May Microsoft Patch Tuesday

May Microsoft Patch Tuesday. A total of 119 vulnerabilities, approximately 1.5 times fewer than in April. There are currently no vulnerabilities marked as actively exploited in the wild. However, there is one vulnerability with a public exploit: 🔸 EoP - Windows Kernel CVE-2026-40369. A detailed...

CVE-2026-8449

This CVE ID has been rejected or withdrawn...

Exploit for Incorrect Resource Transfer Between Spheres in Linux Linux_Kernel

Copy Fail · CVE-2026-31431 Local privilege escalation on Linu...

Astra Linux - уязвимость в linux

A flaw was found in the way RTAS handled memory accesses in userspace to kernel communication. On a locked down usually due to Secure Boot guest system running on top of PowerVM or KVM hypervisors pseries platform a root like local user could use this flaw to further increase their privileges to...

Apple macOS AppleIntelKBLGraphics Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows local attackers to disclose sensitive information on affected installations of Apple macOS. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploit this vulnerability. The specific flaw exists within the...

📄 macOS Sierra 10.12 Build 16A323 Double-Free / Privilege Escalation

macOS Sierra version 10.12 Build 16.A323 local privilege escalation proof of concept exploit. A flaw in the MIG ownership model within the ioserviceaddnotificationool routine of IOKit allows a malicious user to leak Mach port send-right references. By repeatedly invoking notifications with...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-004335)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004335 advisory. In binderallocfreepage of binderalloc.c, there is a possible double free due to improper locking. This could lead to local escalation of privilege in the kernel with...

CVE-2024-34747

In DevmemXIntMapPages of devicememserver.c, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

Linux Distros Unpatched Vulnerability : CVE-2017-0449

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An elevation of privilege vulnerability in the Broadcom Wi-Fi driver could enable a local malicious application to execute arbitrary code within the context of...

PT-2025-34070 · Undefined · Undefined

🔥 Critical & High-Severity CVEs 1. CVE-2025-27461 — Ivanti Connect Secure / Policy Secure Auth Bypass → RCE Severity: Critical 9.8 Vector: Exploitable over the internet; bypasses auth → remote code execution. Why it matters: Actively exploited by ransomware crews; initial access vector. Defender...

PT-2025-34069 · Undefined · Undefined

🔥 Critical & High-Severity CVEs 1. CVE-2025-27461 — Ivanti Connect Secure / Policy Secure Auth Bypass → RCE Severity: Critical 9.8 Vector: Exploitable over the internet; bypasses auth → remote code execution. Why it matters: Actively exploited by ransomware crews; initial access vector. Defender...

Linux Distros Unpatched Vulnerability : CVE-2022-2991

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A heap-based buffer overflow was found in the Linux kernel's LightNVM subsystem. The issue results from the lack of proper validation of the length of...

CVE-2024-31333

In MMUAllocLevel of mmucommon.c, there is a possible arbitrary code execution due to an integer overflow. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21263

In OSMMapPMRGeneric of pmros.c, there is a possible out of bounds write due to an uncaught exception. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21164

In DevmemIntMapPMR of devicememserver.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21163

In PMRReadBytes of pmr.c, there is a possible arbitrary code execution due to a use after free. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2023-21051

In dwc3exynosclkget of dwc3-exynos.c, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege in the kernel with System execution privileges needed. User interaction is not needed for exploitation.Product: AndroidVersions: Android...

CVE-2024-34747

In DevmemXIntMapPages of devicememserver.c, there is a possible use-after-free due to a logic error in the code. This could lead to local escalation of privilege in the kernel with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2024-34747

CVE-2024-34747 is described across multiple sources as a use‑after‑free in the DevmemXIntMapPages path of devicemem_server.c. The underlying flaw is a logic error that can enable local escalation of privilege in the kernel without additional execution privileges and without user interaction. The ...

PT-2024-12505 · Unknown · Pvrsrvrgxkickta3Dkm

Name of the Vulnerable Software and Affected Versions: PVRSRVRGXKickTA3DKM affected versions not specified Description: The issue is related to improper input validation in PVRSRVRGXKickTA3DKM of rgxta3d.c, which could lead to arbitrary code execution and local escalation of privilege in the...