538 matches found
EUVD-2026-40127
Insertion of sensitive information into sent data in the AI Agent job API in Devolutions PowerShell Universal 2026.2.0 allows an authenticated user with AI Agent read access to obtain reusable, potentially higher-privileged authentication tokens via App Tokens serialized in plaintext in job API...
PT-2026-53303
Name of the Vulnerable Software and Affected Versions Devolutions PowerShell Universal version 2026.2.0 Description An information disclosure issue exists in the AI Agent job API. An authenticated user with AI Agent read access can obtain reusable, potentially higher-privileged authentication...
Astra Linux – Vulnerability found in Linux 6.1, Linux 5.15
In the Linux kernel, the following vulnerabilities have been resolved: Net: Atlantic – Eliminate double-free operations in error handling logic. The driver has a logic flaw in ring data allocation/free. In this flaw, aqringfree may be called multiple times within the same ring. This can occur whe...
SUSE CVE-2025-10263
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...
Active Exploitation of Oracle PeopleSoft Zero-Day (CVE-2026-35273)
Overview On June 10, 2026, Oracle published a security alert for CVE-2026-35273, a critical vulnerability in the Updates Environment Management component of PeopleSoft Enterprise PeopleTools. Oracle released an out-of-band patch the same day as the advisory, underscoring the urgency of remediatio...
PT-2026-48860
Name of the Vulnerable Software and Affected Versions Quest Bot versions prior to 1.1.6 Description A moderator possessing the necessary Discord permission bit can utilize the bot to perform moderation actions on users who are higher in the Discord role hierarchy, provided the bot itself has a...
PT-2026-49070
🔴 ShinyHunters exploits Oracle PeopleSoft 0-day CVSS 9.8 targeting 100+ organizations Ransomware group ShinyHunters exploited CVE-2025-35273, a critical server-side request forgery vulnerability in Oracle PeopleSoft, for more than two weeks before Oracle disclosed it. The group targeted roughly 3...
ALPINE-CVE-2025-10263
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...
CVE-2025-10263
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...
CVE-2025-10263
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...
CVE-2025-10263
CVE-2025-10263 affects Arm architectures (C1-Ultra, C1-Premium; Neoverse V3/V3AE/V2/V1/N2/N1; Cortex-X9/25/4/3/2/1/1C; Cortex-A710/A78/A78AE/A78C/A77/A76/A76A) where a write to a resource may occur under a lower EL than the owner. Impact described as potential privilege escalation to the hypervis...
CVE-2025-10263
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...
CVE-2025-10263
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...
EUVD-2025-210084
Arm C1-Ultra, C1-Premium, Neoverse V3 & V3AE, Neoverse V2, Neoverse V1, Neoverse-N2, Neoverse-N1, Cortex-X925, Cortex-X4, Cortex-X3, Cortex-X2, Cortex-X1 & X1C, Cortex-A710, Cortex-A78, A78AE & A78C, Cortex-A77, Cortex-A76 & A76A may allow writes to resources owned by a higher exception level...
ARM CPU 竞争条件问题漏洞
The ARM CPU is a series of central processing units developed by the British company ARM. The ARM CPU has a race condition vulnerability, which arises from the possibility of writing to resources with higher exception levels. The following products are affected: C1-Ultra, C1-Premium, Neoverse V3,...
PT-2026-47727
Name of the Vulnerable Software and Affected Versions Arm C1-Ultra affected versions not specified Arm C1-Premium affected versions not specified Arm Neoverse V3 & V3AE affected versions not specified Arm Neoverse V2 affected versions not specified Arm Neoverse V1 affected versions not specified...
CVE-2026-35496
A path traversal vulnerability exists in CubeCart prior to 6.6.0, which may allow a user with an administrative privilege to access higher-level directories that should not be accessible...
CVE-2026-8046
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...
CVE-2026-8046 Incorrect Authorization in CODESYS Control
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...
PT-2026-43198
The affected products insufficiently verify authorization when deleting user accounts. An authenticated, low-privileged remote user can exploit this vulnerability to delete other users, including those with higher privileges...