These pages are published after PatchSiren validates generated defensive summaries against stored public CVE and source evidence.
The qSnapper dbus service before version 1.3.3 incorrectly cached authentication between different users, allowing any local attacker to use dbus functions after a privileged user has authenticated for them. This vulnerability has a CVSS score of 8.4 and is classified as HIGH severity. The CVE was published on 2026-06-22T16:16:35.413Z and modified on 2026-06-22T18:32:57.313Z. The vendor is listed as Unkno [truncated]
A high-severity vulnerability, CVE-2026-41048, was found in qSnapper, a tool for managing snapshots. The issue arises from incorrect caching of authentication between different polkit methods in qSnapper versions before 1.3.3. This flaw enables a local attacker to utilize functions like 'restore from snapshot' even if they are only permitted to 'delete snapshot'. The vulnerability has a CVSS score of 8.4, [truncated]
A path traversal attack when using a 'configName' parameter in qSnapper before version 1.3.3 allowed a local attacker to use malicious config files for snapper and so cause a denial of service or potentially escalate privileges to root. The vulnerability has a CVSS score of 7.3 and is classified as HIGH severity. The CVE was published on 2026-06-22T16:16:35.007Z and last modified on 2026-06-22T18:32:57.31 [truncated]
CVE-2026-41045 is a high-severity vulnerability in qSnapper before version 1.3.3. A time-to-check-time-of-use issue in polkit authentication allows local attackers to bypass qSnapper's authentication mechanism, potentially leading to unauthorized operations as the root user. The vulnerability has a CVSS score of 8.1 and is classified as HIGH. The CVE was published on June 22, 2026, and last modified on th [truncated]