Unity Linux 20.1050e Security Update: kernel (UTSA-2026-021641)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-021641 advisory. In the Linux kernel, the following vulnerability has been resolved: net: Fix icmp host relookup triggering iprtbug arp link failure may trigger iprtbug while xfrm...

CVE-2026-42832

Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally...

CVE-2026-41100

Improper access control in M365 Copilot allows an authorized attacker to perform spoofing locally...

PT-2026-40194

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

Microsoft Windows Admin Center 安全漏洞

Microsoft Windows Admin Center is a browser-based, locally deployed application developed by Microsoft. This tool is primarily used for managing servers and clusters. There are security vulnerabilities in Microsoft Windows Admin Center. Attackers can exploit these vulnerabilities to gain higher...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux

A null pointer dereference was detected in the Linux kernel’s Integrated Sensor Hub ISH driver. This issue could allow a local user to crash the system...

OESA-2026-2025 openjpeg2 security update

OpenJPEG is an open-source JPEG 2000 codec written in C language. It has been developed in order to promote the use of JPEG 2000, a still-image compression standard from the Joint Photographic Experts Group JPEG. Since April 2015, it is officially recognized by ISO/IEC and ITU-T as a JPEG 2000...

EUVD-2026-25174

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

VulnCheck KEV: CVE-2026-3844

The Breeze Cache plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'fetchgravatarfromremote' function in all versions up to, and including, 2.4.4. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected...

Lenovo Software Fix 安全漏洞

Lenovo Software Fix is a system repair tool developed by the Chinese company Lenovo. Lenovo Software Fix has a security vulnerability, which stems from improper permission verification during the installation process. This vulnerability may allow locally authenticated users to execute write...

EUVD-2026-22581

Use after free in Microsoft Office Excel allows an unauthorized attacker to execute code locally...

Package Catalog Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...

PT-2026-32851

CVE-2026-32199 | Microsoft 365 Apps for Enterprise | Remote Code Execution Description Use-after-free vulnerability in Microsoft Office Excel allows unauth attacker to achieve RCE locally by tricking user into opening malicious Excel file. Severity: High Exploitation: Unknown Public PoC: Unknown...

CVE-2026-1346

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to escalate their privileges to...

EUVD-2026-19986

IBM Verify Identity Access Container 11.0 through 11.0.2 and IBM Security Verify Access Container 10.0 through 10.0.9.1 and IBM Verify Identity Access 11.0 through 11.0.2 and IBM Security Verify Access 10.0 through 10.0.9.1 could allow a locally authenticated user to execute malicious scripts fro...

Important: Red Hat Security Advisory: General availability of the satellite/iop-remediations-rhel9 container image

A new satellite/iop-remediations-rhel9 container image is now generally available in the Red Hat container registry. Red Hat Lightspeed in Satellite analyzes system health and configuration by applying predefined rules to a small set of local data, such as installed packages, running services, an...

CVE-2025-11739

CWE‑502: Deserialization of Untrusted Data vulnerability exists that could cause arbitrary code execution with administrative privileges when a locally authenticated attacker sends a crafted data stream, triggering unsafe deserialization...

Lenovo Vantage和Lenovo Baiying 安全漏洞

Lenovo Vantage and Lenovo Baiying are both products of the Chinese company Lenovo. Lenovo Vantage is a computer management application. It supports functions such as driver updates, device status diagnosis, and computer configuration. Lenovo Baiying is an asset management software. Both Lenovo...

Lenovo Virtual Bus 安全漏洞

Lenovo Virtual Bus is a virtual device management component of the Chinese company Lenovo. There is a security vulnerability in Lenovo Virtual Bus, which stems from a potential buffer overflow. This vulnerability could cause locally authenticated users to corrupt memory and trigger a Windows blue...