229 matches found
SUSE CVE-2026-7818
Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...
CVE-2026-7818
CVE-2026-7818 affects pgAdmin 4: Unsafe deserialization in FileBackedSessionManager allows an authenticated user with write access to the sessions directory to craft a payload that could lead to operating-system level remote code execution under the pgAdmin process identity. The root cause is des...
CVE-2026-7818 pgAdmin 4: Unsafe deserialization (CWE-502) in file-backed session manager leads to remote code execution
Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...
CVE-2026-7818 pgAdmin 4: Unsafe deserialization (CWE-502) in file-backed session manager leads to remote code execution
Deserialization of untrusted data CWE-502 in pgAdmin 4 FileBackedSessionManager. The session manager performed unsafe deserialization of session-file contents using Python's standard object-serialization module before performing any HMAC integrity check. Any file dropped into the sessions directo...
Astra Linux - уязвимость в plasma-workspace
In KDE Plasma Workspaces also known as plasma-workspace, prior to versions 5.27.11.1 and 6.x, before version 6.0.5.1, connections were made via ICE, purely based on the host system. This means that all local connections were accepted. This allowed another user on the same machine to gain access t...
CVE-2026-7551
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...
CVE-2026-7551 HKUDS OpenHarness Remote Command Execution via /bridge Slash Command
HKUDS OpenHarness contains a remote code execution vulnerability in the /bridge slash command that allows remote senders accepted by configuration to execute arbitrary operating system commands. Attackers can invoke the /bridge spawn command with attacker-controlled command text that is forwarded...
Amazon Linux 2023 : amazon-ssm-agent (ALAS2023-2026-1499)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1499 advisory. cmd/go: bypass of flag sanitization can lead to arbitrary code execution CVE-2025-61731 cmd/go: unexpected code execution when invoking toolchain CVE-2025-68119 Tenable has extracted the...
CVE-2026-20869
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Local Session Manager LSM allows an authorized attacker to elevate privileges locally...
CVE-2026-20869
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Local Session Manager LSM allows an authorized attacker to elevate privileges locally...
CVE-2026-20869
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Local Session Manager LSM allows an authorized attacker to elevate privileges locally...
CVE-2026-20869 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability
...
CVE-2026-20869
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Local Session Manager LSM allows an authorized attacker to elevate privileges locally...
CVE-2026-20869
CVE-2026-20869 affects Windows Local Session Manager (LSM) and is described as a race-condition vulnerability in the management of a shared resource that allows an authenticated, local attacker to elevate privileges. The initial CVE entry cites local privilege escalation with a high impact. Micro...
CVE-2026-20869 Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability
...
Windows Local Session Manager (LSM) Elevation of Privilege Vulnerability
Concurrent execution using shared resource with improper synchronization 'race condition' in Windows Local Session Manager LSM allows an authorized attacker to elevate privileges locally...
PT-2026-2714
Name of the Vulnerable Software and Affected Versions Windows Local Session Manager LSM affected versions not specified Description A flaw exists in Windows Local Session Manager LSM related to concurrent execution using a shared resource with improper synchronization, creating a race condition...
CVE-2025-58729
Improper validation of specified type of input in Windows Local Session Manager LSM allows an authorized attacker to deny service over a network...
CVE-2025-59259
Improper validation of specified type of input in Windows Local Session Manager LSM allows an authorized attacker to deny service over a network...
CVE-2025-59257
Improper validation of specified type of input in Windows Local Session Manager LSM allows an authorized attacker to deny service over a network...