EUVD-2025-210052

SWUpdate before 2026.05 is affected by a time-of-check time-of-use TOCTOU race condition that allows local unprivileged attackers to escalate privileges to root or install untrusted contents using a signed update...

CVE-2026-4081

creationtimestamp| type| source ---|---|--- 2026-06-03 10:18:04+00:00| seen| https://bsky.app/profile/potato.software/post/3mneuvbjsee2f...

PRTG Network Monitor - Local File Inclusion

PRTG Network Monitor before 18.2.40.1683 allows remote unauthenticated attackers to create users with read-write privileges including administrator. A remote unauthenticated user can craft an HTTP request and override attributes of the 'include' directive in /public/login.htm and perform a Local...

Progress Software WhatsUp Gold GetFileWithoutZip Directory Traversal - Remote Code Execution

This vulnerability allows remote attackers to execute arbitrary code on affected installations of Progress Software WhatsUp Gold. Authentication is not required to exploit this vulnerability. The specific flaw exists within the implementation of GetFileWithoutZip method. The issue results from th...

EUVD-2025-210044

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

EUVD-2021-34846

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

EUVD-2021-34847

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...

TencentOS Server 4: squid (TSSA-2026:0346)

The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0346 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...

Linux Distros Unpatched Vulnerability : CVE-2026-40108

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - GLPI is a free asset and IT management software package. In versions 11.0.0 through 11.0.6, a technician can store an XSS payload in a ITIL costs. This issue ha...

PT-2026-46036

In the Linux kernel, the following vulnerability has been resolved: ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes. Attempting to send such packets causes the adapter to freeze, stoppi...

Linux Distros Unpatched Vulnerability : CVE-2026-46142

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - net: libwx: fix VF illegal register access Register WXCFGPORTST is a PF restricted register. When a VF is initialized, attempting to read this register triggers...

Linux Distros Unpatched Vulnerability : CVE-2026-44728

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Babel is a compiler for writing next generation JavaScript. From 7.12.0 to before 7.29.4 and 8.0.0-alpha.13, using Babel to compile code that was specifically...

Security Advisory 0140

Security Advisory 0140 PDF Date: June 3, 2026 Revision | Date | Changes ---|---|--- 1.0 | June 3, 2026 | Initial release The CVE-ID tracking this issue: CVE-2026-10040 CVSSv3.1 Base Score: 6.0 CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H CVSSv4.0 Base Score: 6.8...

UBUNTU-CVE-2026-27145

x509.Certificate.VerifyHostname previously called matchHostnames in...

PT-2026-45959

GLPI is a free asset and IT management software package. Starting in version 10.0.4 and prior to version 10.0.25, a technician can store an XSS payload in the asset locked tab. Upgrade to 10.0.25 or 11.0.7 to receive a patch...

Linux Distros Unpatched Vulnerability : CVE-2026-37712

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue in Dolibarr ERP/CRM v.22.0.0 through v.22.0.4 and v.24.0.0-alpha allows a remote attacker to execute arbitrary code via the...

Linux Distros Unpatched Vulnerability : CVE-2026-46273

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - ibmveth: Disable GSO for packets with small MSS Some physical adapters on Power systems do not support segmentation offload when the MSS is less than 224 bytes...

CVE-2026-40108

CVE-2026-40108 - GLPI Stored XSS in ITIL costs : Affects GLPI versions 11.0.0 through 11.0.6 where a technician can store an XSS payload in ITIL costs. The issue has been fixed in version 11.0.7. CVSS 4.0 base score is 7.1 (HIGH) with user interaction required and HIGH impact on confidentiality, ...

CVE-2025-15653

Dräger Zeus Infinity Empowered Zeus IE and Zeus RS C500 anesthesia workstations contain a local security vulnerability that allows unauthorized individuals with physical access to compromise software integrity via USB interface manipulation. Attackers can exploit the unprotected USB interfaces to...

CVE-2021-4481

Dräger Protector Software prior to version 6.4.2 contains a local privilege escalation vulnerability due to insecure file system permissions that allows local attackers to execute arbitrary code with elevated privileges. Attackers can replace binaries or loaded modules on the host system to execu...