CVE-2026-4868

GitLab has remediated an issue in GitLab EE affecting all versions from 18.8 before 18.10.7, 18.11 before 18.11.4, and 19.0 before 19.0.1. Under certain conditions, an authenticated user could have caused specific Duo AI workflows to run under another user’s identity due to improper user identity...

CVE-2026-23674

Improper resolution of path equivalence in Windows MapUrlToZone allows an unauthorized attacker to bypass a security feature over a network...

EUVD-2023-36450

Malicious code in bioql PyPI...

EUVD-2022-35461

Malicious code in bioql PyPI...

EUVD-2022-35127

Malicious code in bioql PyPI...

EUVD-2023-46430

Malicious code in bioql PyPI...

EUVD-2024-2833

Malicious code in bioql PyPI...

Windows Update Service Elevation of Privilege Vulnerability

Improper link resolution before file access 'link following' in Windows Update Service allows an authorized attacker to elevate privileges locally...

CVE-2025-2102

Improper Link Resolution Before File Access 'Link Following' vulnerability in HYPR Passwordless on Windows allows Privilege Escalation.This issue affects HYPR Passwordless: before 10.1...

CVE-2025-20003

Improper link resolution before file access 'Link Following' for some IntelR Graphics Driver software installers may allow an authenticated user to potentially enable escalation of privilege via local access...

PT-2025-21263 · Unknown · Pgina.Fork

Name of the Vulnerable Software and Affected Versions: pGina.Fork versions 3.9.9.12 and earlier Description: The issue allows authentication bypass when an adversary controls DNS resolution for pginaloginserver. This occurs due to a flaw in the HttpAuth plugin. Recommendations: For versions...

PT-2025-20952 · Microsoft · Windows Installer +1

Name of the Vulnerable Software and Affected Versions: Windows Installer affected versions not specified Description: The issue is related to improper link resolution before file access, also known as 'link following', in Windows Installer. This allows an authorized attacker to disclose informati...

CVE-2025-37876

In the Linux kernel, the following vulnerability has been resolved: netfs: Only create /proc/fs/netfs with CONFIGPROCFS When testing a special config: CONFIGNETFSSUPPORTS=y CONFIGPROCFS=n The system crashes with something like: 3.766197 ------------ cut here ------------ 3.766484 kernel BUG at...

CVE-2025-37801 spi: spi-imx: Add check for spi_imx_setupxfer()

In the Linux kernel, the following vulnerability has been resolved: spi: spi-imx: Add check for spiimxsetupxfer Add check for the return value of spiimxsetupxfer. spiimx-rx and spiimx-tx function pointer can be NULL when spiimxsetupxfer return error, and make NULL pointer dereference. Unable to...

SonicWall NetExtender < 10.3.2 Multiple Vulnerabilities (SNWLID-2025-0006)

The version of SonicWall NetExtender installed on the remote host is prior to 10.3.2. It is, therefore, affected by multiple vulnerabilities as referenced in the SNWLID-2025-0006 advisory. - An improper privilege management vulnerability in the SonicWall NetExtender Windows 32 and 64 bit client...

Important: php

Issue Overview: An issue was discovered in Oniguruma 6.2.0, as used in Oniguruma-mod in Ruby through 2.4.1 and mbstring in PHP through 7.1.5. A heap out-of-bounds write or read occurs in nextstateval during regular expression compilation. Octal numbers larger than 0xff are not handled correctly i...

CVE-2025-25008

Improper link resolution before file access 'link following' in Microsoft Windows allows an authorized attacker to elevate privileges locally...

CVE-2025-21832 block: don't revert iter for -EIOCBQUEUED

In the Linux kernel, the following vulnerability has been resolved: block: don't revert iter for -EIOCBQUEUED blkdevreaditer has a few odd checks, like gating the position and count adjustment on whether or not the result is bigger-than-or-equal to zero where bigger than makes more sense, and not...

On iPad Pro, text becomes blurry when using custom resolution.

On iPad Pro, text becomes blurry when using custom resolution...

openSUSE Security Advisory (SUSE-SU-2024:2626-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2025 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...