CVE-2026-42095

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL...

CVE-2026-6479

Uncontrolled recursion in PostgreSQL SSL and GSS negotiation allows an attacker able to connect to a PostgreSQL AFUNIX socket to achieve sustained denial of service. If SSL and GSS are both disabled, an attacker can do the same via access to a PostgreSQL TCP socket. Versions before PostgreSQL 18....

EUVD-2026-33726

A flaw was found in rrdcached, a component of rrdtool. A local attacker with access to a rrdcached socket can exploit a stack-based buffer overflow by sending an oversized CREATE request. This vulnerability can lead to a denial of service by crashing the daemon or potentially allow for arbitrary...

PT-2026-45491

Summary Vitest browser mode served / vitest test / with the otelCarrier query parameter inserted directly into an inline module script. Because this value was treated as JavaScript source rather than data, an attacker could craft a browser-runner URL that executes arbitrary JavaScript in the Vite...

CVE-2026-6406 Docker Desktop Enhanced Container Isolation bypass via --use-api-socket CLI flag

The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...

EUVD-2026-31484

The Docker CLI --use-api-socket flag bypasses Enhanced Container Isolation ECI restrictions in Docker Desktop. When ECI is enabled, Docker socket mounts from containers are denied unless explicitly allowed via the admin-settings configuration. However, the --use-api-socket flag adds the Docker...

Astra Linux – Vulnerability found in Linux 5.10, Linux 5.15

In the Linux kernel, the following vulnerabilities have been resolved: scsi: iscsi: iscsitcp: Fixed a NULL pointer dereferencing issue when calling getpeername. A crash due to a NULL pointer occurred when freeing a socket at the same time as accessing it via sysfs. The issues are as follows: 1...

SUSE CVE-2026-42095

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL...

CVE-2026-42095

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL...

CVE-2026-42095

CVE-2026-42095 affects bookserver in KDE Arianna up to version 26.04.0 (pre-26.04.1). Affected component allows an attacker with local access to read arbitrary files by guessing a URL over a socket connection, as described in the vulnerability description. Root cause: insufficient access control ...

EUVD-2026-25566

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL...

PT-2026-34879

Name of the Vulnerable Software and Affected Versions bookserver in KDE Arianna versions prior to 26.04.1 Description An issue in bookserver allows attackers to read files over a socket connection by guessing a URL. Recommendations Update to version 26.04.1...

JLSEC-2026-64

ssh-agent in OpenSSH before 8.5 has a double free that may be relevant in a few less-common scenarios, such as unconstrained agent-socket access on a legacy operating system, or the forwarding of an agent to an attacker-controlled host...

K000160680: Node.js vulnerability CVE-2026-21636

Security Advisory Description A flaw in Node.js's permission model allows Unix Domain Socket UDS connections to bypass network restrictions when --permission is enabled. Even without --allow-net, attacker-controlled inputs such as URLs or socketPath options can connect to arbitrary local sockets...

📄 usbmuxd 1.1.1-1 Path Traversal / Arbitrary File Write

A path traversal vulnerability exists in usbmuxd, a system daemon responsible for multiplexing USB connections to mobile devices. Due to insufficient validation and sanitization of file path inputs processed through its message-handling interface, a local attacker with access to the usbmuxd UNIX...

ALPINE-CVE-2025-14282

A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's file...

SUSE-SU-2026:0186-1 Security update for the Linux Kernel (Live Patch 29 for SUSE Linux Enterprise 15 SP5)

This update for the SUSE Linux Enterprise kernel 5.14.21-150500.55.116 fixes various security issues The following security issues were fixed: - CVE-2022-50327: ACPI: processor: idle: Check acpifetchacpidev return value bsc1254451. - CVE-2022-50409: net: If sock is dead don't access sock's skwq i...

MiracleLinux 9 : samba-4.18.6-101.el9.ML.1 (AXSA:2023-6897:12)

The remote MiracleLinux 9 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2023-6897:12 advisory. samba: smbd allows client access to unix domain sockets on the file system as root CVE-2023-3961 samba: SMB clients can truncate files with read-onl...

EUVD-2026-2702

An Incorrect Permission Assignment for Critical Resource vulnerability in the Juniper DHCP daemon jdhcpd of Juniper Networks Junos OS and Junos OS Evolved allows a local, low-privileged user to write to the Unix socket used to manage the jdhcpd process, resulting in complete control over the...

[SECURITY] Fedora 43 Update: golang-github-googlecloudplatform-cloudsql-proxy-1.31.2-11.fc43

The Cloud SQL Proxy allows a user with the appropriate permissions to connect to a Second Generation Cloud SQL database without having to deal with IP whitelisting or SSL certificates manually. It works by opening unix/tcp sockets on the local machine and proxying connections to the associated...