CVE-2026-24282 Push message Routing Service Elevation of Privilege Vulnerability

...

CVE-2026-24282

CVE-2026-24282 is a Microsoft-related local-elevation vulnerability labeled as a Push message Routing Service issue. The CVSS 3.1 base score is 5.5 (MEDIUM) with Confidentiality impact High, and Exploit Code Maturity is UNPROVEN. The attack vector is Local and requires Low privileges with no user...

CVE-2026-24282 Push message Routing Service Elevation of Privilege Vulnerability

...

Push message Routing Service Elevation of Privilege Vulnerability

Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally...

GitHub Enterprise Server 安全漏洞

GitHub Enterprise Server is an open-source application developed by GitHub in the United States. It provides a scalable and easy-to-manage platform by allowing users to set their GitHub instances as virtual devices. Vulnerabilities exist in versions 3.14.24, 3.15.19, 3.16.15, 3.17.12, 3.18.6, and...

PT-2026-24278

Out-of-bounds read in Push Message Routing Service allows an authorized attacker to disclose information locally...

Quiz sites trick users into enabling unwanted browser notifications

Our support team flagged a number of customers who suspected their device might be infected with malware, but Malwarebytes scans came up empty. When the customers provided screenshots, our Malware Removal Support team quickly recognized the format as web push notifications. The reason the scans...

PT-2026-24344

Name of the Vulnerable Software and Affected Versions GitHub Enterprise Server versions prior to 3.14.25 GitHub Enterprise Server versions prior to 3.15.20 GitHub Enterprise Server versions prior to 3.16.16 GitHub Enterprise Server versions prior to 3.17.13 GitHub Enterprise Server versions prior...

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

kernel: Linux kernel: Denial of Service in ATM CLIP module via infinite recursion

A flaw was found in the Linux kernel's Asynchronous Transfer Mode ATM Classical IP CLIP module. A local user can trigger an infinite recursive call in the clippush function by repeatedly calling the ioctlATMARPMKIP system call. This vulnerability occurs when the socket is closed, leading to stack...

OpenClaw Canvas Path Traversal Information Disclosure Vulnerability

ZDI-CAN-29312: OpenClaw Canvas Path Traversal Information Disclosure Vulnerability -- ABSTRACT ------------------------------------- Trend Micro's Zero Day Initiative has identified a vulnerability affecting the following products: OpenClaw - OpenClaw -- VULNERABILITY DETAILS...

CVE-2026-3384

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::ASTNodeImpl::eval/chaiscript::eval::FunctionPushPop of the file include/chaiscript/language/chaiscripteval.hpp. The manipulation leads to uncontrolled recursion. An attack has to be...

Uncontrolled Recursion

Overview Affected versions of this package are vulnerable to Uncontrolled Recursion in the FunctionPushPop. An attacker can cause excessive resource consumption and application instability by triggering deep or infinite recursion through crafted input to the affected process. Remediation There is...

EUVD-2026-9119

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::ASTNodeImpl::eval/chaiscript::eval::FunctionPushPop of the file include/chaiscript/language/chaiscripteval.hpp. The manipulation leads to uncontrolled recursion. An attack has to be...

CVE-2026-3384 ChaiScript chaiscript_eval.hpp Function_Push_Pop recursion

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::ASTNodeImpl::eval/chaiscript::eval::FunctionPushPop of the file include/chaiscript/language/chaiscripteval.hpp. The manipulation leads to uncontrolled recursion. An attack has to be...

CVE-2026-3384 ChaiScript chaiscript_eval.hpp Function_Push_Pop recursion

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::ASTNodeImpl::eval/chaiscript::eval::FunctionPushPop of the file include/chaiscript/language/chaiscripteval.hpp. The manipulation leads to uncontrolled recursion. An attack has to be...

PT-2026-22503

A security vulnerability has been detected in ChaiScript up to 6.1.0. This impacts the function chaiscript::eval::AST Node Impl::eval/chaiscript::eval::Function Push Pop of the file include/chaiscript/language/chaiscript eval.hpp. The manipulation leads to uncontrolled recursion. An attack has to...

CVE-2026-27792

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. It allows authenticated users to access and modify data belonging to other...

Path Traversal

mcp-server-git is vulnerable to Path Traversal. The vulnerability is due to the gitadd tool not validating file paths, where relative paths containing ../ sequences that resolve outside the repository were accepted and staged into the Git index, and attackers can exploit this to potentially...

CVE-2026-27792

Seerr is an open-source media request and discovery manager for Jellyfin, Plex, and Emby. A missing authorization vulnerability has been identified in the application starting in version 2.7.0 and prior to version 3.1.0. It allows authenticated users to access and modify data belonging to other...