CVE-2026-25129 PsySH has Local Privilege Escalation via CWD .psysh.php auto-load

PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.php file from the Current Working Directory CWD on startup. If an attacker can write to a directory that a victim later uses as thei...

📄 Microsoft Windows 11 build 10.0.27898.1000 Local Privilege Escalation

Proof of concept exploit designed to test a potential local privilege escalation vulnerability in Windows, specifically targeting a feature called AiRegistrySync. It checks if modifications made by a standard user in their own Registry profile can be automatically synchronized propagated into the...

PsySH code issue vulnerabilities

PsySH is a runtime console developed by Justin Hileman individually. Versions of PsySH prior to 0.11.23 and 0.12.19 have code vulnerabilities. These vulnerabilities stem from the automatic loading of the .psysh.php file from the current working directory, which may lead to arbitrary code executio...

PT-2026-5440

Name of the Vulnerable Software and Affected Versions PsySH versions prior to 0.11.23 PsySH versions prior to 0.12.19 Description PsySH is a runtime developer console, interactive debugger, and REPL for PHP. Prior to versions 0.11.23 and 0.12.19, PsySH automatically loads and executes a .psysh.ph...

3 Decisions CISOs Need to Make to Prevent Downtime Risk in 2026

Beyond the direct impact of cyberattacks, enterprises suffer from a secondary but potentially even more costly risk: operational downtime, any amount of which translates into very real damage. That's why for CISOs, it's key to prioritize decisions that reduce dwell time and protect their company...

[slackware-security] mozilla-thunderbird

New mozilla-thunderbird packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/mozilla-thunderbird-140.7.1esr-i686-1slack15.0.txz: Upgraded. This release contains security fixes and improvements. For...

CVE-2026-24440 Tenda W30E V2 Allows Password Changes Without Verifying Current Password

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected endpoint is obtained...

CVE-2026-24440

Shenzhen Tenda W30E V2 firmware versions up to and including V16.01.0.195037 allow account passwords to be changed through the maintenance interface without requiring verification of the existing password. This enables unauthorized password changes when access to the affected endpoint is obtained...

CVE-2026-24440

The issue affects Shenzhen Tenda W30E V2 with firmware up to version V16.01.0.19(5037). The maintenance interface allows an account password to be changed without verifying the existing password, enabling unauthorized password changes if an attacker can reach the affected endpoint. The available ...

CVE-2025-15062

Trimble SketchUp SKP File Parsing Use-After-Free Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of Trimble SketchUp. User interaction is required to exploit this vulnerability in that the target must visit a...

PT-2026-4279

Name of the Vulnerable Software and Affected Versions affected versions not specified Description A low-privileged user can bypass account credentials without confirming the user's current authentication state, potentially leading to unauthorized privilege escalation. Recommendations At the momen...

[slackware-security] bind

New bind packages are available for Slackware 15.0 and -current to fix security issues. Here are the details from the Slackware 15.0 ChangeLog: patches/packages/bind-9.18.44-i586-1slack15.0.txz: Upgraded. This update fixes a security issue: Fix incorrect length checks for BRID and HHIT records...

MiracleLinux 9 : qt5 (AXSA:2023-4961:01)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2023-4961:01 advisory. qt: QProcess could execute a binary from the current working directory when not found in the PATH CVE-2022-25255 Tenable has extracted the preceding...

MiracleLinux 9 : gtk3-3.24.31-5.el9 (AXSA:2024-9213:03)

The remote MiracleLinux 9 host has packages installed that are affected by a vulnerability as referenced in the AXSA:2024-9213:03 advisory. gtk3: gtk2: Library injection from CWD CVE-2024-6655 Tenable has extracted the preceding description block directly from the MiracleLinux security advisory...

Adobe InDesign Buffer Overflow Vulnerability (CNVD-2026-11773)

Adobe InDesign is a professional desktop publishing software developed by Adobe for layout and page layout in print and digital media. Adobe InDesign suffers from a buffer overflow vulnerability that can be exploited by an attacker to execute arbitrary code in the context of the current user...

btrfs: don't log conflicting inode if it's a dir moved in the current transaction

...

CVE-2025-68778

A data corruption flaw was found in the Linux kernel's Btrfs filesystem log replay mechanism. When a directory is moved between parent directories in the same transaction and then a file with the same name is created and synced, the log replay can create a directory with two hard links. This caus...

SUSE CVE-2025-68778

In the Linux kernel, the following vulnerability has been resolved: btrfs: don't log conflicting inode if it's a dir moved in the current transaction We can't log a conflicting inode if it's a directory and it was moved from one parent directory to another parent directory in the current...

SUSE CVE-2025-68811

In the Linux kernel, the following vulnerability has been resolved: svcrdma: use rcpageoff for memcpy byte offset svcrdmacopyinlinerange added rccurpage page index to the page base instead of the byte offset rcpageoff. Use rcpageoff so copies land within the current page. Found by ZeroPath...

Slackware: Security Advisory (SSA:2026-014-03)

The remote host is missing an update for the SPDX-FileCopyrightText: 2026 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...