CVE-2026-35479

InvenTree is an Open Source Inventory Management System. Prior to 1.2.7 and 1.3.0, any users who have staff access permissions can install plugins via the API, without requiring "superuser" account access. This level of permission requirement is out of alignment with other plugin actions such as...

CVE-2026-35479

CVE-2026-35479 affects InvenTree prior to versions 1.2.7 and 1.3.0, where staff users with staff access could install plugins via the API without requiring a superuser account. This bypasses the intended permission model and could enable installation of arbitrary, potentially harmful plugins. The...

CLSA-2026-1773160910 postgresql: Fix of 3 CVEs

CVE-2026-2004: require superuser to install non-built-in selectivity estimators and harden intarray intmatchsel against wrong operator type - CVE-2026-2005: fix heap buffer overflow in pgcrypto PGP public-key decryption by validating session key length - CVE-2026-2006: fix multibyte character...

SUSE CVE-2025-38466

In the Linux kernel, the following vulnerability has been resolved: perf: Revert to requiring CAPSYSADMIN for uprobes Jann reports that uprobes can be used destructively when used in the middle of an instruction. The kernel only verifies there is a valid instruction at the requested offset, but d...

SUSE CVE-2024-1271

This CVE was previously published at https://bugzilla.redhat.com/showbug.cgi?id=2262978 but later rejected for the following reason: The flaw requires an attacker to have superuser credentials which is a condition that already permits all impacts, hence not constituing a security vulnerability...