CVE-2026-52906

A flaw was found in the Linux kernel's 9p filesystem. When mounting, access mode flags were incorrectly combined instead of being replaced, leading to an invalid configuration. This issue causes root users to be unable to perform privileged operations like changing file ownership, effectively...

CVE-2026-7624 SEO Plugin by Squirrly SEO <= 12.4.16 - Missing Authorization to Authenticated (Contributor+) Privileged Cloud API Operations

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

EUVD-2026-34956

The SEO Plugin by Squirrly SEO plugin for WordPress is vulnerable to authorization bypass in all versions up to, and including, 12.4.16. This is due to the plugin not properly verifying that a user is authorized to perform an action. This makes it possible for authenticated attackers, with...

CVE-2026-8501

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit...

WordPress SEO Plugin by Squirrly SEO plugin <= 12.4.16 - Missing Authorization to Authenticated (Contributor+) Privileged Cloud API Operations vulnerability

Missing Authorization to Authenticated Contributor+ Privileged Cloud API Operations vulnerability discovered by Abi Wiranata in WordPress Plugin SEO Plugin by Squirrly SEO versions = 12.4.16...

CVE-2026-8501

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit...

CVE-2026-8501

CVE-2026-8501 affects the PC Tools PCTCore64.sys Windows kernel driver. The driver exposes the .�5CPCTCoreDriver WDM device interface with no access control, allowing user-mode processes to invoke privileged IOCTL handlers and perform low-level operations. Documented impacts include credential th...

CVE-2026-8501

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit...

CVE-2026-41163

A flaw was found in bubblewrap when operating in setuid mode. A local user may use ptrace to interfere with the sandbox setup process and gain access to privileged operations that are normally restricted. This could allow an attacker to bypass intended sandboxing restrictions and potentially...

PT-2026-45479

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit...

CVE-2026-44848

CVE-2026-44848 concerns Portainer Community Edition where missing authorization on the Docker plugin endpoints allowed a non-admin Portainer user with endpoint access to perform privileged Docker plugin operations directly against the Docker daemon. Affected releases include 2.33.0–2.33.7, 2.39.0...

CVE-2026-44848 Portainer: Missing authorization on Docker plugin endpoints allows host RCE

Portainer Community Edition is a lightweight service delivery platform for containerized applications that can be used to manage Docker, Swarm, Kubernetes and ACI environments. From 2.33.0 to before 2.33.8, 2.39.2, and 2.41.0, The Docker plugin management endpoints /plugins/ were not registered...

Portainer 安全漏洞

Portainer is a lightweight user management interface developed by Portainer Foundation for managing Docker environments and Docker hosts. Vulnerabilities exist in versions of Portainer Community Edition from 2.33.0 to 2.33.8, as well as in versions prior to 2.39.2 and 2.41.0. These vulnerabilitie...

SUSE-SU-2026:2094-1 Security update for bubblewrap

This update for bubblewrap fixes the following issue - CVE-2026-41163: improper process attachment via ptrace can lead to arbitrary privileged operations and local root escalation bsc1263113...

SUSE-SU-2026:21847-1 Security update for bubblewrap

This update for bubblewrap fixes the following issue - CVE-2026-41163: improper process attachment via ptrace can lead to arbitrary privileged operations and local root escalation bsc1263113...

EUVD-2026-30098

Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations...

CVE-2026-0247

Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations...

CVE-2026-0247

The CVE-2026-0247 entry refers to multiple authorization-bypass vulnerabilities in the Endpoint DLP component of the Prisma Access Agent. The underlying issue allows a local attacker to bypass authentication controls and perform privileged operations. The description specifies affected software a...

PT-2026-40771

Multiple authorization bypass vulnerabilities in the Endpoint DLP component of Prisma Access Agent® allow a local attacker to bypass authentication controls and execute privileged operations...

CVE-2026-41489

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...