CVE-2026-6739 Mattermost: Delegated admins could patch protected default system roles

Mattermost versions 11.6.x = 11.6.1, 11.5.x = 11.5.4, 10.11.x = 10.11.15, 10.11.x = 10.11.16 fail to require system-level permission when patching protected default system roles, which allows authenticated users with delegated user-management permissions to escalate privileges by altering built-i...

CVE-2026-28823

A path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.4. An app with root privileges may be able to delete protected system files...

EUVD-2026-15089

A path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.4. An app with root privileges may be able to delete protected system files...

EUVD-2026-15067

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.5, macOS Sonoma 14.8.5, macOS Tahoe 26.4. An attacker with root privileges may be able to delete protected system files...

CVE-2026-28823

A path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.4. An app with root privileges may be able to delete protected system files...

CVE-2026-28823

A path handling issue was addressed with improved validation. This issue is fixed in macOS Tahoe 26.4. An app with root privileges may be able to delete protected system files...

Apple macOS 安全漏洞

Apple macOS Tahoe is an operating system from the American company Apple. A security vulnerability exists in Apple macOS Tahoe, which can be exploited by an attacker to cause an application with root privileges to delete protected system files...

CVE-2025-43537

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5, iOS 26.2 and iPadOS 26.2. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2025-43537

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2025-46310

This issue was addressed through improved state management. This issue is fixed in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, macOS Tahoe 26. An attacker with root privileges may be able to delete protected system files...

CVE-2025-46310

CVE-2025-46310 is a local-privilege issue where an attacker with root could delete protected system files. Apple fixed it via state-management improvements in macOS Sequoia 15.7.4, macOS Sonoma 14.8.4, and macOS Tahoe 26. (Exploitation status not provided in the documents.)

CVE-2025-43537

A path handling issue was addressed with improved validation. This issue is fixed in iOS 18.7.5 and iPadOS 18.7.5. Restoring a maliciously crafted backup file may lead to modification of protected system files...

CVE-2025-43537

CVE-2025-43537 is a reserved vulnerability identifier; no full public details exist in the initial entry. The connected PT-2025-48993 note describes it as a potential critical OS command injection vulnerability, with early reports suggesting impact on components such as Adobe Reader or Windows co...

Unspecified Vulnerability in TeamViewer DEX Client (CNVD-2026-16661)

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client has a security vulnerability that can be exploited by an attacker to cause the deletion of protected system files...

Quick Heal Total Security 安全漏洞

Quick Heal Total Security is a antivirus software developed by the Indian company Quick Heal. Version 23.0.0 of Quick Heal Total Security contains a security vulnerability. This vulnerability stems from insufficient validation of restore paths and improper handling of permissions in the isolation...

EUVD-2025-206708

A vulnerability exists in Quick Heal Total Security 23.0.0 in the quarantine management component where insufficient validation of restore paths and improper permission handling allow a low-privileged local user to restore quarantined files into protected system directories. This behavior can be...

CVE-2026-23563

Improper Link Resolution Before File Access invoked by 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction in TeamViewer DEX - 1E Client before version 26.1 on Windows allows a low‑privileged local attacker to delete protected system files via a crafted RPC control junction or symlink that is...

PT-2026-5250

Name of the Vulnerable Software and Affected Versions TeamViewer DEX - 1E Client versions prior to 26.1 Description The software contains a flaw related to improper link resolution before file access. This issue, triggered by the 1E‑Explorer‑TachyonCore‑DeleteFileByPath instruction, allows a loca...

TeamViewer DEX Client 安全漏洞

TeamViewer DEX Client is a digital employee experience and endpoint management software from TeamViewer Germany. TeamViewer DEX Client has a security vulnerability that can be exploited by an attacker to cause the deletion of protected system files...

CVE-2025-59373

A local privilege escalation vulnerability exists in the restore mechanism of ASUS System Control Interface. It can be triggered when an unprivileged actor copies files without proper validation into protected system paths, potentially leading to arbitrary files being executed as SYSTEM. For more...