CVE-2026-41489

Pi-hole is a DNS sinkhole that protects devices from unwanted content without installing any client-side software. From 6.0 to before Core 6.4.2 and FTL 6.6.1, two shell scripts executed as root by systemd pihole-FTL-prestart.sh and pihole-FTL-poststop.sh read the files.pid path from this config...

CVE-2026-34684

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-34645

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain...

CVE-2026-34653

Adobe Commerce versions 2.4.9-beta1, 2.4.8-p4, 2.4.7-p9, 2.4.6-p14, 2.4.5-p16, 2.4.4-p17 and earlier are affected by an Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability that could result in arbitrary file system read and write. An authenticated attacker...

CVE-2026-34683

Substance3D - Designer versions 15.1.0 and earlier are affected by an out-of-bounds write vulnerability that could result in arbitrary code execution in the context of the current user. Exploitation of this issue requires user interaction in that a victim must open a malicious file...

CVE-2026-28380

Any Editor could delete any snapshot, even if they have no access to read or write them...

CVE-2026-33377

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

CVE-2026-33377

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

CVE-2026-28380

Any Editor could delete any snapshot, even if they have no access to read or write them...

CVE-2026-28380 BAC in Snapshot API allows deletion of unauthorized dashboard snapshots

Any Editor could delete any snapshot, even if they have no access to read or write them...

CVE-2026-28380

The CVE-2026-28380 entry describes a broken access control flaw in the Snapshot API that lets Any Editor delete any dashboard snapshot, even without read/write permissions. Affected component is the Snapshot API used for managing dashboard snapshots; the underlying cause is insufficient authoriza...

CVE-2026-28380

Any Editor could delete any snapshot, even if they have no access to read or write them...

CVE-2026-33377 Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

CVE-2026-33377

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

CVE-2026-33377 Dashboard Import Overwrites ACL — Editor Privilege Escalation to Dashboard Admin

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

CVE-2026-33377

CVE-2026-33377 describes a vulnerability where an Editor can overwrite a dashboard not owned by them, escalating to admin on that specific dashboard. The user must have write access to the dashboard to perform the privilege escalation. This issue is tied to dashboard import behavior and ACL handl...

CVE-2026-33377

An Editor can overwrite a dashboard not owned by them to acquire admin on that specific dashboard. The user must have write access to the dashboard to escalate privilege...

EUVD-2026-30020

In the Linux kernel, the following vulnerability has been resolved: mmc: core: Avoid bitfield RMW for claim/retune flags Move claimed and retune control flags out of the bitfield word to avoid unrelated RMW side effects in asynchronous contexts. The host-claimed bit shared a word with retune flag...

EUVD-2026-29888

An issue in MongoDB Server's time-series collection implementation allows an authenticated user with database write privileges to trigger an out-of-bounds memory write in the mongod process. The issue results from an inconsistency in the internal field-name-to-index mapping within the time-series...

CLSA-2026-1778690104 exim: Fix of CVE-2026-40685

CVE-2026-40685: fix OOB heap write in dewrap when expanding header ending with stray backslash...