CVE-2026-44726

CVE-2026-44726 affects Deno (2.0.0–2.7.8) via the Node.js tls compatibility layer. When autoSelectFamily is enabled and the first address-family attempt fails, the socket reinitialization path reuses a stale TLS upgrade hook tied to the original failed handle, causing the replacement TCP connecti...

CVE-2026-49411

Summary (technical, grounded): CVE-2026-49411 affects Deno’s Node.js compatibility TCP path. Prior to v2.8.0, permission checks for deny-net were performed on the original hostname string before DNS resolution and not re-checked after resolution. This allowed a numeric IP alias (for example 21307...

CVE-2026-53571

Vite is a frontend tooling framework for JavaScript. Prior to 8.0.16, 7.3.5, and 6.4.3, the contents of files that are specified by server.fs.deny can be returned to the browser on Windows. Vite’s dev server denies direct access to sensitive files through server.fs.deny, including entries such as...

EUVD-2026-38037

In the Linux kernel, the following vulnerability has been resolved: RDMA: During reregmr ensure that REREGACCESS is compatible If IBMRREREGACCESS changes from RO to RW then the umem has to be re-evaluated to ensure it is properly pinned as RW. Since the umem is hidden inside each driver's mr stru...

CVE-2026-52908

The CVE-2026-52908 entry concerns the Linux kernel RDMA path and a compatibility issue during rereg_mr. The root cause is that if IB_MR_REREG_ACCESS changes from RO to RW, the umem must be re-evaluated to ensure proper RW pinning. The fix adds a per-driver hook ib_umem_check_rereg() (to be called...

CVE-2026-52908

In the Linux kernel, the following vulnerability has been resolved: RDMA: During reregmr ensure that REREGACCESS is compatible If IBMRREREGACCESS changes from RO to RW then the umem has to be re-evaluated to ensure it is properly pinned as RW. Since the umem is hidden inside each driver's mr stru...

[SECURITY] Fedora 44 Update: ldns-1.9.2-1.fc44

ldns is a library with the aim to simplify DNS programming in C. All low-level DNS/DNSSEC operations are supported. We also define a higher level API which allows a programmer to for instance create or sign packets...

PT-2026-50148

Name of the Vulnerable Software and Affected Versions Deno versions prior to 2.8.0 Description The Node.js compatibility TCP path fails to re-verify network permissions after hostname resolution. While the network permission model is intended to apply rules to the resolved IP address, affected...

PT-2026-49574

Name of the Vulnerable Software and Affected Versions Vite versions prior to 8.0.16 Vite versions prior to 7.3.5 Vite versions prior to 6.4.3 Description On Windows, the development server fails to correctly normalize NTFS Alternate Data Streams ADS path forms and 8.3 short name compatibility pat...

EUVD-2026-36382

SQL injection vulnerability in phpBB profile field migration due to improper handling of user-supplied profile field data during migration, allowing execution of arbitrary SQL queries. Only applies to phpBB forums that had been updated from versions prior to phpBB 3.3.8 and have not been updated ...

CVE-2026-53674

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...

CVE-2026-45487

Time-of-check time-of-use TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally...

CVE-2026-53674

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...

CVE-2026-53674

CVE-2026-53674 affects BuddyPress 14.4.0. A regular expression injection in the activity mention resolver occurs when username compatibility mode is enabled, allowing an attacker to craft @mentions with regex metacharacters that pass esc_sql and are inserted into an unprepared REGEXP query on the...

CVE-2026-53674 BuddyPress 14.4.0 REGEXP Injection via @Mention Username Resolution

BuddyPress 14.4.0 contains a regular expression injection vulnerability in the activity mention resolver that, when username compatibility mode is enabled, allows attackers to manipulate a REGEXP database clause by crafting mention names containing regex metacharacters. Attackers can submit...

EUVD-2026-35673

Time-of-check time-of-use TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally...

CVE-2026-45487

Time-of-check time-of-use TOCTOU race condition in Program Compatibility Assistant Service allows an authorized attacker to elevate privileges locally...

CVE-2026-45487 Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability

...

CVE-2026-45487

CVE-2026-45487 is a Windows vulnerability in the Program Compatibility Assistant Service where a TOCTOU race condition enables a local, authorized user to elevate privileges. Affected component: Program Compatibility Assistant Service on Windows. Root cause: TOCTOU race condition allowing privile...

CVE-2026-45487 Windows Program Compatibility Assistant Service Elevation of Privilege Vulnerability

...