kernel: Read root-owned files as an unprivileged user

A vulnerability was found in the Linux kernel that allows an unprivileged local user to read sensitive files normally restricted to the root user. The flaw occurs during process exit, where a brief window allows an attacker to intercept file access from a privileged process before it fully...

EUVD-2026-34136

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...

CVE-2026-20175 Cisco Finesse File Inclusion Vulnerability

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...

CVE-2026-0009

In multiple locations, there is a possible tapjacking due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

CVE-2026-46724

The file indexer does not normalize the configured directory path. A backend user with permission to edit indexer configurations can index documents from arbitrary locations on the server file system through path traversal sequences...

CVE-2026-10227

A vulnerability has been found in raisulislamg4 studentmanagementsystembyphp up to 310d950e09013d5133c6b9210aff9444382d16d1. The affected element is an unknown function of the file addusercheck.php of the component User Creation Handler. The manipulation of the argument role leads to sql injectio...

CVE-2026-7195

CWE-20: Improper Input Validation in web services in Progress Sitefinity 14.1.x through 14.3.x, 14.4.x before 14.4.8152, 15.0.x before 15.0.8234, 15.1.x before 15.1.8335, 15.2.x before 15.2.8441, 15.3.x before 15.3.8531, and 15.4.x before 15.4.8630 allows a remote unauthenticated attacker to...

Cisco Finesse Remote File Inclusion Vulnerability

A vulnerability in Cisco Finesse could allow an unauthenticated, remote attacker to load arbitrary files from remote locations into an active user session on an affected device, possibly leading to browser-based attacks. This vulnerability is due to insufficient validation of user-supplied input...

Cisco Webex Meetings Cross-Site Scripting Vulnerability

A vulnerability in the web-based user interface of Cisco Webex Meetings could have allowed an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack. Cisco has addressed this vulnerability in the Webex Meetings service, and no customer action is needed. This vulnerability...

CVE-2026-38978

A flaw was found in Transmission. A clickjacking weakness exists in the browser-facing WebUI and RPC Remote Procedure Call response paths. This vulnerability could allow a remote attacker to trick a user into performing unintended actions by overlaying malicious content over legitimate interface...

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

Security update 5.0.8 for Multi-Linux Manager Salt Bundle

This update fixes the following issues: venv-salt-minion: Security issues fixed: CVE-2026-31958: tornado: Fixed parsing large multipart bodies with many parts can cause a denial of service bsc1259554 CVE-2026-27459: pyOpenSSL: Fixed issue with large cookie value that can lead to a buffer overflow...

CVE-2026-44281

GLPI CVE-2026-44281 affects GLPI versions 0.78 through prior to 10.0.25 and 11.0.7. An authenticated user with config READ permission can read a specific asset object, exposing information. Patch available by upgrading to 10.0.25 or 11.0.7.

CVE-2026-44281 GLPI vulnerable to unauthorized reading of a specific asset object

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch...

CVE-2026-44281

GLPI is a free asset and IT management software package. Starting in version 0.78 and prior to versions 10.0.25 and 11.0.7, an authenticated user with config READ permission can read a specific asset object. Upgrade to 11.0.7 or 10.0.25 to receive a patch...

vim: zip.vim: Vim zip.vim plugin: Arbitrary file overwrite via path traversal bypass

A flaw was found in Vim's zip.vim plugin. A local user could be tricked into opening a specially crafted zip archive, which would allow a path traversal bypass. This vulnerability enables an attacker to overwrite arbitrary files on the system, potentially leading to data integrity issues or furth...

CVE-2026-47324

ProjectsAndPrograms school-management-system is vulnerable to Stored XSS in multiple attributes of student and teacher objects. An authorized attacker (e.g., a teacher or administrator) can inject malicious JavaScript that executes in other users’ browsers. When chained with CVE-2025-11661 (unaut...

CVE-2026-35085

A remote attacker with user privileges can exploit a stack buffer overflow in gdv-serverconfig to gain full system access as root...

CVE-2026-35079

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

CVE-2026-35082

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...