Linux Distros Unpatched Vulnerability : CVE-2026-33997

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be...

Docker Engine 29.3.1 Multiple Vulnerabilities

The version of the Docker Engine installed on the remote host is prior to 29.3.1. It is therefore affected by multiple vulnerabilities: - CVE-2026-34040: AuthZ plugin authorization bypass vulnerability. Authorization plugins could be bypassed under specific conditions, potentially allowing...

CVE-2026-4818

In Search Guard FLX versions from 3.0.0 up to 4.0.1, there exists an issue which allows users without the necessary privileges to execute some management operations against data streams...

CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

CVE-2026-33997

CVE-2026-33997 affects Moby (docker) prior to 29.3.1. A daemon privilege-validation check is flawed, potentially allowing a privilege set that differs from the user-approved one to be accepted during docker plugin installation. Plugins requesting exactly one privilege are also affected because th...

CVE-2026-33997

Moby is an open source container framework. Prior to version 29.3.1, a security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a...

GHSA-2MFJ-R695-5H9R Dolibarr Core Discloses Sensitive Data via Authenticated Local File Inclusion in selectobject.php

Authenticated Local File Inclusion LFI via selectobject.php leading to sensitive data disclosure Target Dolibarr Core Tested on version 22.0.4 Summary A Local File Inclusion LFI vulnerability has been discovered in the core AJAX endpoint /core/ajax/selectobject.php. By manipulating the objectdesc...

GHSA-PXQ6-2PRW-CHJ9 Moby has an Off-by-one error in its plugin privilege validation

Summary A security vulnerability has been detected that allows plugins privilege validation to be bypassed during docker plugin install. Due to an error in the daemon's privilege comparison logic, the daemon may incorrectly accept a privilege set that differs from the one approved by the user...

CVE-2026-21285

Adobe Commerce versions 2.4.9-alpha3, 2.4.8-p3, 2.4.7-p8, 2.4.6-p13, 2.4.5-p15, 2.4.4-p16 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. A low-privileged attacker could leverage this vulnerability to bypass security measures an...

Huawei EMUI and Huawei HarmonyOS System Service Framework Privilege Bypass Vulnerability

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. A privilege bypass vulnerability exists in the Huawei EMUI and Huawei HarmonyOS system service framework, which c...

CVE-2026-32715 AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

CVE-2026-32715 AnythingLLM Manager Privilege Bypass Allows Access to Admin-Only System Preferences

AnythingLLM is an application that turns pieces of content into context that any LLM can use as references during chatting. In 1.11.1 and earlier, The two generic system-preferences endpoints allow manager role access, while every other surface that touches the same settings is restricted to admi...

OpenClaw Identity Forgery Vulnerability

OpenClaw is an open source framework for Telegram bot rights management. OpenClaw suffers from an identity forgery vulnerability. An attacker can exploit this vulnerability to illegally manipulate bots by recycling usernames to disguise their identities and bypass privilege restrictions...

PT-2026-24777

Comtrend AR-5310 GE31-412SSG-C01 R10.A2pG039u.d24k contains a restricted shell escape vulnerability that allows local users to bypass command restrictions by using the command substitution operator $ . Attackers can inject arbitrary commands through the $ syntax when passed as arguments to allowe...

Google Android Privilege Bypass Vulnerability

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a privilege bypass vulnerability that can be exploited by an attacker to cause a local elevation of privilege...

Huawei EMUI和Huawei HarmonyOS 安全漏洞

Huawei EMUI is a mobile operating system developed based on Android.Huawei HarmonyOS is an operating system. Provides a full-scene distributed operating system based on a microkernel. A privilege bypass vulnerability exists in the Huawei EMUI and Huawei HarmonyOS system service framework, which c...

OpenClaw 安全漏洞

OpenClaw is an open source framework for Telegram bot rights management. OpenClaw suffers from an identity forgery vulnerability. An attacker can exploit this vulnerability to illegally manipulate bots by recycling usernames to disguise their identities and bypass privilege restrictions...

Microsoft Hyper-V Access Control Error Vulnerability

Microsoft Hyper-V is an application from Microsoft Corporation USA. A system hypervisor virtualization technology that enables desktop virtualization. An access control error vulnerability exists in Microsoft Hyper-V. The vulnerability stems from a flaw in the access control mechanism and can be...

Google Android 安全漏洞

Google Android is a Linux-based open source operating system from Google. Google Android suffers from a privilege bypass vulnerability that can be exploited by an attacker to cause a local elevation of privilege...

CVE-2026-22266

Dell PowerProtect Data Manager, versions prior to 19.22, contains an Improper Verification of Source of a Communication Channel vulnerability in the REST API. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to protection mechanism bypass...