158 matches found
CVE-2026-14868
The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gai...
CVE-2026-14868
The issue involves PcVue projects where the encryption protecting user account configurations in the builtāin user directory is too weak for prior versions (
CVE-2026-14868 Weak encryption mechanism for User directory
The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gai...
CVE-2026-14867
PcVue projects store credentials for built-in users insecurely in the User directory, affecting all versions before 17.0.0. A local attacker could retrieve these credentials, impacting confidentiality. Active Directory accounts are not affected. The provided documents do not include explicit reme...
CVE-2026-14867
Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve usersā credentials. Active Directory accounts are not affected by this vulnerability...
EUVD-2026-42031
Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve usersā credentials. Active Directory accounts are not affected by this vulnerability...
Astra Linux ā Vulnerability in Thunderbird
Previously, Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp. However, this behavior was changed so that the files were downloaded to /tmp, where they could be affected by other local users. This behavior has been reverted to the original,...
EUVD-2026-29501
The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file from...
PT-2026-40056
Name of the Vulnerable Software and Affected Versions optimate versions prior to commit a6d302f912b481c94370811af6b11402f51d377f Description The load model function in the neural magic training.py script allows arbitrary code execution. When a directory path is supplied via the --model command-li...
OptiMate å®å Øę¼ę“
OptiMate is an AI model optimization tool library developed by Nebuly. There is a security vulnerability in OptiMate. This vulnerability stems from the loadmodel function in the neuralmagictraining.py script, which directly executes the content of the module.py file located in the user-provided...
PT-2026-40119
The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading process. When loading model files .pt from a user-specified directory via the --model dir argument, the code uses torch.load withou...
Exploit for CVE-2026-30332
CVE-2026-30332 Description A Time-of-Check to Time-of-Use...
BIT-DISCOURSE-2026-33425 Discourse has inferable private group membership or existence via exclude_groups parameter
Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, unauthenticated users can determine whether a specific user is a member of a private group by observing changes in directory results when using the excludegroups parameter. Versions 2026.3.0,...
CVE-2026-33425 Discourse has inferable private group membership or existence via exclude_groups parameter
Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, unauthenticated users can determine whether a specific user is a member of a private group by observing changes in directory results when using the excludegroups parameter. Versions...
EulerOS 2.0 SP12 : httpd (EulerOS-SA-2026-1396)
According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exe...
CVE-2026-29127
The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation dependin...
CVE-2026-29127
The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation dependin...
CVE-2026-26265
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...
EUVD-2026-8859
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...
CVE-2026-26265 Discourse has IDOR vulnerability in the directory items endpoint
Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...