CVE-2026-22907

CVE-2026-22907 : The included sources describe an unauthorized host filesystem access risk with read/modify data implications. The materials do not provide concrete mappings to a specific affected product/vendor/version nor explicit root cause details. CVSS data indicates a critical impact on con...

EUVD-2026-2821

An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data...

fsnotify: do not generate ACCESS/MODIFY events on child for special files

...

CVE-2025-14482

The Crush.pics Image Optimizer - Image Compression and Optimization plugin for WordPress is vulnerable to unauthorized modification of data due to missing capability checks on multiple functions in all versions up to, and including, 1.8.7. This makes it possible for authenticated attackers, with...

PT-2026-3128

Name of the Vulnerable Software and Affected Versions Juniper Networks Junos OS on SRX Series versions prior to 22.4R3-S8 Juniper Networks Junos OS on SRX Series versions 23.2 before 23.2R2-S5 Juniper Networks Junos OS on SRX Series versions 23.4 before 23.4R2-S6 Juniper Networks Junos OS on SRX...

PT-2026-2988

Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description An attacker may gain unauthorized access to the host filesystem, potentially allowing them to read and modify system data. The issue could allow an attacker to...

Unity Linux 20.1060e / 20.1070e Security Update: kernel (UTSA-2026-002640)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-002640 advisory. The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This atta...

Unity Linux 20.1060a / 20.1070a Security Update: kernel (UTSA-2026-003305)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-003305 advisory. The Linux Kernel version 3.18 contains a dangerous feature vulnerability in modifyuserhwbreakpoint that can result in crash and possibly memory corruption. This atta...

MilleGPG5 security vulnerabilities

MilleGPG5 is an application developed by MilleGPG company. Version 5.7.2 of MilleGPG5 contains a security vulnerability. This vulnerability stems from allowing authenticated users to modify the service executable files located in the MariaDB bin directory, potentially leading to local privilege...

CVE-2025-14058

CVE-2025-14058 concerns Lenovo Tablets where a missing authentication vulnerability could let an unauthorized user with physical access modify Control Center settings if the device is locked and the option “Allow Control Center access when locked” is disabled. Affected component: Control Center s...

CVE-2025-9142

CVE-2025-9142 concerns Harmony SASE Windows Client. Local users can trigger the client to write or delete files outside the intended certificate working directory due to insufficient validation in certificate processing before privileged service use. Symptoms described by Check Point indicate exp...

CVE-2025-59021

Backend users with access to the redirects module and write permission on the sysredirect table were able to read, create, and modify any redirect record without restriction to the user’s own file-mounts or web-mounts. This allowed attackers to insert or alter redirects pointing to arbitrary URLs...

CVE-2025-68707

An authentication bypass vulnerability in the Tongyu AX1800 Wi-Fi 6 Router with firmware 1.0.0 allows unauthenticated network-adjacent attackers to perform arbitrary configuration changes without providing credentials, as long as a valid admin session is active. This can result in full compromise...

PT-2026-2818

The WP-CRM System plugin for WordPress is vulnerable to unauthorized access due to missing capability checks on the wpcrm get email recipients and wpcrm system ajax task change status AJAX functions in all versions up to, and including, 3.4.5. This makes it possible for authenticated attackers,...

PT-2026-2819

The Netcash WooCommerce Payment Gateway plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the handle return url function in all versions up to, and including, 4.1.3. This makes it possible for unauthenticated attackers to mark any...

CVE-2025-41077

IDOR vulnerability has been found in Viafirma Inbox v4.5.13 that allows any authenticated user without privileges in the application to list all users, access and modify their data. This allows the user's email addresses to be modified and, subsequently, using the password recovery functionality ...

EUVD-2026-2046

A command injection vulnerability in AOS-8 allows an authenticated privileged user to alter a package header to inject shell commands, potentially affecting the execution of internal operations. Successful exploit could allow an authenticated malicious actor to execute commands with the privilege...

CVE-2025-68788

In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...

CVE-2025-68788

In the Linux kernel, the following vulnerability has been resolved: fsnotify: do not generate ACCESS/MODIFY events on child for special files inotify/fanotify do not allow users with no read access to a file to subscribe to events e.g. INACCESS/INMODIFY, but they do allow the same user to subscri...

CVE-2025-68788

CVE-2025-68788 is addressed in OSV:OESA-2026-1305, which reports a Linux kernel security update for the fsnotify subsystem. The fix aligns fsnotify behavior with file-attrib semantics by not generating ACCESS/MODIFY events for parent watchers when a read/write occurs on special files (e.g., /dev/...