JLSEC-2026-289

In Singular before 4.3.1, a predictable /tmp pathname is used e.g., by sdb.cc, which allows local users to gain the privileges of other users via a procedure in a file under /tmp. NOTE: this CVE Record is about sdb.cc and similar files in the Singular interface that have predictable /tmp pathname...

PT-2026-35927

Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process. This issue affects Pardus Software Center: before 1.0.3...

TÜBİTAK BİLGEM Pardus Software Center 安全漏洞

TÜBİTAK BİLGEM Pardus Software Center is an application store platform provided by TÜBİTAK BİLGEM in Turkey, which offers functions for software browsing, installation, and management of updates. Versions 1.0.2 to 1.0.3 of TÜBİTAK BİLGEM Pardus Software Center contained security vulnerabilities...

PT-2026-35937

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal. This issue affects Pardus Software Center: before 1.0.3...

TÜBİTAK BİLGEM Pardus Software Center 路径遍历漏洞

TÜBİTAK BİLGEM Pardus Software Center is an application store platform provided by TÜBİTAK BİLGEM in Turkey, which offers functions for software browsing, installation, and update management. Versions of TÜBİTAK BİLGEM Pardus Software Center prior to 1.0.3 contained a path traversal vulnerability...

PT-2026-35997

Allok soft WMV to AVI MPEG DVD WMV Converter 4.6.1217 contains a buffer overflow vulnerability that allows local attackers to execute arbitrary code by supplying an oversized string in the License Name field. Attackers can craft a malicious input containing shellcode with structured exception...

Fedora 44 : mapserver (2026-b5a2da2c73)

The remote Fedora 44 host has a package installed that is affected by multiple vulnerabilities as referenced in the FEDORA-2026-b5a2da2c73 advisory. Update to mapserver 8.6.1. Tenable has extracted the preceding description block directly from the Fedora security advisory. Note that Nessus has no...

Linux Distros Unpatched Vulnerability : CVE-2026-7352

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Use after free in Media in Google Chrome on Android prior to 147.0.7727.138 allowed a remote attacker who had compromised the renderer process to potentially...

Malicious code in fivem-monitor (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 46a604a0acf84f672e7a3235e103f365f9d9f704c96faa12dcb5b9b0a9806004 The package fivem-monitor was found to contain malicious code. Source: ghsa-malware bea91e9a2c853e88f029684fb53cecc15f1960b1ccafb583b1da52a754f9ee4d...

CVE-2026-3893 Carlson Software VASCO-B GNSS Receiver Missing Authentication for Critical Function

The Carlson VASCO-B GNSS Receiver lacks an authentication mechanism, allowing an attacker with network access to directly access and modify its configuration and operational functions without needing credentials...

JLSEC-2026-288 Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo...

Improper Restriction of Operations within the Bounds of a Memory Buffer vulnerability in OSGeo gdal frmts/zlib/contrib/infback9 modules. This vulnerability is associated with program files inftree9.C‎. This issue affects gdal: before 3.11.0...

After Mythos: New Playbooks For a Zero-Window Era

When patching isn’t fast enough, NDR helps contain the next era of threats. If you’ve been tracking advancements in AI, you know the exploit window, the short buffer that organizations relied on to patch and protect after a vulnerability disclosure, is closing fast. Anthropic’s new model, Claude...

Chinese engineer stole US military and NASA software for years

International espionage isn't always about sophisticated malware and zero-day bugs. Sometimes it's as simple as pretending to be someone else asking for a favor. For four years, a Chinese aerospace engineer did just that. Dozens of researchers at NASA, the US military, and major universities hand...

BELL-CVE-2026-31691 CVE-2026-31691 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-31636 CVE-2026-31636 does not affect BellSoft software

Bulletin has no description...

BELL-CVE-2026-31589 CVE-2026-31589 does not affect BellSoft software

Bulletin has no description...

SUSE CVE-2026-42095

bookserver in KDE Arianna before 26.04.1 allows attackers to read files over a socket connection by guessing a URL...

[SECURITY] Fedora 42 Update: python3-docs-3.13.13-1.fc42

The python3-docs package contains documentation on the Python 3 programming language and interpreter...

NVIDIA FLARE SDK 输入验证错误漏洞

NVIDIA FLARE SDK is a federal learning application development toolkit provided by NVIDIA Corporation in the United States. The NVIDIA Flare SDK has a vulnerability related to input validation errors. This vulnerability stems from path traversal, which leads to improper input validation,...

CVE-2026-7194

Affected software: SourceCodester Pharmacy Sales and Inventory System 1.0. Vulnerability location: the file /ajax.php?action=save_product. Vulnerability type / root cause: manipulation of the argument ID leads to a SQL injection vulnerability. Impact / exploitation: attack can be carried out remo...