Astra Linux - уязвимость в chromium

Inappropriate implementation in the installer in Google Chrome prior to 118.0.5993.70 allowed a local attacker to bypass discretionary access control through a crafted command. Chromium security severity: Low...

libcap: libcap: Privilege escalation via TOCTOU race condition in cap_set_file()

A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use TOCTOU race condition in the capsetfile function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so,...

PT-2026-42159

Improper link resolution before file access 'link following' in Azure Portal Windows Admin Center allows an authorized attacker to elevate privileges locally...

EUVD-2025-209891

An Uncontrolled Search Path Element vulnerability in the OpenSSL TLS backend of Qt Network qtbase in Qt Qt Framework Unix allows a local attacker to load a rogue CA certificate as a trusted system authority via a crafted certificate file placed in the application's working directory...

PT-2026-42157

Name of the Vulnerable Software and Affected Versions Microsoft Malware Protection Engine versions 1.1.26030.3008 through 1.1.26040.8 Description An improper link resolution issue before file access, known as link following, exists within the Microsoft Malware Protection Engine component of...

CVE-2026-47092 Claude HUD 0.0.12 Arbitrary Command Execution via COMSPEC Environment Variable

Claude HUD through 0.0.12, patched in commit 234d9aa, contains a command injection vulnerability that allows local attackers to execute arbitrary commands by manipulating the COMSPEC environment variable. Attackers can set COMSPEC to an arbitrary binary path before claude-hud performs its version...

EUVD-2026-29634

Microsoft Security Advisory CVE-2026-35433 – .NET Elevation of Privilege Vulnerability...

CVE-2026-8784

A vulnerability was detected in npitre cramfs-tools up to 2.2. Affected is the function changefilestatus of the file cramfsck.c. Performing a manipulation results in symlink following. The attack requires a local approach. The exploit is now public and may be used. The patch is named...

PT-2026-41589

A vulnerability was identified in continuedev continue up to 1.2.22. This affects the function lsTool of the file core/tools/implementations/lsTool.ts of the component JSON-RPC Server. Such manipulation of the argument dirPath leads to path traversal. An attack has to be approached locally. The...

Amazon Linux 2023 : glslang, glslang-devel (ALAS2023-2026-1707)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1707 advisory. A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file...

CVE-2025-48519

An improper input validation vulnerability within the AMD Platform Management Framework PMF driver can allow a local attacker to read or write Out-of-Bounds, potentially resulting in privilege escalation...

Low: glslang

Issue Overview: A vulnerability, which was classified as problematic, has been found in Khronos Group glslang 15.1.0. Affected by this issue is the function glslang::TIntermediate::isConversionAllowed of the file glslang/MachineIndependent/Intermediate.cpp. The manipulation leads to null pointer...

CVE-2026-34334

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows TCP/IP allows an authorized attacker to elevate privileges locally...

CVE-2026-33839

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Win32K - GRFX allows an authorized attacker to elevate privileges locally...

CVE-2024-48519

Buffer Overflow vulnerability in Ardupilot rover commit v.c56439b045162058df0ff136afea3081fcd06d38 allows a local attacker to cause a denial of service via the APInertialSensorADIS1647x.cpp, ArduRover, ADIS1647x Sensor component...

Exploit for CVE-2025-29338

CVE-2025-29338 — Security Advisory Buffer Overflow in NXP...

CVE-2026-21019

Improper input validation in FacAtFunction in Galaxy Watch prior to SMR May-2026 Release 1 allows local attacker to execute arbitrary code with system privilege...

EUVD-2026-29697

Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally...

EUVD-2026-29687

Improper access control in Microsoft Office Word allows an authorized attacker to perform spoofing locally...

EUVD-2026-29667

Heap-based buffer overflow in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally...