| CVE |
Vendors |
Products |
Updated |
CVSS v3.1 |
| Dell Unisphere for PowerMax, version(s) 10.3.0.5 and prior, contain(s) a Deserialization of Untrusted Data vulnerability. A low privileged attacker with remote access could potentially exploit this vulnerability, leading to arbitrary command execution with root privileges. |
| In JetBrains YouTrack before 2026.2.17012 cSS injection via Mermaid diagram rendering was possible |
| In JetBrains IntelliJ IDEA before 2026.1.4,
2026.2 code execution via path traversal in project workspace ID handling was possible |
| In JetBrains TeamCity before 2026.1.2 stored XSS on the cloud profile page was possible via agent-reported data |
| In JetBrains TeamCity before 2026.1.2 pipeline modification was possible due to improper permission checks |
| Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| NVIDIA TensorRT contains a vulnerability where an attacker might cause an overflow to a heap-based buffer. A successful exploit of this vulnerability might lead to code execution. |
| Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe cases, may lead to a Denial of Service (DoS) on the system.
Refer to the '
Security Update for ASUS System Control Interface ' section on the ASUS Security Advisory for more information. |
| A flaw was found in GNU Coreutils. The sort utility's begfield() function is vulnerable to a heap buffer under-read. The program may access memory outside the allocated buffer if a user runs a crafted command using the traditional key format. A malicious input could lead to a crash or leak sensitive data. |
| A flaw was found in libcap. A local unprivileged user can exploit a Time-of-check-to-time-of-use (TOCTOU) race condition in the `cap_set_file()` function. This allows an attacker with write access to a parent directory to redirect file capability updates to an attacker-controlled file. By doing so, capabilities can be injected into or stripped from unintended executables, leading to privilege escalation. |
| Out-of-bounds read vulnerability in the image codec module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Permission bypass vulnerability in the card module. Impact: Successful exploitation of this vulnerability may affect availability. |
| Permission control vulnerability in the Settings module. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Design defect vulnerability in Expedition mode. Impact: Successful exploitation of this vulnerability may affect availability. |
| A flaw was found in CRI-O. The fix for a previous vulnerability (CVE-2022-4318) was incorrect, allowing it to be bypassed. An attacker capable of setting environment variables on a container can inject a newline character into the HOME environment variable. This issue allows the addition of arbitrary lines into /etc/passwd by use of a specially crafted environment variable. |
| A flaw was found in samba's pam_winbind. When mkhomedir is enabled, pam_winbind chowns the target account's home directory without validating the path is not a critical system directory such as /. On affected systems, accounts with / as their home directory (a common default for system accounts) can have this triggered not only by root, but by a non-root user holding a narrow sudo delegation to run commands as that account, causing ownership of / to change and resulting in severe denial of service (SSH, sudo, and package-manager failures). The change does not grant write access to / (which ships with restrictive 0555 permissions on RHEL), so the impact is availability loss rather than further privilege escalation. |
| Permission control vulnerability in the Bluetooth module. Impact: Successful exploitation of this vulnerability may affect availability. |
| Permission control vulnerability in the file system. Impact: Successful exploitation of this vulnerability may affect service confidentiality. |
| Milestone
has released a new version of XProtect® (and several cumulative patch updates)
which fix security vulnerability in Management Server API.
The vulnerability
causes users with edit permissions to the Management Server to be able to
execute arbitrary code in context of the Management Server Service. |
| DoS vulnerability in the vibration service. Impact: Successful exploitation of this vulnerability may affect availability. |