EUVD-2026-31286

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism. Please note: an attacker must first obtain the ability to...

CVE-2026-34928

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different named pipe communication mechanism. Please note: an attacker must first obtain the ability to...

PT-2026-42467

Name of the Vulnerable Software and Affected Versions Trend Micro Apex One/SEP agent affected versions not specified Description An origin validation error in the agent's named pipe communication mechanism allows a local attacker to escalate privileges. To exploit this issue, the attacker must...

Astra Linux - уязвимость в exim4

Exim 4 before 4.94.2 allows exposure of file descriptors to an unintended control sphere, because rdainterpret uses a privileged pipe without the closeonexec flag...

Astra Linux - уязвимость в linux-6.1, linux-5.10, linux-5.15

In the Linux kernel, the following vulnerability has been resolved: In the ftrace function, a potential warning was fixed in traceprintkseq during ftracedump. When ftracedumpone is called concurrently with reading from tracepipe, a WARNONONCE message can be triggered due to a race condition. The...

Astra Linux - уязвимость в linux-5.10, linux

In the Linux kernel, the following vulnerability has been resolved: usb: usbtmc: Fixed a bug in the pipe direction for control transfers. The syzbot fuzzer reported a minor bug in the usbtmc driver: usb 5-1: The BOGUS control direction, with pipe 80001e80, does not match bRequestType 0. WARNING:...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: “pipe: wakeup wrwait after setting maxusage” The commit c73be61cede5 “pipe: Add general notification queue support” introduced a regression that could cause pipes with resized sizes to become locked under certain conditions. See...

Astra Linux - уязвимость в libmodule-scandeps-perl

Qualys discovered that if unsanitized input was used with the Modules::ScanDeps library, before version 1.36, a local attacker could potentially execute arbitrary shell commands by opening a “pesky pipe” e.g., passing “commands|” as a filename or by passing arbitrary strings to the eval function...

Astra Linux - уязвимость в linux, linux-5.10

In the Linux kernel, the following vulnerability has been resolved: Media: zr364xx: fixed a memory leak in zr364xxstartreadpipe. The issue was reported by syzbot as a memory leak in the zr364xx driver. The problem occurred when non-free urb occurred in case of a failure in usbsubmiturb. Backtrace...

Astra Linux - уязвимость в linux-5.10, linux-5.15, linux-6.1

In the Linux kernel, the following vulnerability has been resolved: drm/amd/display: A null check was added for toppipetoprogram in the commitplanesforstream function. This fix addresses a null pointer dereferencing issue in the commitplanesforstream function at line 4140. The issue could occur...

CVE-2026-32134 NanoMQ: NULL Pointer Dereference Crash in tcptran_pipe_peer During Session Restore

NanoMQ MQTT Broker NanoMQ is an all-around Edge Messaging Platform. In versions 0.24.10 and below, when NanoMQ handles high-concurrency reconnect traffic using a reconnect-collision payload, the broker can crash due to a NULL pointer dereference during MQTT session resumption for cleanstart=0...

CVE-2026-22069

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface...

CVE-2026-22069

CVE-2026-22069 affects O+ Connect and describes a local privilege-escalation vulnerability where the pipe interface fails to validate the caller’s identity. The CVSS 3.1 score is 7.3 (HIGH) with LOCAL attack vector, LOW privileges required, USER interaction required, scope changed, and impact on ...

EUVD-2026-30825

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface...

CVE-2026-22069 O+ Connect Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface...

CVE-2026-22069

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface...

CVE-2026-22069 O+ Connect Local Privilege Escalation Vulnerability

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface...

PT-2026-41813

A local privilege escalation vulnerability exists in O+ Connect because it fails to validate the identity of the caller on the pipe interface...

Botan C++ Crypto Algorithms Library 3.12.0

Botan is a C++ library of cryptographic algorithms, including AES, DES, SHA-1, RSA, DSA, Diffie-Hellman, and many others. It also supports X.509 certificates and CRLs, and PKCS 10 certificate requests, and has a high level filter/pipe message processing system. The library is easily portable to...

EUVD-2026-30672

Net::Statsd::Lite versions before 0.9.0 for Perl allowed metric injections. The metric names were not checked for newlines, colons or pipes. Metrics generated from untrusted sources could inject additional statsd metrics...