

Security update for firewalld

This update for firewalld fixes the following issue: CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations bsc1260903. Patch Instructions: To install this SUSE update use the SUSE recommended installation...

SUSE-SU-2026:2302-1 Security update for firewalld

This update for firewalld fixes the following issue: - CVE-2026-4948: local unprivileged users can modify the runtime firewall state without proper authentication due to D-Bus setter mis-authorizations bsc1260903...

CVE-2026-32244

Discourse is an open-source discussion platform. In versions prior to 2026.1.4, 2026.3.1, 2026.4.1 and 2026.5.0-latest.1, outdated cached AI summaries can leak removed content to anonymous and unprivileged users who cannot regenerate summaries. This issue has been fixed in versions 2026.1.4,...

SUSE-SU-2026:22060-1 Security update for firewalld

This update for firewalld fixes the following issue - CVE-2026-4948: local unprivileged users can modify firewall state due to D-Bus setter mis-authorizations bsc1260903...

CVE-2026-47329

CVEs-2026-47329 affects Ubuntu Linux releases 6.8, 6.17 and 7.0 due to SAUCE patches failing to validate invalid sizes of the name field in AppArmor notification responses. The issue can be triggered by an unprivileged local user and may cause incorrect handling of crafted responses. Root cause: ...

EUVD-2026-32982

Ubuntu Linux 6.8, 6.17 and 7.0 contain SAUCE patches with a possible NULL pointer dereference in the handling of AppArmor notifications. The bug can be triggered by an unprivileged local user. This can lead to a kernel oops...

CVE-2026-46220

In the Linux kernel, the following vulnerability has been resolved: drm/amdgpu/sdma4: replace BUGON with WARNON in fence emission sdmav40ringemitfence contains two BUGONaddr & 0x3 assertions that verify fence writeback addresses are dword-aligned. These assertions can be reached from unprivileged...

PT-2026-44343

Name of the Vulnerable Software and Affected Versions Linux kernel affected versions not specified Description The sdma v4 0 ring emit fence function contains two BUG ON assertions used to verify that fence writeback addresses are dword-aligned. Unprivileged users can trigger these assertions by...

CVE-2026-3636 Sanitize team member data returned by API

Mattermost versions 11.6.x = 11.6.0, 11.5.x = 11.5.3, 11.4.x = 11.4.4, 10.11.x = 10.11.14 fail to sanitize team member data when returned via API to users without elevated permissions which allows a user without permissions to get data about team members roles via invoking various team API...

PackageKit: race condition vulnerability leads to arbitrary package installation as root

A flaw was found in PackageKit. A time-of-check time-of-use TOCTOU race condition on transaction flags allows unprivileged users to install packages as root, resulting in a local privilege escalation...

EUVD-2026-31076

In src/havegecmd.c, the sockethandler function performs a credential check on the abstract UNIX socket \0/sys/entropy/haveged. However, while it detects if the connecting user is not root cred.uid != 0 and prepares a negative acknowledgement ASCIINAK, it fails to stop execution. The code proceeds...