Lucene search
+L

2046 matches found

nvd
nvd
added yesterday5 views

CVE-2026-14960

Pegatron Tdelo64.sys improperly exposes privileged hardware access functionality through the \.\TdeIo device interface. IOCTL handlers including TDEIOCTLINDEXIOREAD and TDEIOCTLINDEXIOWRITE permit unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without...

Exploits1References1
attackerkb
attackerkb
added yesterday3 views

CVE-2026-14961

Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...

6.2CVSS6.2AI score
Exploits1References2Affected Software1
euvd
euvd
added yesterday4 views

EUVD-2026-44731

Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...

6.2CVSS6.2AI score
Exploits1References1
cvelist
cvelist
added yesterday17 views

CVE-2026-14961 CVE-2026-14961

Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...

Exploits1References1
euvd
euvd
added yesterday4 views

EUVD-2026-44730

Pegatron Tdelo64.sys improperly exposes privileged hardware access functionality through the \.\TdeIo device interface. IOCTL handlers including TDEIOCTLINDEXIOREAD and TDEIOCTLINDEXIOWRITE permit unprivileged user-mode callers to perform arbitrary hardware I/O port reads and writes without...

6.2AI score
Exploits1References1
cve
cve
added yesterday10 views

CVE-2026-14960

Pegatron's tdeio64.sys driver exposes the .TdeIo device interface, with IOCTLs including TDE_IOCTL_INDEXIO_READ/WRITE that permit unprivileged users to perform arbitrary hardware I/O port operations and, per CERT, arbitrary kernel memory access. This can lead to privilege escalation to NT AUTHORI...

6.2AI score
Exploits1References1
cve
cve
added 2 days ago7 views

CVE-2026-57089

CVE-2026-57089 affects the Windows SMB Server Network Transport Driver (srvnet.sys). It is a use-after-free vulnerability in srvnet.sys that could allow an unauthenticated attacker to execute code remotely over a network (remote code execution). The CVSSv3.1 base score is 7.5 (HIGH) with Network ...

7.5CVSS6.2AI score0.00569EPSS
Exploits0References1
euvd
euvd
added 3 days ago10 views

EUVD-2026-43274

The MBStorage DRAM lighting control module within Gigabyte Control Center GCC developed by GIGABYTE Technology has an Improper Access Control vulnerability. Authenticated local attackers can send specific IOCTL commands through the driver MyPortIOx64.sys bundled with the module, thereby arbitrari...

8.5CVSS6.1AI score0.00109EPSS
Exploits0References2
nvd
nvd
added 3 days ago8 views

CVE-2026-15515

A security vulnerability has been detected in Tencent PC Manager 18.1.30242.301. This issue affects some unknown processing in the library qmudisk64.sys of the component QMUDisk Driver. The manipulation leads to uncontrolled search path. The attack must be carried out locally. The attack is...

7.3CVSS0.00116EPSS
Exploits0References5
cvelist
cvelist
added 3 days ago36 views

CVE-2026-15515 Tencent PC Manager QMUDisk Driver qmudisk64.sys uncontrolled search path

A security vulnerability has been detected in Tencent PC Manager 18.1.30242.301. This issue affects some unknown processing in the library qmudisk64.sys of the component QMUDisk Driver. The manipulation leads to uncontrolled search path. The attack must be carried out locally. The attack is...

7.3CVSS0.00116EPSS
Exploits0References5
cvelist
cvelist
added 4 days ago31 views

CVE-2026-15506 SecureAge CatchPulse Driver saappctl.sys heap-based overflow

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.3. The affected element is an unknown function in the library saappctl.sys of the component Driver. Such manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been...

8.5CVSS0.00184EPSS
Exploits0References7
cvelist
cvelist
added 4 days ago36 views

CVE-2026-15476 QILING Disk Master Kernel Driver diskbckp.sys access control

A security vulnerability has been detected in QILING Disk Master 6.0.0.0. The impacted element is an unknown function in the library diskbckp.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack can only be performed from a local environment. The...

5.3CVSS0.00103EPSS
Exploits0References6
cve
cve
added 4 days ago15 views

CVE-2026-15475

Summary: CVE-2026-15475 affects MiniTool Partition Wizard (up to v13.6), specifically the Signed Kernel Driver pwdrvio.sys. A manipulation of an unknown function in pwdrvio.sys leads to improper access controls. The attack is local. Publicly available exploit suggests potential use in attacks. A ...

5.3CVSS5.7AI score0.00105EPSS
Exploits0References6
cvelist
cvelist
added 2026/07/05 10:0 a.m.39 views

CVE-2026-14737 Hanwang e-Face General Management Platform querySysAuthStr.do sql injection

A vulnerability was identified in Hanwang e-Face General Management Platform 6.3.5.4. This impacts an unknown function of the file /sysAuthStr/querySysAuthStr.do. The manipulation of the argument order leads to sql injection. It is possible to initiate the attack remotely. The exploit is publicly...

7.5CVSS0.00259EPSS
Exploits0References5
osv
osv
added 2026/07/04 1:15 p.m.3 views

CVE-2026-14629 RT-Thread Parameter lwp_syscall.c sys_ioctl divide by zero

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sysioctl of the file components/lwp/lwpsyscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may...

5.3CVSS5.5AI score0.00309EPSS
Exploits0References9
nvd
nvd
added 2026/07/03 8:16 p.m.11 views

CVE-2026-14607

A weakness has been identified in RT-Thread up to 5.0.2. This affects the function sysgetaddrinfo of the file components/lwp/lwpsyscall.c. Executing a manipulation of the argument aiaddr can lead to memory corruption. The attack can only be executed locally. The exploit has been made available to...

6.8CVSS0.00119EPSS
Exploits0References7
euvd
euvd
added 2026/07/02 2:36 p.m.10 views

EUVD-2026-41378

An improper validation vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to escalate privileges to SYSTEM and execute arbitrary code in kernel mode via crafted messages sent through a Minifilter communication port...

7.8CVSS6.1AI score0.00169EPSS
Exploits0References3
attackerkb
attackerkb
added 2026/07/02 2:36 p.m.6 views

CVE-2026-12166

A NULL pointer dereference vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash...

7.8CVSS5.8AI score0.00169EPSS
Exploits0References4
cvelist
cvelist
added 2026/07/02 2:36 p.m.34 views

CVE-2026-12166 CVE-2026-12166

A NULL pointer dereference vulnerability for driver GFACSysx64.sys in Little Orbit GFAC allows a local attacker to cause a denial of service via crafted requests that trigger a system crash...

0.00169EPSS
Exploits0References3
cve
cve
added 2026/07/02 2:36 p.m.13 views

CVE-2026-12166

CVE-2026-12166 concerns a NULL pointer dereference in the Little Orbit GFAC driver GFAC_Sys_x64.sys that allows a local attacker to crash the system (DoS) via crafted requests. Related entries for the same GFAC driver describe additional local‑privilege/privilege‑escalation vectors: CVE-2026-1216...

5.5CVSS5.8AI score0.00169EPSS
Exploits0References3
Rows per page
Query Builder