CVE-2026-45257

The KTLS receive path decrypted each record in place, assuming that the mbufs holding received data were anonymous and safe to modify. This assumption does not hold for data placed on a socket by sendfile2, which can reference file-backed memory directly through non-anonymous MEXTPG pages or...

CVE-2026-53200

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM for ARM64 architectures. This vulnerability arises from incorrect handling of the Execute Never XN bit, a memory protection feature, when the FEATXNX feature is not enabled. This error can lead to execute permissions being...

CVE-2026-57589

sys/kern/sysvsem.c in OpenBSD through 7.9 has a use-after-free allowing local privilege escalation to root. This is a context switch use-after-free after tsleep in syssemget...

CVE-2026-57589

The CVE-2026-57589 entry concerns OpenBSD (through 7.9) with a use-after-free in sys/kern/sysv_sem.c that enables a local privilege escalation to root . The root cause is a context switch use-after-free after tsleep in sys_semget(). This applies to the OpenBSD kernel code path handling System V s...

CVE-2026-52943

A flaw was found in the Linux kernel. The pskbcarveinsideheader and pskbcarveinsidenonlinear helper functions, which handle network packet buffers, do not correctly account for zero-copy references. This oversight can lead to a use-after-free vulnerability, where memory is prematurely released...

CVE-2026-54328 Pi: Predictable temporary extension install paths allow local privilege escalation on shared Linux hosts

Pi is a minimal terminal coding harness. From 0.74.0 until 0.78.1, Pi versions with temporary npm or git extension package installs used predictable paths under the operating system temporary directory. On Linux-based multi-user systems, a local attacker who can write to the shared temporary...

Ubuntu 26.04 LTS : Linux kernel (Azure) vulnerabilities (USN-8461-1)

The remote Ubuntu 26.04 LTS host has a package installed that is affected by multiple vulnerabilities as referenced in the USN-8461-1 advisory. It was discovered that the Linux kernel did not properly handle shared page fragments during socket buffer operations, collectively known as Dirty Frag. ...

kernel: Linux kernel: smb: client: reject userspace cifs.spnego descriptions

A privilege escalation vulnerability was found in the Linux kernel's CIFS client implementation. This could allow a local attacker to impersonate other users, bypass authentication in SMB mount operations, and potentially gain unauthorized access to network file shares or escalate privileges...

CVE-2026-12781 EaseUS Partition Master Kernel Driver epmntdrv.sys access control

A vulnerability was identified in EaseUS Partition Master up to 14.5. The affected element is an unknown function in the library epmntdrv.sys of the component Kernel Driver. The manipulation leads to improper access controls. The attack needs to be performed locally. The exploit is publicly...

CVE-2026-12779 AOMEI Dynamic Disk Manager Kernel Driver ddmdrv.sys access control

A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploi...

PT-2026-51193

Name of the Vulnerable Software and Affected Versions IM-Magic Partition Resizer versions prior to 7.9.0 Description Improper access controls in the Kernel Driver component, specifically within the MDA NTDRV.sys library, allow for local privilege escalation. This issue occurs when a local attacke...

PT-2026-51191

Name of the Vulnerable Software and Affected Versions EaseUS Partition Master versions prior to 14.5 Description An issue exists in the Kernel Driver component within the epmntdrv.sys library. A local attacker can manipulate an unknown function to cause improper access controls, which occurs when...

PT-2026-51189

A vulnerability was found in AOMEI Dynamic Disk Manager up to 10.10.1. This issue affects some unknown processing in the library ddmdrv.sys of the component Kernel Driver. Performing a manipulation results in improper access controls. The attack must be initiated from a local position. The exploi...

PT-2026-51188

Name of the Vulnerable Software and Affected Versions AOMEI Partition Assistant versions prior to 10.10.2 Description Improper access controls exist within the Kernel Driver component, specifically affecting unknown code in the ampa10.sys library. This issue allows a local attacker to manipulate...

PT-2026-51192

Name of the Vulnerable Software and Affected Versions EaseUS Partition Master versions prior to 14.6 Description A security flaw exists in the Kernel Driver component within the EUEDKEPM.sys library. An unknown function in this library allows for improper access controls, which can be exploited b...

PT-2026-51194

Name of the Vulnerable Software and Affected Versions Ezbsystems UltraISO Premium Edition versions prior to 9.77 Description Improper access controls exist within the Kernel Driver component, specifically affecting the bootpt64.sys library. This issue allows for unauthorized access when manipulat...

CVE-2020-37253

Winstep 18.06.0096 contains an unquoted service path vulnerability in the Winstep Xtreme Service that allows local attackers to escalate privileges. Attackers can place malicious executables in the Program Files directory to be executed with LocalSystem privileges when the service starts...

CVE-2021-47985

Brother SAPSprint 7.60 contains an unquoted service path vulnerability in the SAPSprint service binary that allows local attackers to escalate privileges. Attackers can place a malicious executable in the Program Files directory path to be executed with LocalSystem privileges when the service...

CVE-2022-50971

Malwarebytes 4.5 contains an unquoted service path vulnerability in the MBAMService executable that allows local attackers to escalate privileges by injecting malicious code into the system root path. Attackers can place executable files in unquoted path directories that execute with LocalSystem...

CVE-2016-20094

AnyDesk 2.5.0 contains an unquoted service path vulnerability that allows local users to execute arbitrary code with SYSTEM privileges by exploiting the service installation. Attackers can insert malicious executables in the system root path that execute with elevated privileges during applicatio...