EUVD-2026-33299

DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files...

PT-2026-42992

NitroSense 3.x before 3.01.3052 contains Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrary code with ...

CVE-2026-43100 bridge: guard local VLAN-0 FDB helpers against NULL vlan group

In the Linux kernel, the following vulnerability has been resolved: bridge: guard local VLAN-0 FDB helpers against NULL vlan group When CONFIGBRIDGEVLANFILTERING is not set, brvlangroup and nbpvlangroup return NULL brprivate.h stub definitions. The BRBOOLOPTFDBLOCALVLAN0 toggle code is compiled...

CVE-2026-31693

A flaw was found in the Linux kernel's Common Internet File System cifs component. This vulnerability occurs when certain local variables are not properly reinitialized during the replay of a request. This oversight can lead to unexpected system behavior or instability, potentially resulting in a...

CVE-2026-31733

In the Linux kernel, the following vulnerability has been resolved: schedext: Fix stale direct dispatch state in ddspdsqid @p-scx.ddspdsqid can be left set non-SCXDSQINVALID triggering a spurious warning in markdirectdispatch when the next wakeup's ops.selectcpu calls scxbpfdsqinsert, such as:...

DEBIAN-CVE-2026-5795

In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent reques...

UBUNTU-CVE-2026-5795

In Eclipse Jetty, the class JASPIAuthenticator initiates the authentication checks, which set two ThreadLocal variable. Upon returning from the initial checks, there are conditions that cause an early return from the JASPIAuthenticator code without clearing those ThreadLocals. A subsequent reques...

EUVD-2026-17071

The Performance Library component of Gigabyte Control Center has an Insecure Deserialization vulnerability. Authenticated local attackers can send a malicious serialized payload to the EasyTune Engine service, resulting in privilege escalation...

CVE-2026-0870

MacroHub developed by GIGABYTE has a Local Privilege Escalation vulnerability. Due to the MacroHub application launching external applications with improper privileges, allowing authenticated local attackers to execute arbitrary code with SYSTEM privileges...

UBUNTU-CVE-2025-14957

A vulnerability was identified in WebAssembly Binaryen up to 125. This affects the function IRBuilder::makeLocalGet/IRBuilder::makeLocalSet/IRBuilder::makeLocalTee of the file src/wasm/wasm-ir-builder.cpp of the component IRBuilder. Such manipulation of the argument Index leads to null pointer...

CVE-2025-67794

An issue was discovered in DriveLock 24.1 through 24.1., 24.2 before 24.2.8, and 25.1 before 25.1.6. Directories and files created by the agent are created with overly permissive ACLs, allowing local users without administrator rights to trigger actions or destabilize the agent...

Siemens SIMATIC and SCALANCE Protection Mechanism Failure (CVE-2023-4039)

A failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in dynamically-sized local variables in your application without this being detected. This stack-protector failure only applies to C99-style...

Linux Distros Unpatched Vulnerability : CVE-2024-25939

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Mirrored regions with different values in 3rd Generation IntelR XeonR Scalable Processors may allow a privileged user to potentially enable denial of service vi...

Ubuntu 20.04 LTS / 22.04 LTS : GCC vulnerability (USN-7700-1)

The remote Ubuntu 20.04 LTS / 22.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-7700-1 advisory. It was discovered that the -fstack-protector hardening feature in GCC for AArch64 did not properly protect dynamically-sized local variables such as...

Ubuntu: Security Advisory (USN-7700-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

USN-7700-1 gcc-10, gcc-11, gcc-12 vulnerability

It was discovered that the -fstack-protector hardening feature in GCC for AArch64 did not properly protect dynamically-sized local variables such as those created using C99 variable length arrays or alloca. As a result, an attacker who was able to trigger a buffer overflow in such cases could...

USN-7700-1: GCC vulnerability

It was discovered that the -fstack-protector hardening feature in GCC for AArch64 did not properly protect dynamically-sized local variables such as those created using C99 variable length arrays or alloca. As a result, an attacker who was able to trigger a buffer overflow in such cases could...

OESA-2025-1042 gcc security update

The gcc package contains the GNU Compiler Collection version 12. You'll need this package in order to compile C code. Security Fixes: DISPUTEDA failure in the -fstack-protector feature in GCC-based toolchains that target AArch64 allows an attacker to exploit an existing buffer overflow in...

Information Exposure

Overview taegis-magic is a Taegis IPython Magics Affected versions of this package are vulnerable to Information Exposure due to the exposure of inspect.currentframe.flocals in the search function in events.py, which exposes a GraphQLService object. This may include sensitive internal values such...

OpenTofu potential leaking of secret variable values when using static evaluation in v1.8

Impact Users who have opted into static evaluation of module sources, versions, and backend configurations may be at risk of exposing sensitive variables and locals. This is a workflow that should not be possible and explicitly show errors. Workarounds Check that you are not using sensitive...