Search
Find a vulnerability
Search criteria
28 vulnerabilities by TUBITAK BILGEM Software Technologies Research Institute
CVE-2026-9085 (GCVE-0-2026-9085)
Vulnerability from nvd – Published: 2026-07-05 14:38 – Updated: 2026-07-05 14:38
VLAI
Title
DNS Hijacking in TUBITAK BILGEM's Pardus-Parental-Control
Summary
Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing.
This issue affects Pardus-Parental-Control: from <=0.5.1 before 0.7.0.
Severity
8.8 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus-Parental-Control |
Affected:
<=0.5.1 , < 0.7.0
(custom)
|
Date Public
2026-07-05 14:35
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus-Parental-Control",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "0.7.0",
"status": "affected",
"version": "\u003c=0.5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mehmet DEM\u0130R"
}
],
"datePublic": "2026-07-05T14:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing.\u003cp\u003eThis issue affects Pardus-Parental-Control: from \u0026lt;=0.5.1 before 0.7.0.\u003c/p\u003e"
}
],
"value": "Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing.\n\nThis issue affects Pardus-Parental-Control: from \u003c=0.5.1 before 0.7.0."
}
],
"impacts": [
{
"capecId": "CAPEC-598",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-598 DNS Spoofing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T14:38:02.152Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0500"
}
],
"source": {
"advisory": "TR-26-0500",
"defect": [
"TR-26-0500"
],
"discovery": "UNKNOWN"
},
"title": "DNS Hijacking in TUBITAK BILGEM\u0027s Pardus-Parental-Control",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-9085",
"datePublished": "2026-07-05T14:38:02.152Z",
"dateReserved": "2026-05-20T14:26:02.795Z",
"dateUpdated": "2026-07-05T14:38:02.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6509 (GCVE-0-2026-6509)
Vulnerability from nvd – Published: 2026-07-05 14:48 – Updated: 2026-07-05 14:48
VLAI
Title
Privilege Escalation in TUBITAK BILGEM's Pardus Update
Summary
Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation.
This issue affects Pardus Update: from <=0.6.3 before 0.6.6.
Severity
7.8 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus Update |
Affected:
<=0.6.3 , < 0.6.6
(custom)
|
Date Public
2026-07-05 14:39
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus Update",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "0.6.6",
"status": "affected",
"version": "\u003c=0.6.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mehmet DEM\u0130R"
}
],
"datePublic": "2026-07-05T14:39:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation.\u003cp\u003eThis issue affects Pardus Update: from \u0026lt;=0.6.3 before 0.6.6.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation.\n\nThis issue affects Pardus Update: from \u003c=0.6.3 before 0.6.6."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T14:48:43.725Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0501"
}
],
"source": {
"advisory": "TR-26-0501",
"defect": [
"TR-26-0501"
],
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation in TUBITAK BILGEM\u0027s Pardus Update",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-6509",
"datePublished": "2026-07-05T14:48:43.725Z",
"dateReserved": "2026-04-17T11:33:53.261Z",
"dateUpdated": "2026-07-05T14:48:43.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12386 (GCVE-0-2026-12386)
Vulnerability from nvd – Published: 2026-07-05 14:31 – Updated: 2026-07-05 14:31
VLAI
Title
Buffer Overflow in TUBITAK BILGEM's Pardus Pen
Summary
Improper null termination vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Pen allows Overflow Buffers.
This issue affects Pardus Pen: from <=4.1.5 before 4.2.1.
Severity
CWE
- CWE-170 - Improper null termination
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus Pen |
Affected:
<=4.1.5 , < 4.2.1
(custom)
|
Date Public
2026-07-05 14:28
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus Pen",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "4.2.1",
"status": "affected",
"version": "\u003c=4.1.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammed KAYA"
}
],
"datePublic": "2026-07-05T14:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper null termination vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Pen allows Overflow Buffers.\u003cp\u003eThis issue affects Pardus Pen: from \u0026lt;=4.1.5 before 4.2.1.\u003c/p\u003e"
}
],
"value": "Improper null termination vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Pen allows Overflow Buffers.\n\nThis issue affects Pardus Pen: from \u003c=4.1.5 before 4.2.1."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170 Improper null termination",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T14:31:47.467Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0499"
}
],
"source": {
"advisory": "TR-26-0499",
"defect": [
"TR-26-0499"
],
"discovery": "UNKNOWN"
},
"title": "Buffer Overflow in TUBITAK BILGEM\u0027s Pardus Pen",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-12386",
"datePublished": "2026-07-05T14:31:47.467Z",
"dateReserved": "2026-06-16T11:12:47.226Z",
"dateUpdated": "2026-07-05T14:31:47.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12250 (GCVE-0-2026-12250)
Vulnerability from nvd – Published: 2026-07-05 14:27 – Updated: 2026-07-05 14:27
VLAI
Title
Sensitive Data Exposure in TUBITAK BILGEM's Pardus Domain Joiner
Summary
Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation.
This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4.
Severity
7.9 (High)
CWE
- CWE-214 - Invocation of process using visible sensitive information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus Domain Joiner |
Affected:
0.5.2 , < 0.5.4
(custom)
|
Date Public
2026-07-05 14:21
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus Domain Joiner",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "0.5.4",
"status": "affected",
"version": "0.5.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tacettin KARADEN\u0130Z"
}
],
"datePublic": "2026-07-05T14:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation.\u003cp\u003eThis issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4.\u003c/p\u003e"
}
],
"value": "Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation.\n\nThis issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4."
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116 Excavation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-214",
"description": "CWE-214 Invocation of process using visible sensitive information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T14:27:28.637Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0498"
}
],
"source": {
"advisory": "TR-26-0498",
"defect": [
"TR-26-0498"
],
"discovery": "UNKNOWN"
},
"title": "Sensitive Data Exposure in TUBITAK BILGEM\u0027s Pardus Domain Joiner",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-12250",
"datePublished": "2026-07-05T14:27:28.637Z",
"dateReserved": "2026-06-15T08:02:29.252Z",
"dateUpdated": "2026-07-05T14:27:28.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14460 (GCVE-0-2026-14460)
Vulnerability from nvd – Published: 2026-07-03 14:14 – Updated: 2026-07-03 14:14
VLAI
Title
Missing Authorization in TUBITAK BILGEM's pardus-software
Summary
Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.
This issue affects pardus-software: from <= 1.0.4 before 1.0.5.
Severity
8.8 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | pardus-software |
Affected:
<= 1.0.4 , < 1.0.5
(custom)
|
Date Public
2026-07-03 14:10
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pardus-software",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "1.0.5",
"status": "affected",
"version": "\u003c= 1.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kerem Kaan DASMAZ"
}
],
"datePublic": "2026-07-03T14:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.\u003cp\u003eThis issue affects pardus-software: from \u0026lt;= 1.0.4 before 1.0.5.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.\n\nThis issue affects pardus-software: from \u003c= 1.0.4 before 1.0.5."
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6 Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T14:14:11.752Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0497"
}
],
"source": {
"advisory": "TR-26-0497",
"defect": [
"TR-26-0497"
],
"discovery": "UNKNOWN"
},
"title": "Missing Authorization in TUBITAK BILGEM\u0027s pardus-software",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-14460",
"datePublished": "2026-07-03T14:14:11.752Z",
"dateReserved": "2026-07-02T08:47:10.200Z",
"dateUpdated": "2026-07-03T14:14:11.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14459 (GCVE-0-2026-14459)
Vulnerability from nvd – Published: 2026-07-03 14:09 – Updated: 2026-07-03 14:09
VLAI
Title
Argument Injection in TUBITAK BILGEM's pardus-software
Summary
Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.
This issue affects pardus-software: from <= 1.0.4 before 1.0.5.
Severity
8.8 (High)
CWE
- CWE-88 - Improper neutralization of argument delimiters in a command ('argument injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | pardus-software |
Affected:
<= 1.0.4 , < 1.0.5
(custom)
|
Date Public
2026-07-03 14:06
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pardus-software",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "1.0.5",
"status": "affected",
"version": "\u003c= 1.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kerem Kaan DASMAZ"
}
],
"datePublic": "2026-07-03T14:06:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper neutralization of argument delimiters in a command (\u0027argument injection\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.\u003cp\u003eThis issue affects pardus-software: from \u0026lt;= 1.0.4 before 1.0.5.\u003c/p\u003e"
}
],
"value": "Improper neutralization of argument delimiters in a command (\u0027argument injection\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.\n\nThis issue affects pardus-software: from \u003c= 1.0.4 before 1.0.5."
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6 Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper neutralization of argument delimiters in a command (\u0027argument injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T14:09:38.691Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0497"
}
],
"source": {
"advisory": "TR-26-0497",
"defect": [
"TR-26-0497"
],
"discovery": "UNKNOWN"
},
"title": "Argument Injection in TUBITAK BILGEM\u0027s pardus-software",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-14459",
"datePublished": "2026-07-03T14:09:38.691Z",
"dateReserved": "2026-07-02T08:47:08.143Z",
"dateUpdated": "2026-07-03T14:09:38.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6508 (GCVE-0-2026-6508)
Vulnerability from nvd – Published: 2026-05-07 11:47 – Updated: 2026-05-07 14:57
VLAI
Title
RCE in TUBITAK BILGEM's Liderahenk
Summary
Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Liderahenk: from 2.0.1 before 2.0.2.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Liderahenk |
Affected:
2.0.1 , < 2.0.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T14:46:54.923644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T14:57:31.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Liderahenk",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "2.0.2",
"status": "affected",
"version": "2.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mehmet DEM\u0130R"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Liderahenk: from 2.0.1 before 2.0.2.\u003c/p\u003e"
}
],
"value": "Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Liderahenk: from 2.0.1 before 2.0.2."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T11:47:28.064Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0181"
}
],
"source": {
"advisory": "TR-26-0181",
"defect": [
"TR-26-0181"
],
"discovery": "UNKNOWN"
},
"title": "RCE in TUBITAK BILGEM\u0027s Liderahenk",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-6508",
"datePublished": "2026-05-07T11:47:28.064Z",
"dateReserved": "2026-04-17T11:32:23.375Z",
"dateUpdated": "2026-05-07T14:57:31.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6849 (GCVE-0-2026-6849)
Vulnerability from nvd – Published: 2026-04-29 14:42 – Updated: 2026-06-06 07:45
VLAI
Title
OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer
Summary
Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection.
This issue affects Pardus OS My Computer: from <=0.7.5 before 0.8.0.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0131 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus OS My Computer |
Affected:
<=0.7.5 , < 0.8.0
(custom)
|
Date Public
2026-04-29 14:36
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T15:35:34.305356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T15:35:39.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus OS My Computer",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "0.8.0",
"status": "affected",
"version": "\u003c=0.7.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Osman Can VURAL"
}
],
"datePublic": "2026-04-29T14:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection.\u003cp\u003eThis issue affects Pardus OS My Computer: from \u0026lt;=0.7.5 before 0.8.0.\u003c/p\u003e"
}
],
"value": "Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection.\n\nThis issue affects Pardus OS My Computer: from \u003c=0.7.5 before 0.8.0."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T07:45:47.301Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0131"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0131"
}
],
"source": {
"advisory": "TR-26-0131",
"defect": [
"TR-26-0131"
],
"discovery": "UNKNOWN"
},
"title": "OS Command Injection in TUBITAK BILGEM\u0027s Pardus OS My Computer",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-6849",
"datePublished": "2026-04-29T14:42:29.339Z",
"dateReserved": "2026-04-22T08:58:42.292Z",
"dateUpdated": "2026-06-06T07:45:47.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5166 (GCVE-0-2026-5166)
Vulnerability from nvd – Published: 2026-04-29 14:33 – Updated: 2026-06-06 07:47
VLAI
Title
Path Traversal in TUBITAK BILGEM's Pardus Software Center
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal.
This issue affects Pardus Software Center: before 0.6.4.
Severity
9.6 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0131 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus Software Center |
Affected:
0 , < 0.6.4
(custom)
|
Date Public
2026-04-29 14:28
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T15:35:55.611035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T15:36:01.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus Software Center",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "0.6.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u00c7a\u011fr\u0131 ESER"
}
],
"datePublic": "2026-04-29T14:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal.\u003cp\u003eThis issue affects Pardus Software Center: before 0.6.4.\u003c/p\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal.\n\nThis issue affects Pardus Software Center: before 0.6.4."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T07:47:09.301Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0131"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0131"
}
],
"source": {
"advisory": "TR-26-0131",
"defect": [
"TR-26-0131"
],
"discovery": "UNKNOWN"
},
"title": "Path Traversal in TUBITAK BILGEM\u0027s Pardus Software Center",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-5166",
"datePublished": "2026-04-29T14:33:34.786Z",
"dateReserved": "2026-03-30T14:54:13.083Z",
"dateUpdated": "2026-06-06T07:47:09.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5161 (GCVE-0-2026-5161)
Vulnerability from nvd – Published: 2026-04-29 14:27 – Updated: 2026-06-06 07:48
VLAI
Title
Improper Authentication in TUBITAK BILGEM's Pardus About
Summary
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack.
This issue affects Pardus About: before 1.2.2.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-59 - Improper link resolution before file access ('link following')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0131 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus About |
Affected:
0 , < 1.2.2
(custom)
|
Date Public
2026-04-29 14:20
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T14:47:02.370924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T14:53:02.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus About",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u00c7a\u011fr\u0131 ESER"
}
],
"datePublic": "2026-04-29T14:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper link resolution before file access (\u0027link following\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack.\u003cp\u003eThis issue affects Pardus About: before 1.2.2.\u003c/p\u003e"
}
],
"value": "Improper link resolution before file access (\u0027link following\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack.\n\nThis issue affects Pardus About: before 1.2.2."
}
],
"impacts": [
{
"capecId": "CAPEC-132",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-132 Symlink Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper link resolution before file access (\u0027link following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T07:48:36.530Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0131"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0131"
}
],
"source": {
"advisory": "TR-26-0131",
"defect": [
"TR-26-0131"
],
"discovery": "UNKNOWN"
},
"title": "Improper Authentication in TUBITAK BILGEM\u0027s Pardus About",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-5161",
"datePublished": "2026-04-29T14:27:21.690Z",
"dateReserved": "2026-03-30T14:30:28.693Z",
"dateUpdated": "2026-06-06T07:48:36.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5141 (GCVE-0-2026-5141)
Vulnerability from nvd – Published: 2026-04-29 14:18 – Updated: 2026-06-06 07:50
VLAI
Title
Improper Access Control in TUBITAK BILGEM's Pardus Software Center
Summary
Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process.
This issue affects Pardus Software Center: from 1.0.2 before 1.0.3.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0131 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus Software Center |
Affected:
1.0.2 , < 1.0.3
(custom)
|
Date Public
2026-04-29 14:09
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T15:05:44.609262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T15:22:47.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus Software Center",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "1.0.3",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u00c7a\u011fr\u0131 ESER"
}
],
"datePublic": "2026-04-29T14:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process.\u003cp\u003eThis issue affects Pardus Software Center: from 1.0.2 before 1.0.3.\u003c/p\u003e"
}
],
"value": "Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process.\n\nThis issue affects Pardus Software Center: from 1.0.2 before 1.0.3."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect privilege assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T07:50:06.915Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0131"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0131"
}
],
"source": {
"advisory": "TR-26-0131",
"defect": [
"TR-26-0131"
],
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in TUBITAK BILGEM\u0027s Pardus Software Center",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-5141",
"datePublished": "2026-04-29T14:18:00.642Z",
"dateReserved": "2026-03-30T11:59:12.951Z",
"dateUpdated": "2026-06-06T07:50:06.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5140 (GCVE-0-2026-5140)
Vulnerability from nvd – Published: 2026-04-29 13:02 – Updated: 2026-06-06 07:51
VLAI
Title
Authorization Bypass in TUBITAK BILGEM's Pardus Update
Summary
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass.
This issue affects Pardus Update: from 0.6.3 before 0.6.4.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-93 - Improper neutralization of CRLF sequences ('CRLF injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0131 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus Update |
Affected:
0.6.3 , < 0.6.4
(custom)
|
Date Public
2026-04-29 12:43
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T14:04:24.354607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T14:04:35.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus Update",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "0.6.4",
"status": "affected",
"version": "0.6.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u00c7a\u011fr\u0131 ESER"
}
],
"datePublic": "2026-04-29T12:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper neutralization of CRLF sequences (\u0027CRLF injection\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass.\u003cp\u003eThis issue affects Pardus Update: from 0.6.3 before 0.6.4.\u003c/p\u003e"
}
],
"value": "Improper neutralization of CRLF sequences (\u0027CRLF injection\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass.\n\nThis issue affects Pardus Update: from 0.6.3 before 0.6.4."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93 Improper neutralization of CRLF sequences (\u0027CRLF injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T07:51:25.691Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0131"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0131"
}
],
"source": {
"advisory": "TR-26-0131",
"defect": [
"TR-26-0131"
],
"discovery": "UNKNOWN"
},
"title": "Authorization Bypass in TUBITAK BILGEM\u0027s Pardus Update",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-5140",
"datePublished": "2026-04-29T13:02:08.216Z",
"dateReserved": "2026-03-30T11:35:18.026Z",
"dateUpdated": "2026-06-06T07:51:25.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2339 (GCVE-0-2026-2339)
Vulnerability from nvd – Published: 2026-03-10 12:39 – Updated: 2026-06-06 07:54
VLAI
Title
RCE in TUBITAK BILGEM's Liderahenk
Summary
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.
This issue affects Liderahenk: before 3.5.1.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0087 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Liderahenk |
Affected:
0 , < 3.5.1
(custom)
|
Date Public
2026-03-10 12:16
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T13:33:30.777074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T13:33:36.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Liderahenk",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "3.5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Edip ALHAZOUR\u0130"
}
],
"datePublic": "2026-03-10T12:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.\u003cp\u003eThis issue affects Liderahenk: before 3.5.1.\u003c/p\u003e"
}
],
"value": "Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.\n\nThis issue affects Liderahenk: before 3.5.1."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
},
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
},
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T07:54:39.155Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0087"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0087"
}
],
"source": {
"advisory": "TR-26-0087",
"defect": [
"TR-26-0087"
],
"discovery": "UNKNOWN"
},
"title": "RCE in TUBITAK BILGEM\u0027s Liderahenk",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-2339",
"datePublished": "2026-03-10T12:39:12.987Z",
"dateReserved": "2026-02-11T11:41:37.455Z",
"dateUpdated": "2026-06-06T07:54:39.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7706 (GCVE-0-2025-7706)
Vulnerability from nvd – Published: 2026-02-17 13:22 – Updated: 2026-06-05 13:41
VLAI
Title
Improper Access Control in TUBITAK BILGEM's Liderahenk
Summary
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion.
This issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0069 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Liderahenk |
Affected:
3.0.0 to 3.3.1 , < 3.5.0
(custom)
|
Date Public
2026-02-17 13:12
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:03:30.379272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:04:30.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Liderahenk",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "3.5.0",
"status": "affected",
"version": "3.0.0 to 3.3.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Edip ALHAZOUR\u0130"
}
],
"datePublic": "2026-02-17T13:12:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion.\u003cp\u003eThis issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0.\u003c/p\u003e"
}
],
"value": "Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion.\n\nThis issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T13:41:30.965Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0069"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0069"
}
],
"source": {
"advisory": "TR-26-0069",
"defect": [
"TR-26-0069"
],
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in TUBITAK BILGEM\u0027s Liderahenk",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-7706",
"datePublished": "2026-02-17T13:22:54.033Z",
"dateReserved": "2025-07-16T12:31:34.903Z",
"dateUpdated": "2026-06-05T13:41:30.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6509 (GCVE-0-2026-6509)
Vulnerability from cvelistv5 – Published: 2026-07-05 14:48 – Updated: 2026-07-05 14:48
VLAI
Title
Privilege Escalation in TUBITAK BILGEM's Pardus Update
Summary
Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation.
This issue affects Pardus Update: from <=0.6.3 before 0.6.6.
Severity
7.8 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus Update |
Affected:
<=0.6.3 , < 0.6.6
(custom)
|
Date Public
2026-07-05 14:39
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus Update",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "0.6.6",
"status": "affected",
"version": "\u003c=0.6.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mehmet DEM\u0130R"
}
],
"datePublic": "2026-07-05T14:39:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation.\u003cp\u003eThis issue affects Pardus Update: from \u0026lt;=0.6.3 before 0.6.6.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Privilege Escalation.\n\nThis issue affects Pardus Update: from \u003c=0.6.3 before 0.6.6."
}
],
"impacts": [
{
"capecId": "CAPEC-233",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-233 Privilege Escalation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 7.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T14:48:43.725Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0501"
}
],
"source": {
"advisory": "TR-26-0501",
"defect": [
"TR-26-0501"
],
"discovery": "UNKNOWN"
},
"title": "Privilege Escalation in TUBITAK BILGEM\u0027s Pardus Update",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-6509",
"datePublished": "2026-07-05T14:48:43.725Z",
"dateReserved": "2026-04-17T11:33:53.261Z",
"dateUpdated": "2026-07-05T14:48:43.725Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-9085 (GCVE-0-2026-9085)
Vulnerability from cvelistv5 – Published: 2026-07-05 14:38 – Updated: 2026-07-05 14:38
VLAI
Title
DNS Hijacking in TUBITAK BILGEM's Pardus-Parental-Control
Summary
Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing.
This issue affects Pardus-Parental-Control: from <=0.5.1 before 0.7.0.
Severity
8.8 (High)
CWE
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus-Parental-Control |
Affected:
<=0.5.1 , < 0.7.0
(custom)
|
Date Public
2026-07-05 14:35
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus-Parental-Control",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "0.7.0",
"status": "affected",
"version": "\u003c=0.5.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mehmet DEM\u0130R"
}
],
"datePublic": "2026-07-05T14:35:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing.\u003cp\u003eThis issue affects Pardus-Parental-Control: from \u0026lt;=0.5.1 before 0.7.0.\u003c/p\u003e"
}
],
"value": "Incorrect Permission Assignment for Critical Resource, Improper Access Control vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus-Parental-Control allows DNS Spoofing.\n\nThis issue affects Pardus-Parental-Control: from \u003c=0.5.1 before 0.7.0."
}
],
"impacts": [
{
"capecId": "CAPEC-598",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-598 DNS Spoofing"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-732",
"description": "CWE-732 Incorrect Permission Assignment for Critical Resource",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T14:38:02.152Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0500"
}
],
"source": {
"advisory": "TR-26-0500",
"defect": [
"TR-26-0500"
],
"discovery": "UNKNOWN"
},
"title": "DNS Hijacking in TUBITAK BILGEM\u0027s Pardus-Parental-Control",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-9085",
"datePublished": "2026-07-05T14:38:02.152Z",
"dateReserved": "2026-05-20T14:26:02.795Z",
"dateUpdated": "2026-07-05T14:38:02.152Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12386 (GCVE-0-2026-12386)
Vulnerability from cvelistv5 – Published: 2026-07-05 14:31 – Updated: 2026-07-05 14:31
VLAI
Title
Buffer Overflow in TUBITAK BILGEM's Pardus Pen
Summary
Improper null termination vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Pen allows Overflow Buffers.
This issue affects Pardus Pen: from <=4.1.5 before 4.2.1.
Severity
CWE
- CWE-170 - Improper null termination
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus Pen |
Affected:
<=4.1.5 , < 4.2.1
(custom)
|
Date Public
2026-07-05 14:28
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus Pen",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "4.2.1",
"status": "affected",
"version": "\u003c=4.1.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Muhammed KAYA"
}
],
"datePublic": "2026-07-05T14:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper null termination vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Pen allows Overflow Buffers.\u003cp\u003eThis issue affects Pardus Pen: from \u0026lt;=4.1.5 before 4.2.1.\u003c/p\u003e"
}
],
"value": "Improper null termination vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Pen allows Overflow Buffers.\n\nThis issue affects Pardus Pen: from \u003c=4.1.5 before 4.2.1."
}
],
"impacts": [
{
"capecId": "CAPEC-100",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-100 Overflow Buffers"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "LOW",
"baseScore": 3.9,
"baseSeverity": "LOW",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:L/I:N/A:L",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-170",
"description": "CWE-170 Improper null termination",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T14:31:47.467Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0499"
}
],
"source": {
"advisory": "TR-26-0499",
"defect": [
"TR-26-0499"
],
"discovery": "UNKNOWN"
},
"title": "Buffer Overflow in TUBITAK BILGEM\u0027s Pardus Pen",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-12386",
"datePublished": "2026-07-05T14:31:47.467Z",
"dateReserved": "2026-06-16T11:12:47.226Z",
"dateUpdated": "2026-07-05T14:31:47.467Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-12250 (GCVE-0-2026-12250)
Vulnerability from cvelistv5 – Published: 2026-07-05 14:27 – Updated: 2026-07-05 14:27
VLAI
Title
Sensitive Data Exposure in TUBITAK BILGEM's Pardus Domain Joiner
Summary
Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation.
This issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4.
Severity
7.9 (High)
CWE
- CWE-214 - Invocation of process using visible sensitive information
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus Domain Joiner |
Affected:
0.5.2 , < 0.5.4
(custom)
|
Date Public
2026-07-05 14:21
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus Domain Joiner",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "0.5.4",
"status": "affected",
"version": "0.5.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Tacettin KARADEN\u0130Z"
}
],
"datePublic": "2026-07-05T14:21:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation.\u003cp\u003eThis issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4.\u003c/p\u003e"
}
],
"value": "Invocation of process using visible sensitive information vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Domain Joiner allows Excavation.\n\nThis issue affects Pardus Domain Joiner: from 0.5.2 before 0.5.4."
}
],
"impacts": [
{
"capecId": "CAPEC-116",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-116 Excavation"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 7.9,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:C/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-214",
"description": "CWE-214 Invocation of process using visible sensitive information",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-05T14:27:28.637Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0498"
}
],
"source": {
"advisory": "TR-26-0498",
"defect": [
"TR-26-0498"
],
"discovery": "UNKNOWN"
},
"title": "Sensitive Data Exposure in TUBITAK BILGEM\u0027s Pardus Domain Joiner",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-12250",
"datePublished": "2026-07-05T14:27:28.637Z",
"dateReserved": "2026-06-15T08:02:29.252Z",
"dateUpdated": "2026-07-05T14:27:28.637Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14460 (GCVE-0-2026-14460)
Vulnerability from cvelistv5 – Published: 2026-07-03 14:14 – Updated: 2026-07-03 14:14
VLAI
Title
Missing Authorization in TUBITAK BILGEM's pardus-software
Summary
Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.
This issue affects pardus-software: from <= 1.0.4 before 1.0.5.
Severity
8.8 (High)
CWE
- CWE-862 - Missing Authorization
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | pardus-software |
Affected:
<= 1.0.4 , < 1.0.5
(custom)
|
Date Public
2026-07-03 14:10
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pardus-software",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "1.0.5",
"status": "affected",
"version": "\u003c= 1.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kerem Kaan DASMAZ"
}
],
"datePublic": "2026-07-03T14:10:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.\u003cp\u003eThis issue affects pardus-software: from \u0026lt;= 1.0.4 before 1.0.5.\u003c/p\u003e"
}
],
"value": "Missing Authorization vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.\n\nThis issue affects pardus-software: from \u003c= 1.0.4 before 1.0.5."
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6 Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-862",
"description": "CWE-862 Missing Authorization",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T14:14:11.752Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0497"
}
],
"source": {
"advisory": "TR-26-0497",
"defect": [
"TR-26-0497"
],
"discovery": "UNKNOWN"
},
"title": "Missing Authorization in TUBITAK BILGEM\u0027s pardus-software",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-14460",
"datePublished": "2026-07-03T14:14:11.752Z",
"dateReserved": "2026-07-02T08:47:10.200Z",
"dateUpdated": "2026-07-03T14:14:11.752Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-14459 (GCVE-0-2026-14459)
Vulnerability from cvelistv5 – Published: 2026-07-03 14:09 – Updated: 2026-07-03 14:09
VLAI
Title
Argument Injection in TUBITAK BILGEM's pardus-software
Summary
Improper neutralization of argument delimiters in a command ('argument injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.
This issue affects pardus-software: from <= 1.0.4 before 1.0.5.
Severity
8.8 (High)
CWE
- CWE-88 - Improper neutralization of argument delimiters in a command ('argument injection')
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | pardus-software |
Affected:
<= 1.0.4 , < 1.0.5
(custom)
|
Date Public
2026-07-03 14:06
Credits
{
"containers": {
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "pardus-software",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "1.0.5",
"status": "affected",
"version": "\u003c= 1.0.4",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Kerem Kaan DASMAZ"
}
],
"datePublic": "2026-07-03T14:06:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper neutralization of argument delimiters in a command (\u0027argument injection\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.\u003cp\u003eThis issue affects pardus-software: from \u0026lt;= 1.0.4 before 1.0.5.\u003c/p\u003e"
}
],
"value": "Improper neutralization of argument delimiters in a command (\u0027argument injection\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute pardus-software allows Argument Injection.\n\nThis issue affects pardus-software: from \u003c= 1.0.4 before 1.0.5."
}
],
"impacts": [
{
"capecId": "CAPEC-6",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-6 Argument Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"scope": "CHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-88",
"description": "CWE-88 Improper neutralization of argument delimiters in a command (\u0027argument injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-07-03T14:09:38.691Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0497"
}
],
"source": {
"advisory": "TR-26-0497",
"defect": [
"TR-26-0497"
],
"discovery": "UNKNOWN"
},
"title": "Argument Injection in TUBITAK BILGEM\u0027s pardus-software",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-14459",
"datePublished": "2026-07-03T14:09:38.691Z",
"dateReserved": "2026-07-02T08:47:08.143Z",
"dateUpdated": "2026-07-03T14:09:38.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6508 (GCVE-0-2026-6508)
Vulnerability from cvelistv5 – Published: 2026-05-07 11:47 – Updated: 2026-05-07 14:57
VLAI
Title
RCE in TUBITAK BILGEM's Liderahenk
Summary
Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs.
This issue affects Liderahenk: from 2.0.1 before 2.0.2.
Severity
9.8 (Critical)
SSVC
Exploitation: none
Automatable: yes
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-346 - Origin Validation Error
Assigner
References
1 reference
| URL | Tags |
|---|---|
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Liderahenk |
Affected:
2.0.1 , < 2.0.2
(custom)
|
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6508",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "yes"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-05-07T14:46:54.923644Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T14:57:31.925Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Liderahenk",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "2.0.2",
"status": "affected",
"version": "2.0.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Mehmet DEM\u0130R"
}
],
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs.\u003cp\u003eThis issue affects Liderahenk: from 2.0.1 before 2.0.2.\u003c/p\u003e"
}
],
"value": "Origin Validation Error vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Accessing Functionality Not Properly Constrained by ACLs.\n\nThis issue affects Liderahenk: from 2.0.1 before 2.0.2."
}
],
"impacts": [
{
"capecId": "CAPEC-1",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-1 Accessing Functionality Not Properly Constrained by ACLs"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "NONE",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-346",
"description": "CWE-346 Origin Validation Error",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-05-07T11:47:28.064Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0181"
}
],
"source": {
"advisory": "TR-26-0181",
"defect": [
"TR-26-0181"
],
"discovery": "UNKNOWN"
},
"title": "RCE in TUBITAK BILGEM\u0027s Liderahenk",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-6508",
"datePublished": "2026-05-07T11:47:28.064Z",
"dateReserved": "2026-04-17T11:32:23.375Z",
"dateUpdated": "2026-05-07T14:57:31.925Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-6849 (GCVE-0-2026-6849)
Vulnerability from cvelistv5 – Published: 2026-04-29 14:42 – Updated: 2026-06-06 07:45
VLAI
Title
OS Command Injection in TUBITAK BILGEM's Pardus OS My Computer
Summary
Improper neutralization of special elements used in an OS command ('OS command injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection.
This issue affects Pardus OS My Computer: from <=0.7.5 before 0.8.0.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-78 - Improper neutralization of special elements used in an OS command ('OS command injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0131 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus OS My Computer |
Affected:
<=0.7.5 , < 0.8.0
(custom)
|
Date Public
2026-04-29 14:36
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-6849",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T15:35:34.305356Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T15:35:39.447Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus OS My Computer",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "0.8.0",
"status": "affected",
"version": "\u003c=0.7.5",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Osman Can VURAL"
}
],
"datePublic": "2026-04-29T14:36:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection.\u003cp\u003eThis issue affects Pardus OS My Computer: from \u0026lt;=0.7.5 before 0.8.0.\u003c/p\u003e"
}
],
"value": "Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus OS My Computer allows OS Command Injection.\n\nThis issue affects Pardus OS My Computer: from \u003c=0.7.5 before 0.8.0."
}
],
"impacts": [
{
"capecId": "CAPEC-88",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-88 OS Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-78",
"description": "CWE-78 Improper neutralization of special elements used in an OS command (\u0027OS command injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T07:45:47.301Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0131"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0131"
}
],
"source": {
"advisory": "TR-26-0131",
"defect": [
"TR-26-0131"
],
"discovery": "UNKNOWN"
},
"title": "OS Command Injection in TUBITAK BILGEM\u0027s Pardus OS My Computer",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-6849",
"datePublished": "2026-04-29T14:42:29.339Z",
"dateReserved": "2026-04-22T08:58:42.292Z",
"dateUpdated": "2026-06-06T07:45:47.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5166 (GCVE-0-2026-5166)
Vulnerability from cvelistv5 – Published: 2026-04-29 14:33 – Updated: 2026-06-06 07:47
VLAI
Title
Path Traversal in TUBITAK BILGEM's Pardus Software Center
Summary
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal.
This issue affects Pardus Software Center: before 0.6.4.
Severity
9.6 (Critical)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-22 - Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0131 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus Software Center |
Affected:
0 , < 0.6.4
(custom)
|
Date Public
2026-04-29 14:28
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5166",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T15:35:55.611035Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T15:36:01.079Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus Software Center",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "0.6.4",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u00c7a\u011fr\u0131 ESER"
}
],
"datePublic": "2026-04-29T14:28:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal.\u003cp\u003eThis issue affects Pardus Software Center: before 0.6.4.\u003c/p\u003e"
}
],
"value": "Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Path Traversal.\n\nThis issue affects Pardus Software Center: before 0.6.4."
}
],
"impacts": [
{
"capecId": "CAPEC-126",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-126 Path Traversal"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 9.6,
"baseSeverity": "CRITICAL",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "CHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:C/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-22",
"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory (\u0027Path Traversal\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T07:47:09.301Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0131"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0131"
}
],
"source": {
"advisory": "TR-26-0131",
"defect": [
"TR-26-0131"
],
"discovery": "UNKNOWN"
},
"title": "Path Traversal in TUBITAK BILGEM\u0027s Pardus Software Center",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-5166",
"datePublished": "2026-04-29T14:33:34.786Z",
"dateReserved": "2026-03-30T14:54:13.083Z",
"dateUpdated": "2026-06-06T07:47:09.301Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5161 (GCVE-0-2026-5161)
Vulnerability from cvelistv5 – Published: 2026-04-29 14:27 – Updated: 2026-06-06 07:48
VLAI
Title
Improper Authentication in TUBITAK BILGEM's Pardus About
Summary
Improper link resolution before file access ('link following') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack.
This issue affects Pardus About: before 1.2.2.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-59 - Improper link resolution before file access ('link following')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0131 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus About |
Affected:
0 , < 1.2.2
(custom)
|
Date Public
2026-04-29 14:20
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5161",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T14:47:02.370924Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T14:53:02.143Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus About",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "1.2.2",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u00c7a\u011fr\u0131 ESER"
}
],
"datePublic": "2026-04-29T14:20:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper link resolution before file access (\u0027link following\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack.\u003cp\u003eThis issue affects Pardus About: before 1.2.2.\u003c/p\u003e"
}
],
"value": "Improper link resolution before file access (\u0027link following\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus About allows Symlink Attack.\n\nThis issue affects Pardus About: before 1.2.2."
}
],
"impacts": [
{
"capecId": "CAPEC-132",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-132 Symlink Attack"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-59",
"description": "CWE-59 Improper link resolution before file access (\u0027link following\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T07:48:36.530Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0131"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0131"
}
],
"source": {
"advisory": "TR-26-0131",
"defect": [
"TR-26-0131"
],
"discovery": "UNKNOWN"
},
"title": "Improper Authentication in TUBITAK BILGEM\u0027s Pardus About",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-5161",
"datePublished": "2026-04-29T14:27:21.690Z",
"dateReserved": "2026-03-30T14:30:28.693Z",
"dateUpdated": "2026-06-06T07:48:36.530Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5141 (GCVE-0-2026-5141)
Vulnerability from cvelistv5 – Published: 2026-04-29 14:18 – Updated: 2026-06-06 07:50
VLAI
Title
Improper Access Control in TUBITAK BILGEM's Pardus Software Center
Summary
Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process.
This issue affects Pardus Software Center: from 1.0.2 before 1.0.3.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0131 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus Software Center |
Affected:
1.0.2 , < 1.0.3
(custom)
|
Date Public
2026-04-29 14:09
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5141",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T15:05:44.609262Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T15:22:47.249Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus Software Center",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "1.0.3",
"status": "affected",
"version": "1.0.2",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u00c7a\u011fr\u0131 ESER"
}
],
"datePublic": "2026-04-29T14:09:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process.\u003cp\u003eThis issue affects Pardus Software Center: from 1.0.2 before 1.0.3.\u003c/p\u003e"
}
],
"value": "Improper Privilege Management, Improper Access Control, Incorrect privilege assignment vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Software Center allows Hijacking a privileged process.\n\nThis issue affects Pardus Software Center: from 1.0.2 before 1.0.3."
}
],
"impacts": [
{
"capecId": "CAPEC-234",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-234 Hijacking a privileged process"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-269",
"description": "CWE-269 Improper Privilege Management",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-284",
"description": "CWE-284 Improper Access Control",
"lang": "en",
"type": "CWE"
}
]
},
{
"descriptions": [
{
"cweId": "CWE-266",
"description": "CWE-266 Incorrect privilege assignment",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T07:50:06.915Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0131"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0131"
}
],
"source": {
"advisory": "TR-26-0131",
"defect": [
"TR-26-0131"
],
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in TUBITAK BILGEM\u0027s Pardus Software Center",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-5141",
"datePublished": "2026-04-29T14:18:00.642Z",
"dateReserved": "2026-03-30T11:59:12.951Z",
"dateUpdated": "2026-06-06T07:50:06.915Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-5140 (GCVE-0-2026-5140)
Vulnerability from cvelistv5 – Published: 2026-04-29 13:02 – Updated: 2026-06-06 07:51
VLAI
Title
Authorization Bypass in TUBITAK BILGEM's Pardus Update
Summary
Improper neutralization of CRLF sequences ('CRLF injection') vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass.
This issue affects Pardus Update: from 0.6.3 before 0.6.4.
Severity
8.8 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-93 - Improper neutralization of CRLF sequences ('CRLF injection')
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0131 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Pardus Update |
Affected:
0.6.3 , < 0.6.4
(custom)
|
Date Public
2026-04-29 12:43
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-5140",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-04-29T14:04:24.354607Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-04-29T14:04:35.564Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Pardus Update",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "0.6.4",
"status": "affected",
"version": "0.6.3",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "\u00c7a\u011fr\u0131 ESER"
}
],
"datePublic": "2026-04-29T12:43:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Improper neutralization of CRLF sequences (\u0027CRLF injection\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass.\u003cp\u003eThis issue affects Pardus Update: from 0.6.3 before 0.6.4.\u003c/p\u003e"
}
],
"value": "Improper neutralization of CRLF sequences (\u0027CRLF injection\u0027) vulnerability in TUBITAK BILGEM Software Technologies Research Institute Pardus Update allows Authentication Bypass.\n\nThis issue affects Pardus Update: from 0.6.3 before 0.6.4."
}
],
"impacts": [
{
"capecId": "CAPEC-115",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-115 Authentication Bypass"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-93",
"description": "CWE-93 Improper neutralization of CRLF sequences (\u0027CRLF injection\u0027)",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T07:51:25.691Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0131"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0131"
}
],
"source": {
"advisory": "TR-26-0131",
"defect": [
"TR-26-0131"
],
"discovery": "UNKNOWN"
},
"title": "Authorization Bypass in TUBITAK BILGEM\u0027s Pardus Update",
"x_generator": {
"engine": "Vulnogram 1.0.2"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-5140",
"datePublished": "2026-04-29T13:02:08.216Z",
"dateReserved": "2026-03-30T11:35:18.026Z",
"dateUpdated": "2026-06-06T07:51:25.691Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2026-2339 (GCVE-0-2026-2339)
Vulnerability from cvelistv5 – Published: 2026-03-10 12:39 – Updated: 2026-06-06 07:54
VLAI
Title
RCE in TUBITAK BILGEM's Liderahenk
Summary
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.
This issue affects Liderahenk: before 3.5.1.
Severity
7.5 (High)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0087 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Liderahenk |
Affected:
0 , < 3.5.1
(custom)
|
Date Public
2026-03-10 12:16
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2026-2339",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-03-10T13:33:30.777074Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-03-10T13:33:36.378Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Liderahenk",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "3.5.1",
"status": "affected",
"version": "0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Edip ALHAZOUR\u0130"
}
],
"datePublic": "2026-03-10T12:16:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.\u003cp\u003eThis issue affects Liderahenk: before 3.5.1.\u003c/p\u003e"
}
],
"value": "Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion, Privilege Abuse, Command Injection.\n\nThis issue affects Liderahenk: before 3.5.1."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
},
{
"capecId": "CAPEC-122",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-122 Privilege Abuse"
}
]
},
{
"capecId": "CAPEC-248",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-248 Command Injection"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "HIGH",
"attackVector": "NETWORK",
"availabilityImpact": "HIGH",
"baseScore": 7.5,
"baseSeverity": "HIGH",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "NONE",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-06T07:54:39.155Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0087"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0087"
}
],
"source": {
"advisory": "TR-26-0087",
"defect": [
"TR-26-0087"
],
"discovery": "UNKNOWN"
},
"title": "RCE in TUBITAK BILGEM\u0027s Liderahenk",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2026-2339",
"datePublished": "2026-03-10T12:39:12.987Z",
"dateReserved": "2026-02-11T11:41:37.455Z",
"dateUpdated": "2026-06-06T07:54:39.155Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}
CVE-2025-7706 (GCVE-0-2025-7706)
Vulnerability from cvelistv5 – Published: 2026-02-17 13:22 – Updated: 2026-06-05 13:41
VLAI
Title
Improper Access Control in TUBITAK BILGEM's Liderahenk
Summary
Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion.
This issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0.
Severity
6.1 (Medium)
SSVC
Exploitation: none
Automatable: no
Technical Impact: total
CISA Coordinator (v2.0.3)
CWE
- CWE-306 - Missing Authentication for Critical Function
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://www.usom.gov.tr/bildirim/tr-26-0069 | government-resourcebroken-link |
| https://siberguvenlik.gov.tr/guvenlik-bildirimler… | government-resource |
Impacted products
1 product
| Vendor | Product | Version | |
|---|---|---|---|
| TUBITAK BILGEM Software Technologies Research Institute | Liderahenk |
Affected:
3.0.0 to 3.3.1 , < 3.5.0
(custom)
|
Date Public
2026-02-17 13:12
Credits
{
"containers": {
"adp": [
{
"metrics": [
{
"other": {
"content": {
"id": "CVE-2025-7706",
"options": [
{
"Exploitation": "none"
},
{
"Automatable": "no"
},
{
"Technical Impact": "total"
}
],
"role": "CISA Coordinator",
"timestamp": "2026-02-17T14:03:30.379272Z",
"version": "2.0.3"
},
"type": "ssvc"
}
}
],
"providerMetadata": {
"dateUpdated": "2026-02-17T14:04:30.116Z",
"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
"shortName": "CISA-ADP"
},
"title": "CISA ADP Vulnrichment"
}
],
"cna": {
"affected": [
{
"defaultStatus": "unaffected",
"product": "Liderahenk",
"vendor": "TUBITAK BILGEM Software Technologies Research Institute",
"versions": [
{
"lessThan": "3.5.0",
"status": "affected",
"version": "3.0.0 to 3.3.1",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"type": "finder",
"value": "Edip ALHAZOUR\u0130"
}
],
"datePublic": "2026-02-17T13:12:00.000Z",
"descriptions": [
{
"lang": "en",
"supportingMedia": [
{
"base64": false,
"type": "text/html",
"value": "Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion.\u003cp\u003eThis issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0.\u003c/p\u003e"
}
],
"value": "Missing Authentication for Critical Function vulnerability in TUBITAK BILGEM Software Technologies Research Institute Liderahenk allows Remote Code Inclusion.\n\nThis issue affects Liderahenk: from 3.0.0 to 3.3.1 before 3.5.0."
}
],
"impacts": [
{
"capecId": "CAPEC-253",
"descriptions": [
{
"lang": "en",
"value": "CAPEC-253 Remote Code Inclusion"
}
]
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "NETWORK",
"availabilityImpact": "NONE",
"baseScore": 6.1,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"privilegesRequired": "HIGH",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:U/C:H/I:H/A:N",
"version": "3.1"
},
"format": "CVSS",
"scenarios": [
{
"lang": "en",
"value": "GENERAL"
}
]
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-306",
"description": "CWE-306 Missing Authentication for Critical Function",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2026-06-05T13:41:30.965Z",
"orgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"shortName": "TR-CERT"
},
"references": [
{
"tags": [
"government-resource",
"broken-link"
],
"url": "https://www.usom.gov.tr/bildirim/tr-26-0069"
},
{
"tags": [
"government-resource"
],
"url": "https://siberguvenlik.gov.tr/guvenlik-bildirimleri/detay/tr-26-0069"
}
],
"source": {
"advisory": "TR-26-0069",
"defect": [
"TR-26-0069"
],
"discovery": "UNKNOWN"
},
"title": "Improper Access Control in TUBITAK BILGEM\u0027s Liderahenk",
"x_generator": {
"engine": "Vulnogram 0.5.0"
}
}
},
"cveMetadata": {
"assignerOrgId": "ca940d4e-fea4-4aa2-9a58-591a58b1ce21",
"assignerShortName": "TR-CERT",
"cveId": "CVE-2025-7706",
"datePublished": "2026-02-17T13:22:54.033Z",
"dateReserved": "2025-07-16T12:31:34.903Z",
"dateUpdated": "2026-06-05T13:41:30.965Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.2"
}