serverok.pl is a Fediverse instance that uses the ActivityPub protocol. In other words, users at this host can communicate with people that use software like Mastodon, Pleroma, Friendica, etc. all around the world.
This server runs the snac software and there is no automatic sign-up process.
📈 CVE Published in last days (2026-06-29 - 2026-06-29)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 195
- High: 612
- Medium: 729
- Low: 114
- None: 230
Status:
- : 68
- Analyzed: 534
- Awaiting Analysis: 109
- Deferred: 568
- Modified: 39
- Received: 443
- Rejected: 6
- Undergoing Analysis: 113
CISA KEVs:
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
- CISA-2026:0701 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0701)
Top CNAs:
- Chrome: 434
- VulnCheck: 177
- VulDB: 162
- Patchstack: 125
- Wordfence: 96
- GitHub, Inc.: 81
- N/A: 68
- Microsoft Corporation: 49
- IBM Corporation: 43
- Gitea Limited: 40
Top Affected Products:
- UNKNOWN: 1234
- Google Chrome: 401
- Geovision Inc. Geowebplayer: 16
- Imagemagick: 13
- Langflow: 11
- Nvidia Nemo Megatron Bridge: 11
- Adobe Coldfusion: 10
- Uvnc Ultravnc: 9
- Apache Activemq: 9
- Ibm Websphere Application Server: 8
Top EPSS Score:
- CVE-2026-27771 - 40.74 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-27771)
- CVE-2026-13773 - 3.41 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13773)
- CVE-2026-56413 - 3.08 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56413)
- CVE-2026-56415 - 3.07 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56415)
- CVE-2026-56782 - 3.02 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56782)
- CVE-2026-13545 - 2.71 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-13545)
- CVE-2026-58452 - 2.42 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58452)
- CVE-2026-58453 - 1.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58453)
- CVE-2026-56700 - 1.68 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-56700)
- CVE-2026-58457 - 1.67 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-58457)
🚨 Bad Epoll (CVE-2026-46242) has been identified as a notable vulnerability.
In the Linux kernel, the following vulnerability has been resolved:
eventpoll: fix ep_remove struct eventpoll / struct file UAF
ℹ️ Additional information on ZEN SecDB:
- BadEpoll: https://secdb.nttzen.cloud/updates/79198418-b310-4e40-80cd-d98ba3da0b2a/bad-epoll-vulnerability
- CVE details, sightings and advisories: https://secdb.nttzen.cloud/cve/detail/CVE-2026-46242
🚨 [CISA-2026:0701] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0701)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-45659 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-45659)
- Name: Microsoft SharePoint Server Deserialization of Untrusted Data Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Microsoft
- Product: SharePoint Server
- Notes: https://msrc.microsoft.com/update-guide/vulnerability/CVE-2026-45659 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-45659
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260701 #cisa20260701 #cve_2026_45659 #cve202645659
📈 CVE Published in last days (2026-06-01 - 2026-06-01)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 855
- High: 3079
- Medium: 2559
- Low: 534
- None: 684
Status:
- : 344
- Analyzed: 2815
- Awaiting Analysis: 562
- Deferred: 3102
- Modified: 173
- Received: 551
- Rejected: 49
- Undergoing Analysis: 115
CISA KEVs:
- CISA-2026:0601 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0601)
- CISA-2026:0602 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0602)
- CISA-2026:0603 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0603)
- CISA-2026:0605 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0605)
- CISA-2026:0608 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0608)
- CISA-2026:0609 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0609)
- CISA-2026:0611 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0611)
- CISA-2026:0612 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0612)
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
- CISA-2026:0623 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0623)
- CISA-2026:0625 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)
- CISA-2026:0629 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
Top CNAs:
- GitHub, Inc.: 1163
- Patchstack: 731
- VulnCheck: 612
- Chrome: 584
- kernel.org: 514
- VulDB: 468
- N/A: 344
- MITRE: 329
- Wordfence: 256
- Oracle: 242
Top Affected Products:
- UNKNOWN: 4698
- Google Chrome: 583
- Google Android: 118
- Microsoft Windows 11 26h1: 111
- Microsoft Windows Server 2025: 109
- Microsoft Windows 11 24h2: 105
- Microsoft Windows 11 25h2: 105
- Microsoft Windows Server 2022: 104
- Microsoft Windows 11 23h2: 99
- Microsoft Windows 10 22h2: 91
Top EPSS Score:
- CVE-2026-10520 - 98.94 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10520)
- CVE-2026-35273 - 92.33 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-35273)
- CVE-2026-20253 - 88.17 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20253)
- CVE-2026-48907 - 80.43 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48907)
- CVE-2026-50751 - 71.05 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50751)
- CVE-2026-49160 - 48.44 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-49160)
- CVE-2026-10523 - 47.19 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-10523)
- CVE-2026-20230 - 41.69 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20230)
- CVE-2026-0826 - 26.47 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-0826)
- CVE-2026-25089 - 23.39 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-25089)
🚨 DirtyClone (CVE-2026-43503)
In the Linux kernel, the following vulnerability has been resolved:
net: skbuff: propagate shared-frag marker through frag-transfer helpers
ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/updates/9a1828d5-6607-419b-b475-622a6c135aae/dirtyclone-vulnerability
#nttdata #zen #secdb
#infosec #dirtyclone #linux #lpe #cve202643503
🚨 [CISA-2026:0629] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0629)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-48558 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-48558)
- Name: SimpleHelp Authentication Bypass Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: SimpleHelp
- Product: SimpleHelp
- Notes: https://simple-help.com/security/simplehelp-security-update-2026-05 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-48558
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260629 #cisa20260629 #cve_2026_48558 #cve202648558
🚨 [CISA-2026:0625] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0625)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-12569 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12569)
- Name: PTC Windchill and FlexPLM Improper Input Validation Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: PTC
- Product: Windchill and FlexPLM
- Notes: https://www.ptc.com/en/support/article/CS473270 ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-12569
⚠️ CVE-2026-20230 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20230)
- Name: Cisco Unified Communications Manager Server-Side Request Forgery (SSRF) Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Unified Communications Manager
- Notes: https://www.cisco.com/c/en/us/support/docs/csa/cisco-sa-cucm-ssrf-cXPnHcW.html ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-20230
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260625 #cisa20260625 #cve_2026_12569 #cve_2026_20230 #cve202612569 #cve202620230
📈 CVE Published in last days (2026-06-15 - 2026-06-15)
See more at https://secdb.nttzen.cloud/dashboard
Total CVEs:
Severity:
- Critical: 374
- High: 827
- Medium: 471
- Low: 67
- None: 235
Status:
- : 204
- Analyzed: 394
- Awaiting Analysis: 88
- Deferred: 744
- Modified: 35
- Received: 417
- Rejected: 14
- Undergoing Analysis: 78
CISA KEVs:
- CISA-2026:0615 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
- CISA-2026:0616 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0616)
- CISA-2026:0618 (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0618)
Top CNAs:
- Patchstack: 489
- Oracle: 240
- N/A: 204
- VulnCheck: 202
- GitHub, Inc.: 133
- MITRE: 84
- Wordfence: 64
- VulDB: 49
- Mozilla Corporation: 44
- Google Devices: 39
Top Affected Products:
- UNKNOWN: 1471
- Google Android: 55
- Mozilla Thunderbird: 42
- Mozilla Firefox: 42
- Google Chrome: 33
- Oracle Webcenter Content: 32
- Openclaw: 27
- Oracle Jd Edwards Enterpriseone Tools: 14
- Oracle Enterprise Manager Base Platform: 14
- Oracle Weblogic Server: 13
Top EPSS Score:
- CVE-2026-11409 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11409)
- CVE-2026-11410 - 2.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11410)
- CVE-2026-12197 - 2.38 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12197)
- CVE-2026-53876 - 1.79 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-53876)
- CVE-2026-50871 - 1.57 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50871)
- CVE-2026-12223 - 1.53 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12223)
- CVE-2026-12219 - 1.52 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-12219)
- CVE-2026-38065 - 1.35 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-38065)
- CVE-2026-20262 - 1.15 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20262)
- CVE-2026-50874 - 1.12 % (https://secdb.nttzen.cloud/cve/detail/CVE-2026-50874)
"How do you do this?" And her answer was, "It's like I'm already dead."
Jeff Bridges, Bernie Glassman, The Dude and the Zen Master
#books #zen #bookstodon
🚨 [CISA-2026:0615] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0615)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-20262 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-20262)
- Name: Cisco Catalyst SD-WAN Manager Directory or Path Traversal Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Cisco
- Product: Catalyst SD-WAN Manager
- Notes: https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-sdwan-arbfw-c2rZvQ ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-20262
⚠️ CVE-2026-54420 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-54420)
- Name: LiteSpeed cPanel Plugin UNIX Symbolic Link (Symlink) Following Vulnerability
- Action: Apply mitigations in accordance with vendor instructions, ensuring compliance with CISA’s BOD 26-04 Prioritizing Security Updates Based on Risk (see URL in Notes) guidance and CISA’s “Forensics Triage Requirements” (see URL in Notes). Follow applicable BOD 26-04 guidance for cloud services or discontinue use of the product if mitigations are unavailable. Stakeholders are responsible for evaluating each asset's internet exposure and ensuring adherence to BOD 26-04 patching guidelines.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: LiteSpeed
- Product: cPanel Plugin
- Notes: https://blog.litespeedtech.com/2026/06/01/security-update-for-litespeed-cpanel-plugin-2/ ; BOD 26-04: https://www.cisa.gov/news-events/directives/bod-26-04-prioritizing-security-updates-based-risk ; Forensics Triage Requirements: https://www.cisa.gov/news-events/directives/bod-26-04-implementation-guidance-prioritizing-security-updates-based-risk ; https://nvd.nist.gov/vuln/detail/CVE-2026-54420
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260615 #cisa20260615 #cve_2026_20262 #cve_2026_54420 #cve202620262 #cve202654420
🚨 [CISA-2026:0609] CISA Adds 2 Known Exploited Vulnerabilities to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0609)
CISA has added 2 new vulnerabilities to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-11645 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-11645)
- Name: Google Chromium V8 Out-of-Bounds Read and Write Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Google
- Product: Chromium V8
- Notes: https://chromereleases.googleblog.com/2026/06/stable-channel-update-for-desktop_0153744567.html ; https://issues.chromium.org/issues/506689381 ; https://nvd.nist.gov/vuln/detail/CVE-2026-11645
⚠️ CVE-2026-7473 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-7473)
- Name: Arista Extensible Operating System Incomplete Comparison with Missing Factors Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Arista
- Product: Extensible Operating System
- Notes: https://www.arista.com/en/support/advisories-notices/security-advisory/24005-security-advisory-0137 ; https://nvd.nist.gov/vuln/detail/CVE-2026-7473
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260609 #cisa20260609 #cve_2026_11645 #cve_2026_7473 #cve202611645 #cve20267473
"Let's say my fingers ache. What do I do? I can take Advil; I can also give myself a little injection of heroin."
Jeff Bridges and Bernie Glassman, The Dude and the Zen Master
#zen #buddhism #mindfulness #books #bookstodon
🚨 [CISA-2026:0529] CISA Adds One Known Exploited Vulnerability to Catalog (https://secdb.nttzen.cloud/security-advisory/detail/CISA-2026:0529)
CISA has added one new vulnerability to its Known Exploited Vulnerabilities Catalog, based on evidence of active exploitation. These types of vulnerabilities are a frequent attack vector for malicious cyber actors and pose significant risk to the federal enterprise.
⚠️ CVE-2026-0257 (https://secdb.nttzen.cloud/cve/detail/CVE-2026-0257)
- Name: Palo Alto Networks PAN-OS Authentication Bypass Vulnerability
- Action: Apply mitigations per vendor instructions, follow applicable BOD 22-01 guidance for cloud services, or discontinue use of the product if mitigations are unavailable.
- Known To Be Used in Ransomware Campaigns? Unknown
- Vendor: Palo Alto Networks
- Product: PAN-OS
- Notes: https://security.paloaltonetworks.com/CVE-2026-0257 ; https://nvd.nist.gov/vuln/detail/CVE-2026-0257
#ZEN #SecDB #InfoSec #CVE #CISA_KEV #cisa_20260529 #cisa20260529 #cve_2026_0257 #cve20260257
Shunryū Suzuki, who died OTD in 1971, helped popularize #Zen #Buddhism in the United States, and founded the first Buddhist monastery outside Asia https://cromwell-intl.com/travel/japan/kamakura/tokei-ji.html?s=mb #travel #Japan
🚨 CVE-2026-45185 (Dead.Letter)
Exim before 4.99.3, in certain GnuTLS configurations, has a remotely reachable use-after-free in the BDAT body parsing path. It is triggered when a client sends a TLS close_notify mid-body during a CHUNKING transfer, followed by a final cleartext byte on the same TCP connection. This can lead to heap corruption. An unauthenticated network attacker exploiting this vulnerability could execute arbitrary code.
ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-45185
#nttdata #zen #secdb #infosec
#deadletter #cve202645185 #exim #gnutls
🚨 CVE-2026-41651 (Pack2TheRoot)
PackageKit vulnerable to TOCTOU Race on Transaction Flags leads to arbitrary package installation as root
PackageKit is a a D-Bus abstraction layer that allows the user to manage packages in a secure way using a cross-distro, cross-architecture API. PackageKit between and including versions 1.0.2 and 1.3.4 is vulnerable to a time-of-check time-of-use (TOCTOU) race condition on transaction flags that allows unprivileged users to install packages as root and thus leads to a local privilege escalation. This is patched in version 1.3.5.
ℹ️ Additional info on ZEN SecDB https://secdb.nttzen.cloud/cve/detail/CVE-2026-41651
#nttdata #zen #secdb #infosec
#pack2theroot #cve2026411651 #packagekit #toctou
RE: https://floss.social/@downey/116337415720027032
Yet another reason to continue using #Firefox, #Librewolf, #Zen, etc.
#WritersCoffeeClub 3/24. Do you have a writerly "third place"?
I prefer my “third place” to be a state of giggles or zen mindfulness on a weekday afternoon.
Location is flexible. ❤️🔥
🚨 CVE-2026-24291 (RegPwn)
Windows Accessibility Infrastructure (ATBroker.exe) Elevation of Privilege Vulnerability
Incorrect permission assignment for critical resource in Windows Accessibility Infrastructure (ATBroker.exe) allows an authorized attacker to elevate privileges locally.