EUVD-2025-206345

Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer t...

CVE-2025-71178

Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer t...

openjdk: Enhance Certificate Checking (Oracle CPU 2026-01)

Vulnerability in the Oracle Java SE, Oracle GraalVM for JDK, Oracle GraalVM Enterprise Edition product of Oracle Java SE component: Security. Supported versions that are affected are Oracle Java SE: 8u471, 8u471-b50, 8u471-perf, 11.0.29, 17.0.17, 21.0.9, 25.0.1; Oracle GraalVM for JDK: 17.0.17 an...

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

Unity Linux 20.1050e Security Update: kernel (UTSA-2026-004951)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-004951 advisory. In the Linux kernel, the following vulnerability has been resolved: tracing: Add downwritetraceeventsem when adding trace event When a module is loaded, it adds trac...

CVE-2026-23005

In the Linux kernel, the following vulnerability has been resolved: x86/fpu: Clear XSTATEBVi in guest XSAVE state whenever XFDi=1 When loading guest XSAVE state via KVMSETXSAVE, and when updating XFD in response to a guest WRMSR, clear XFD-disabled features in the saved or to be restored XSTATEBV...

CVE-2026-22984

In the Linux kernel, the following vulnerability has been resolved: libceph: prevent potential out-of-bounds reads in handleauthdone Perform an explicit bounds check on payloadlen to avoid a possible out-of-bounds access in the callout. idryomov: changelog Mitigation If Ceph not being used, then...

CVE-2026-22990

In the Linux kernel, the following vulnerability has been resolved: libceph: replace overzealous BUGON in osdmapapplyincremental If the osdmap is maliciously corrupted such that the incremental osdmap epoch is different from what is expected, there is no need to BUG. Instead, just declare the...

Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Duplicate Advisory This advisory has been withdrawn because describes a dependency bump and therefore, per CVE CNA rule 4.1.12, is a duplicate of GHSA-34x7-hfp2-rc4v/CVE-2026-24842. Additionally, per https://github.com/npm/cli/issues/8939issuecomment-3862719883, npm cli should not be listed as an...

GHSA-3966-F6P6-2QR9 Duplicate Advisory: npm cli Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Duplicate Advisory This advisory has been withdrawn because describes a dependency bump and therefore, per CVE CNA rule 4.1.12, is a duplicate of GHSA-34x7-hfp2-rc4v/CVE-2026-24842. Additionally, per https://github.com/npm/cli/issues/8939issuecomment-3862719883, npm cli should not be listed as an...

UBUNTU-CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

CVE-2026-0776 Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability

Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in...

CVE-2026-0775 npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

CVE-2026-0775 npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

Discord code-related vulnerabilities

Discord is a free chat service provided by the Discord company. Discord has code-related vulnerabilities; one of these vulnerabilities stems from the discordrpc module loading files from insecure locations, which may lead to privilege escalation and the execution of arbitrary code...

Linux Distros Unpatched Vulnerability : CVE-2026-0775

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected...

npm CLI security vulnerabilities

npm CLI is a package manager developed by the American company npm. There is a security vulnerability in npm CLI, which stems from loading modules from insecure locations, potentially leading to privilege escalation and the execution of arbitrary code...

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

CVE-2026-24009 Docling Core vulnerable to Remote Code Execution via unsafe PyYAML usage

Docling Core or docling-core is a library that defines core data types and transformations in the document processing application Docling. A PyYAML-related Remote Code Execution RCE vulnerability, namely CVE-2020-14343, is exposed in docling-core starting in version 2.21.0 and prior to version...

CVE-2026-22807

A flaw was found in vLLM, an inference and serving engine for large language models LLMs. This vulnerability allows a remote attacker to achieve arbitrary code execution on the vLLM host during model loading. This occurs because vLLM loads Hugging Face automap dynamic modules without properly...