CVE-2026-34194 GPU DDK - UAF read and/or write to arbitrary physical pages in DevmemIntChangeSparse due to incorrect calculation of the virtual index count

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation. The product accidentally refers to the wrong memory due to the semantics of how math operations are implicitly scaled acro...

PT-2026-47315

Software installed and run as a non-privileged user may conduct improper GPU system calls to cause mismanagement of a mapping state maintained for a sparse memory allocation. The product accidentally refers to the wrong memory due to the semantics of how math operations are implicitly scaled acro...

Astra Linux - уязвимость в firefox, thunderbird

Poor management of ownership led to a “use-after-free” vulnerability in ReadableByteStreams. This vulnerability affects Firefox 120, Firefox ESR 115.5.0, and Thunderbird 115.5...

Astra Linux - уязвимость в sudo

A flaw was discovered in sudo’s handling of ipahostname. In this process, the ipahostname value from /etc/sssd/sssd.conf was not propagated to sudo. As a result, this leads to a privilege management vulnerability in applications, where client hosts retain privileges even after those privileges ha...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected process crash

A flaw was found in WebKitGTK. Processing malicious web content can cause an unexpected process crash due to improper memory handling...

Improper Privilege Management

Overview @budibase/worker is a Budibase background service Affected versions of this package are vulnerable to Improper Privilege Management through the onboardUsers function. An attacker can gain unauthorized administrative privileges by sending crafted requests to the affected endpoint, allowin...

CVE-2025-62625

Improper privilege management in the KVM key download component could allow an attacker to swap tokens and download sensitive keys, potentially resulting in unauthorized access to privileged resources and loss of confidentiality...

CVE-2026-29205

The CVE-2026-29205 issue affects cPanel & WHM. The vulnerability arises from incorrect privileges management and insufficient path filtering, enabling an attacker to read arbitrary files on the server via the cpdavd attachment download endpoints. PT Security reports indicate multiple vulnerabilit...

CVE-2026-29205

Incorrect privileges management and insufficient path filtering allow to read arbitrary file on the server via the cpdavd attachment download endpoints...

EUVD-2026-29909

Improper privilege management in Samsung System Support Service prior to version 8.0.8.0 allows local attackers to trigger privileged functions...

PT-2026-40776

Improper management of the idle timeout parameter in the Keycloak interface of the Arqit SKA-Platform enables an attacker to impersonate an authenticated tenant user via an unexpired browser session. This issue affects Symmetric Key Agreement Platform: before 26.03...

EUVD-2026-28237

Tor before 0.4.9.7 mishandles accounting of the conflux out-of-order queue during the clearing of a queue, aka TROVE-2026-010...

webkitgtk: Processing maliciously crafted web content may lead to an unexpected Safari crash

A flaw was found in WebKitGTK. Processing malicious web content can cause a use-after-free issue due to improper memory management and result in an unexpected process crash...

ROS-20260414-73-0057

Vulnerability in kernel-lt related to insufficient control of the resource during its existence. Exploitation of the vulnerability could allow an attacker to cause a denial of service...

Mozilla Firefox and Mozilla Thunderbird Code Execution Vulnerability

Mozilla Firefox is an open source web browser.Mozilla Thunderbird is a set of e-mail client software separate from the Mozilla Application Suite. The software supports IMAP, POP mail protocols and HTML mail format. A code execution vulnerability exists in Mozilla Firefox and Mozilla Thunderbird,...

Google Android Permission Mismanagement Vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a mismanagement of privileges vulnerability that can be exploited by attackers to cause memory corruption and local elevation of privileges...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a mismanagement of privileges vulnerability that can be exploited by attackers to cause memory corruption and local elevation of privileges...

How Security Tool Misuse Is Reshaping Cloud Compromise

Key Takeaways Legitimate secret-scanning tools such as TruffleHog have been operationalized in real-world cloud attack campaigns. Attack progression commonly follows a repeatable sequence: credential discovery, live validation, permission enumeration, and data access. Exposed long-lived access ke...

USN-8021-1: ImageMagick vulnerability

Benny Isaacs discovered that ImageMagick did not properly manage memory when processing certain image files. An attacker could possibly use this issue to cause a denial of service or execute arbitrary code...

CVE-2025-14740

Docker Desktop for Windows contains multiple incorrect permission assignment vulnerabilities in the installer's handling of the C:\ProgramData\DockerDesktop directory. The installer creates this directory without proper ownership verification, creating two exploitation scenarios: Scenario 1...