Astra Linux – Vulnerability in Linux 5.15

In the Linux kernel, the following vulnerability has been resolved: btrfs: Do not call BUGON when encountering ENOMEM during the dropping of file extent items within a given range. If -ENOMEM occurs while dropping file extent items within a specified range, at btrfsDropExtents, the transaction ma...

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerability has been resolved: net: amd-xgbe: Fixed an issue with the data length underflow in SKB structures. A BUGON will be triggered in the include/linux/skbuff.h file, resulting in intermittent kernel panics when a data length underflow is detected. This...

Siemens RUGGEDCOM RST2428P Privilege Dropping / Lowering Errors (CVE-2026-35535)

In Sudo through 1.9.17p2 before 3e474c2, a failure of a setuid, setgid, or setgroups call, during a privilege drop before running the mailer, is not a fatal error and can lead to privilege escalation. This plugin only works with Tenable.ot. Please visit https://www.tenable.com/products/tenable-ot...

Lazarus Group Uses npm Brandjacking Campaign to Target Developers

North Korean Lazarus Group targets npm developers with brandjacking packages that mimic trusted tools, drop malware and put credentials at risk...

Astra Linux – Vulnerability in Golang-1.15

In Go versions before 1.15.13 and 1.16.x, as well as before 1.16.5, certain configurations of ReverseProxy from net/http/httputil lead to a situation where an attacker can drop arbitrary headers...

EUVD-2026-17067

A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use TOCTOU Race Condition vulnerability in cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic. This issue affects cosmic-greeter before...

CVE-2026-25704

A Privilege Dropping / Lowering Errors/Time-of-check Time-of-use TOCTOU Race Condition vulnerability in cosmic-greeter can allow an attacker to regain privileges that should have been dropped and abuse them in the racy checking logic. This issue affects cosmic-greeter before...

PT-2026-28805

Name of the Vulnerable Software and Affected Versions cosmic-greeter versions prior to https://github.Com/pop-os/cosmic-greeter/pull/426 Description A Time-of-check Time-of-use TOCTOU race condition exists in cosmic-greeter. This condition can allow an attacker to regain privileges that should ha...

Ubuntu 22.04 LTS / 24.04 LTS / 25.10 : Sudo vulnerability (USN-8092-1)

The remote Ubuntu 22.04 LTS / 24.04 LTS / 25.10 host has packages installed that are affected by a vulnerability as referenced in the USN-8092-1 advisory. It was discovered that Sudo incorrectly checked return codes when dropping privileges to run the mailer. A local attacker could possibly use...

USN-8092-1: Sudo vulnerability

It was discovered that Sudo incorrectly checked return codes when dropping privileges to run the mailer. A local attacker could possibly use this issue to escalate privileges...

CVE-2026-21882

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0...

CVE-2026-21882 theshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0...

CVE-2026-21882

CVE-2026-21882 affects theshit, a command-line utility that detects and fixes shell command mistakes. In versions prior to 0.2.0, improper privilege dropping enables local privilege escalation via command re-execution. The issue is demonstrated as a local attack with high impact on confidentialit...

CVE-2026-21882 theshit's Improper Privilege Dropping Allows Local Privilege Escalation via Command Re-execution

theshit is a command-line utility that automatically detects and fixes common mistakes in shell commands. Prior to version 0.2.0, improper privilege dropping allows local privilege escalation via command re-execution. This issue has been patched in version 0.2.0...

PT-2026-22690

Name of the Vulnerable Software and Affected Versions theshit versions prior to 0.2.0 Description theshit is a command-line utility designed to detect and correct common errors in shell commands. A flaw in privilege handling prior to version 0.2.0 allows for local privilege escalation through...

CVE-2026-27195

CVE-2026-27195 affects Wasmtime in versions where component-model-async is default (from 39.0.0). The bug causes a panic when a host embeds calls to wasmtime::component::[Typed]Func::call_async, drops the returned Future after polling, and then reuses the same component instance before the first ...

EUVD-2025-206589

In the Linux kernel, the following vulnerability has been resolved: dmaengine: stm32: dmamux: fix device leak on route allocation Make sure to drop the reference taken when looking up the DMA mux platform device during route allocation. Note that holding a reference to a device does not prevent i...

MiracleLinux 7 : zsh-5.0.2-34.el7.2 (AXSA:2020-4510:02)

The remote MiracleLinux 7 host has a package installed that is affected by a vulnerability as referenced in the AXSA:2020-4510:02 advisory. zsh: insecure dropping of privileges when unsetting PRIVILEGED option CVE-2019-20044 Tenable has extracted the preceding description block directly from the...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-002842)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002842 advisory. The hashbindelete function in net/irda/irqueue.c in the Linux kernel before 4.9.13 improperly manages lock dropping, which allows local users to cause a denial of...

CVE-2025-68362

In the Linux kernel, the following vulnerability has been resolved: wifi: rtl818x: rtl8187: Fix potential buffer underflow in rtl8187rxcb The rtl8187rxcb calculates the rx descriptor header address by subtracting its size from the skb tail pointer. However, it does not validate if the received...