CVE Brief Security Intelligence

A remote code execution vulnerability exists in the Dell OpenManage Integration gateway plugin for Windows Admin Center, allowing for privilege escalation and arbitrary code execution.

A tenant-isolation bypass vulnerability exists in the V1 collection-level endpoints of the ChromaDB Python project.

A vulnerability in OpenClaw for Linux and macOS allows attackers to bypass argument pattern validation, enabling the execution of disallowed arguments in allowlisted executables.

A Time-Based Blind SQL Injection vulnerability exists in the alias_management module of the OpenSIPS Control Panel.

An input validation vulnerability in the SSH Elevate Shell feature of Devolutions Remote Desktop Manager 2026 allows for potential security compromise.

A use-after-free vulnerability exists in the Linux kernel's Bluetooth subsystem during SSP passkey handling.

A network-level vulnerability exists in SUSE Harvester that affects the communication between SUSE Virtualization and the Rancher Manager.

A command injection vulnerability in Managed Ethernet Switches allows low-privileged attackers to achieve full system compromise.

A flaw in the Linux kernel's IPv4 ICMP implementation fails to validate reply types, potentially leading to memory corruption or instability.

An integer overflow vulnerability in the Pacemaker CIB remote listener allows unauthenticated remote attackers to trigger memory corruption and denial of service.

A vulnerability in yeoman-environment allows for arbitrary package installation and code execution when processing attacker-controlled configuration without user confirmation.

A vulnerability in the device webserver allows unauthenticated attackers to exploit a hardcoded constant token for REST API access, leading to command execution and configuration modification.

A privilege escalation vulnerability exists in the Graphics: WebRender component of Mozilla products, which can be triggered remotely via user interaction.

A SQL injection vulnerability in the "WP Sessions Time Monitoring Full Automatic" plugin allows for unauthorized database interaction.

Incorrect access control in statping-ng v0.93.0 allows attackers to escalate privileges to Administrator, providing unauthorized access to sensitive application components.

The wicked DHCP client is vulnerable to the processing of unsanitized strings from DHCP replies, potentially leading to system compromise.

An authorization bypass vulnerability exists in OpenClaw that allows paired devices to regain unauthorized WebSocket node-level access after token revocation.

A vulnerability within the Moby open-source container framework potentially exposes containerized environments to unauthorized access or execution risks.

The Frontier X2 device is vulnerable to unauthenticated Bluetooth Low Energy (BLE) read/write operations, allowing unauthorized access to critical device characteristics.

A path traversal vulnerability in the Altium Enterprise Server Vault Service UploadController allows authenticated users to write arbitrary files to the server filesystem.

A broken access control vulnerability in ChromaDB allows authenticated users to perform unauthorized data operations across different tenants.

The SimpleRBACAuthorizationProvider in ChromaDB fails to validate the target tenant or collection, leading to cross-tenant authorization bypass.

A code injection vulnerability in ChromaDB allows authenticated attackers to execute arbitrary code by supplying a malicious model repository.

A command injection vulnerability in the Kitty terminal emulator allows for arbitrary code execution via malicious escape sequences.

A local privilege escalation vulnerability in the Kandji Agent allows attackers to invoke restricted functionality through a client validation gap.

A high-severity vulnerability exists in Forem, an open-source platform for building communities, requiring immediate investigation and patching.