W&B Weave Server - Remote Arbitrary File Leak

The Weave server API allows remote users to fetch files from a specific directory, but due to a lack of input validation, it is possible to traverse and leak arbitrary files remotely. In various common scenarios, this allows a low-privileged user to assume the role of the server admin. id:...

CVE-2026-57588

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

CVE-2026-9717

CVE-2026-9717 is a CWE-78 OS Command Injection vulnerability. Description states that a privileged, authenticated user can trigger unauthorized command execution with elevated privileges by interacting with a vulnerable network-exposed service. Documents consistently describe impact to integrity,...

EUVD-2026-39409

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

CVE-2026-57588

CVE-2026-57588 is a SQL injection vulnerability in Nessus. A crafted malicious scan result file, when imported by a privileged user, injects SQL into the scan results database, potentially exfiltrating scan data. The vulnerability affects Nessus in scenarios where a scan-result file is imported b...

CVE-2026-57588 SQL Injection in Nessus via Malicious Scan Result File Import

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

CVE-2026-57588 SQL Injection in Nessus via Malicious Scan Result File Import

A SQL injection vulnerability in Nessus allows an attacker to craft a malicious scan result file that, when imported by a privileged user, injects malicious SQL into the scan results database, potentially enabling exfiltration of scan-result data...

EUVD-2026-38997

In the Linux kernel, the following vulnerability has been resolved: fs/mbcache: cancel shrink work before destroying the cache mbcachedestroy calls shrinkerfree and then frees all cache entries and the cache itself, but it does not cancel the pending cshrinkwork work item first. If...

CVE-2026-12163

Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting XSS vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or database configuration fields...

CVE-2026-12163 Stored XSS in Fortra File Integrity Monitoring (FIM)

Fortra File Integrity Monitoring FIM, formerly Tripwire Enterprise, versions prior to 9.4.0.1 contain a stored cross-site scripting XSS vulnerability in the Asset View UI component. An authenticated user with sufficient privileges to create or modify affected node or database configuration fields...

CVE-2026-41049

CVE-2026-41049 affects the qSnapper dbus service prior to version 1.3.3. The underlying issue is incorrect caching of authentication between different users, allowing a local attacker to invoke dbus functions after a privileged user has authenticated for them. Documented impact: high confidential...

CVE-2026-41049 Caching of Authentication allows Authentication Bypass between users in qSnapper

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...

EUVD-2026-38275

Incorrect caching of authentication between different users of the qSnapper dbus service before version 1.3.3 allowed any local attacker to use dbus functions after a privileged users has authenticated for them...

EUVD-2026-38179

Craft CMS versions = 5.0.0-RC1, = 4.0.0-RC1, = 4.17.7 contain an authorization bypass in the assets/preview-file endpoint. The action does not enforce per-asset view authorization before returning preview content, allowing an authenticated low-privileged user to supply a controlled assetId for an...

Astra Linux – Vulnerability in Intel Microcode

Observable discrepancies in the RAPL interface of certain Intel processors may allow a privileged user to potentially enable information disclosure through local access...

Astra Linux – Vulnerability in Intel Microcode

Improper initialization in UEFI firmware. The OutOfBandXML module in some Intel processors may allow a privileged user to potentially enable information disclosure through local access...

Astra Linux – Vulnerability in Linux

A flaw was discovered in the Linux kernel’s implementation of string matching within packets. A privileged user with root or CAPNETADMIN status can insert rules into iptables, and this action may cause the system to panic. The issue affects kernels prior to version 5.5-rc1...

Astra Linux – Vulnerability in edk2

Improper authentication in EDK II may allow a privileged user to potentially enable information disclosure through network access...

Astra Linux – Vulnerability in Intel Microcode

Incorrect calculations in the microcode keying mechanism of some 3rd Generation IntelR XeonR Scalable Processors may allow a privileged user to potentially enable information disclosure through local access...

Astra Linux – Vulnerability in Qemu

An infinite loop flaw was discovered in the USB xHCI controller emulation of QEMU while calculating the length of the Transfer Request Block TRB Ring. This flaw allows a privileged guest user to halt the QEMU process on the host, resulting in a denial of service...