12479 matches found
CVE-2026-9490 Acer Care Center creates a Named Pipe with a weak Security Descriptor
A security vulnerability has been identified in Acer Care Center where the ACCSvc service creates a Named Pipe with a weak Security Descriptor. This vulnerability allows an authenticated local user to connect and send a specially crafted message message type 0x03 to the pipe, causing the service ...
PT-2026-43021
Name of the Vulnerable Software and Affected Versions Acer Care Center affected versions not specified Description The ACCSvc service creates a Named Pipe with a weak Security Descriptor. This allows an authenticated local user to connect and send a specially crafted message of type 0x03 to the...
mcphost-0.34.0-5.1 on GA media (moderate)
mcphost-0.34.0-5.1 on GA media Announcement ID: openSUSE-SU-2026:10845-1 Rating: moderate Cross-References: CVE-2026-33814 CVE-2026-39827 CVE-2026-39831 CVE-2026-39832 CVE-2026-39835 CVSS scores: CVE-2026-33814 SUSE : 7.5 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H CVE-2026-39827 SUSE : 6.5...
Unity Linux 20.1070e Security Update: HikariCP (UTSA-2026-016726)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-016726 advisory. Apache Log4j2 versions 2.0-alpha1 through 2.16.0 excluding 2.12.3 and 2.3.1 did not protect from uncontrolled recursion from self-referential lookups. This allows an...
[SECURITY] Fedora 44 Update: pgadmin4-9.15-1.fc44
pgAdmin is the most popular and feature rich Open Source administration and d evelopment platform for PostgreSQL, the most advanced Open Source database in the world...
Cisco ThousandEyes Virtual Appliance Authenticated Remote Code Execution Vulnerability
A vulnerability in the SSL certificate handling of Cisco ThousandEyes Virtual Appliance could allow an authenticated, remote attacker to execute commands on the underlying operating system as the root user. This vulnerability is due to insufficient validation of user-supplied input. An...
RHSA-2026:19027 Red Hat Security Advisory: grafana security update
Bulletin has no description...
Movable Type vulnerable to missing authorization
Overview Movable Type provided by Six Apart Ltd. contains the following vulnerability. Missing authorization CWE-862 - CVE-2026-44392 Six Apart Ltd. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Six Apart Ltd. coordinated under the Information...
Advisory ROSA-SA-2026-3272
software: harfbuzz 7.0.1 OS: ROSA-CHROME unaffected versions = harfbuzz-7.0.1-3 affected versions harfbuzz-7.0.1-3 CVE-ID: CVE-2026-22693 BDU-ID: None CVE-Crit: MEDIUM CVE-DESC.: A null pointer dereferencing vulnerability in HarfBuzz is related to a lack of validation of the hbmalloc return value...
Security update for valkey
This update for valkey fixes the following issues CVE-2026-23479: use-after-free in unblock client flow may lead to remote code execution bsc1264164. CVE-2026-23631: Lua use-after-free via the master-replica synchronization mechanism may lead to remote code execution bsc1264165. CVE-2026-25243:...
Moderate Photon OS Security Update - PHSA-2026-4.0-1020
Updates of 'curl' packages of Photon OS have been released...
RHSA-2026:17689 Red Hat Security Advisory: firefox security update
Bulletin has no description...
Multiple vulnerabilities in "Musetheque V4 Information Disclosure for IPKNOWLEDGE"
Overview Musetheque V4 Information Disclosure for IPKNOWLEDGE provided by Fujitsu Japan Limited contains multiple vulnerabilities listed below. Cross-site scripting CWE-79 - CVE-2026-24662 Cross-site request forgery CWE-352 - CVE-2026-28761 Nozomi Iimura, Sho Odagiri of GMO Cybersecurity by Ierae...
Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability
May 2026: This security advisory provides the details and fix information for a vulnerability that was discovered and fixed after the Cisco Catalyst SD-WAN Controller Authentication Bypass Vulnerability...
WPS Office improper access restriction to its named pipe
Overview WPS Office provided by WPS SOFTWARE PTE. LTD. contains a service program running background and providing certain functionalities to the other programs. This service program uses a named pipe to communicate with the other programs. The named pipe above is not properly protected and any...
[SECURITY] Fedora 42 Update: python-django5-5.2.14-1.fc42
Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...
EUVD-2026-30106
An arbitrary File Read and Delete Vulnerability in Palo Alto Networks WildFire® WF-500 and WF-500-B appliances enables users to read sensitive information and delete arbitrary files. This vulnerability affects WF-500 and WF-500-B appliances running in the default non-FIPS configuration mode. The...
CVE-2026-44379
MISP is an open source threat intelligence and sharing platform. Prior to 2.5.37, MISP Collections did not enforce RFC 4122 UUID validation on the uuid field. As a result, a user able to create or modify Collection records could submit malformed UUID values, potentially causing integrity issues o...
CVE-2026-43685
CVE-2026-43685 is a Remote Code Execution vulnerability in Claris FileMaker Cloud. An Admin Console user can inject arbitrary operating system commands via unsanitized input in the External ODBC Data Source connection test feature. The issue is fixed in FileMaker Cloud 2.22.0.5. Documents provide...
Intel® EMA Software Advisory
Summary: A potential security vulnerability in the Intel® Endpoint Management Assistant EMA software may allow escalation of privilege. Intel is releasing software updates to mitigate this potential vulnerability. Vulnerability Details: CVEID: CVE-2025-35990 Description: Improper input validation...