25342 matches found
CVE-2026-15449
A time-of-check to time-of-use TOCTOU flaw in the illumos data-link pseudo-driver dld affects handling of the DLDIOCGETMACPROP and DLDIOCSETMACPROP ioctls on /dev/dld. drviocpropcommon in usr/src/uts/common/io/dld/dlddrv.c copies the dldiocmacpropt ioctl header in once to read its prvalsize field...
MAL-2026-10643 Malicious code in ethereum-input-decorder (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 94137fcf0aee7d8edb4e15a8bc9be4455fbdf79cb5bf99987b79f0393fdff62c The package name typosquats the legitimate 'ethereum-input-decoder'. Its top-level init.py unconditionally invokes a payload routine on import: it...
CVE-2026-48747
Summary: CVE-2026-48747 affects Symfony’s Mailomat webhook parser. The MailomatRequestParser::validateSignature() method reads the X-MOM-Webhook-Signature header and passes the wire-provided algorithm directly to hash_hmac(), enabling a signature algorithm downgrade instead of enforcing SHA-256 a...
CVE-2026-56178
CVE-2026-56178 affects Microsoft Defender for Endpoint (Mac) and is caused by a time-of-check time-of-use (TOCTOU) race condition that enables a local privilege escalation for an authorized attacker. The vulnerability is documented across multiple sources (NVD/NCSC summaries, MSRC page, and CVE l...
CVE-2026-56178 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
...
CVE-2026-50658 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
...
CVE-2026-50658
The CVE-2026-50658 entry describes a Time-of-check Time-of-use (TOCTOU) race condition in Microsoft Defender, enabling an authorized local attacker to elevate privileges. Connected sources corroborate a Mac-focused Defender elevation-of-privilege vulnerability, with multiple advisories and CVE re...
CVE-2026-50658 Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
...
CVE-2026-50657
CVE-2026-50657 : Microsoft Defender for Mac/Endpoint information disclosure vulnerability that allows an authorized attacker to disclose private information locally. CVSS v3.1 base score 4.7 (Medium); attack vector LOCAL, no user interaction, high impact on confidentiality, requires low privilege...
CVE-2026-50657 Microsoft Defender for Endpoint for Mac Information Disclosure Vulnerability
...
Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
Time-of-check time-of-use toctou race condition in Microsoft Defender allows an authorized attacker to elevate privileges locally...
Microsoft Defender for Endpoint for Mac Information Disclosure Vulnerability
Exposure of private personal information to an unauthorized actor in Microsoft Defender allows an authorized attacker to disclose information locally...
Microsoft Defender for Endpoint for Mac Elevation of Privilege Vulnerability
Time-of-check time-of-use toctou race condition in Microsoft Defender for Endpoint allows an authorized attacker to elevate privileges locally...
SUSE-SU-2026:2957-1 Security update for the Linux Kernel (Live Patch 23 for SUSE Linux Enterprise 15 SP6)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150600.23.100 fixes various security issues The following security issues were fixed: - CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. - CVE-2026-31505: iavf: fix out-of-bounds writes in iavfgetethtoolstats...
SUSE-SU-2026:2945-1 Security update for the Linux Kernel (Live Patch 10 for SUSE Linux Enterprise 15 SP7)
This update for the SUSE Linux Enterprise Kernel 6.4.0-150700.53.34 fixes various security issues The following security issues were fixed: - CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. - CVE-2026-31505: iavf: fix out-of-bounds writes in iavfgetethtoolstats...
Adobe Premiere Pro < 25.6.6 / 26.0.0 < 26.3.0 Multiple Vulnerabilities (APSB26-76) (macOS)
The version of Adobe Premiere Pro installed on the remote macOS host is prior to 25.6.6, 26.3.0. It is, therefore, affected by multiple vulnerabilities as referenced in the APSB26-76 advisory. - Premiere Pro is affected by an Improper Input Validation vulnerability that could result in a Security...
Mozilla Firefox < 152.0.6
The version of Firefox installed on the remote macOS or Mac OS X host is prior to 152.0.6. It is, therefore, affected by multiple vulnerabilities as referenced in the mfsa2026-67 advisory. - We are aware that exploit code for this is public however we are not aware of any attacks in the wild...
Stable Channel Update for Desktop
The Stable channel has been updated to 150.0.7871.124/.125 for Windows and Mac and 150.0.7871.124 for Linux, which will roll out over the coming days/weeks. A full list of changes in this build is available in the Log Security Fixes and Rewards Note: Access to bug details and links may be kept...
SUSE-SU-2026:2920-1 Security update for the Linux Kernel (Live Patch 43 for SUSE Linux Enterprise 15 SP4)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.173 fixes various security issues The following security issues were fixed: - CVE-2025-71089: iommu: disable SVA when CONFIGX86 is set bsc1256615. - CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. -...
SUSE-SU-2026:2888-1 Security update for the Linux Kernel (Live Patch 52 for SUSE Linux Enterprise 15 SP4)
This update for the SUSE Linux Enterprise Kernel 5.14.21-150400.24.209 fixes various security issues The following security issues were fixed: - CVE-2026-23393: bridge: cfm: Fix race condition in peermep deletion bsc1260524. - CVE-2026-31533: net/tls: fix use-after-free in -EBUSY error path of...