EUVD-2026-21498

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...

EUVD-2026-21399

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output...

EUVD-2026-21396

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...

EUVD-2026-21394

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...

EUVD-2026-21400

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...

EUVD-2026-21402

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

GHSA-5F5R-95PG-XRPM Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Summary Some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15...

Beszel has an IDOR in hub API endpoints that read system ID from URL parameter

Summary Some API endpoints in the Beszel hub accept a user-supplied system ID and proceed without further checks that the user should have access to that system. As a result, any authenticated user can access these routes for any system if they know the system's ID. System IDs are random 15...

Incorrect Resource Transfer Between Spheres

Overview Affected versions of this package are vulnerable to Incorrect Resource Transfer Between Spheres via the ForwardToWall process. An attacker can inject ANSI escape sequences into user terminals by executing a logger -p emerg command when the relevant configuration is enabled. This is only...

CVE-2026-40225

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output...

CVE-2026-40228

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...

CVE-2026-40224

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...

CVE-2026-40226

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...

CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

DEBIAN-CVE-2026-40225

In udev in systemd before 260, local root execution can occur via malicious hardware devices and unsanitized kernel output...

DEBIAN-CVE-2026-40226

In nspawn in systemd 233 through 259 before 260, an escape-to-host action can occur via a crafted optional config file...

DEBIAN-CVE-2026-40224

In systemd 259 before 260, there is local privilege escalation in systemd-machined because varlink can be used to reach the root namespace...

DEBIAN-CVE-2026-40227

In systemd 260 before 261, a local unprivileged user can trigger an assert via an IPC API call with an array or map that has a null element...

DEBIAN-CVE-2026-40228

In systemd 259, systemd-journald can send ANSI escape sequences to the terminals of arbitrary users when a "logger -p emerg" command is executed, if ForwardToWall=yes is set...

CVE-2026-40223

In systemd 258 before 260, a local unprivileged user can trigger an assert when a Delegate=yes and User= unit exists and is running...