Lucene search
K

2026 matches found

NVD
NVD
added 2026/06/15 4:16 a.m.12 views

CVE-2026-12217

A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been...

8.5CVSS0.00111EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/06/15 4:0 a.m.8 views

CVE-2026-12217 DVDFab Virtual Drive Signed Kernel Driver dvdfabio.sys privileges management

A security vulnerability has been detected in DVDFab Virtual Drive 2.0.0.5. Impacted is an unknown function in the library dvdfabio.sys of the component Signed Kernel Driver. The manipulation leads to improper privilege management. An attack has to be approached locally. The exploit has been...

8.5CVSS6.7AI score0.00111EPSS
Exploits0References5
Snyk
Snyk
added 2026/06/12 7:9 p.m.4 views

Deserialization of Untrusted Data

Overview Affected versions of this package are vulnerable to Deserialization of Untrusted Data via the VariableFrontend or Registry. An attacker can execute arbitrary PHP code by injecting a crafted serialized payload into the underlying storage backend, such as the cache store or sysregistry...

9.3CVSS6.1AI score0.00215EPSS
Exploits0References2
NCSC
NCSC
added 2026/06/09 5:44 p.m.18 views

Vulnerabilities in Microsoft Windows

Microsoft has fixed a large number of vulnerabilities in Windows. A malicious party can exploit the vulnerabilities to carry out attacks that can lead to various categories of damage, as described in the tables below. Among these vulnerabilities are about six very serious ones, which Microsoft ha...

9.8CVSS6.1AI score0.48438EPSS
Exploits5
Vulnrichment
Vulnrichment
added 2026/06/07 12:8 p.m.12 views

CVE-2026-49494 Xcitium Client Security / Comodo Internet Security Remote Denial of Service

Xcitium Client Security XCS before 13.8.2.10019 and Comodo Internet Security CIS through 12.3.4.8162 fix expected by 2026 Q3 contain an integer underflow vulnerability in the firewall driver Inspect.sys that allows remote unauthenticated attackers to crash the system by sending a crafted IPv6...

8.7CVSS6.2AI score0.00542EPSS
Exploits0References4
Mageia
Mageia
added 2026/06/07 5:10 a.m.24 views

Updated golang-x-crypto & golang-x-sys-devel packages fix security vulnerability

fixes a protocol weakness in the golang.org/x/crypto/ssh package that allowed a MITM attacker to compromise the integrity of the secure channel before it was established, allowing them to prevent transmission of a number of messages immediately after the secure channel was established without...

5.9CVSS5.9AI score0.9378EPSS
Exploits4References4
Cvelist
Cvelist
added 2026/06/07 2:15 a.m.42 views

CVE-2026-11449 GL.iNet GL-MT3000 LuCI JSON-RPC rpc rpc_sys command injection

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS0.01102EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/06/07 2:15 a.m.7 views

CVE-2026-11449

A security vulnerability has been detected in GL.iNet GL-MT3000 4.4.5. The impacted element is the function rpcsys of the file /cgi-bin/luci/rpc of the component LuCI JSON-RPC Interface. Such manipulation leads to command injection. The attack may be performed from remote. Upgrading to version...

6.5CVSS5.2AI score0.01102EPSS
Exploits0References7Affected Software1
CNNVD
CNNVD
added 2026/06/07 12:0 a.m.10 views

GL.iNet GL-MT3000 命令注入漏洞

GL.iNet GL-MT3000 is a portable travel router from the company GL.iNet, which supports Wi-Fi 6 and VPN functions. Version 4.4.5 of GL.iNet GL-MT3000 has a command injection vulnerability. This vulnerability stems from a problem with the function “rpcsys” in the LuCI JSON-RPC Interface component...

6.5CVSS6.4AI score0.01102EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/05 7:51 p.m.9 views

CVE-2025-52347

An issue in the component DirectIo64.sys of PassMark BurnInTest v11.0 Build 1011, OSForensics v11.1 Build 1007, and PerformanceTest v11.1 Build 1004 allows attackers to access kernel memory and escalate privileges via a crafted IOCTL 0x8011E044 call...

7.8CVSS5.4AI score0.00109EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:49 p.m.11 views

CVE-2026-30769

An issue in the TVicPort64.sys component of EnTech Taiwan TVicPort Product v4.0, File v5.2.1.0 allows attackers to escalate privileges via sending crafted IOCTL 0x80002008 requests...

7.8CVSS5.5AI score0.0013EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:46 p.m.9 views

CVE-2026-37429

qihang-wms commit 75c15a was discovered to contain a SQL injection vulnerability via the datascope parameter in the SysUserMapper.xml file. This vulnerability allows attackers to access sensitive database information, including users' Personally Identifiable Information PII via a crafted SQL...

6.5CVSS5.6AI score0.00275EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:32 p.m.8 views

CVE-2026-6608

A vulnerability was detected in lm-sys fastchat up to 0.2.36. Impacted is the function addtext of the component Arena Side-by-Side View Handler. The manipulation results in incorrect control flow. The attack can be launched remotely. The exploit is now public and may be used. The root cause was...

6.9CVSS5.5AI score0.00308EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:19 p.m.10 views

CVE-2026-5830

A vulnerability was identified in Tenda AC15 15.03.05.18. This affects the function websGetVar of the file /goform/SysToolChangePwd. Such manipulation of the argument oldPwd/newPwd/cfmPwd leads to stack-based buffer overflow. The attack can be executed remotely. The exploit is publicly available...

9CVSS8.5AI score0.00627EPSS
Exploits1References1
NVD
NVD
added 2026/06/01 5:17 p.m.15 views

CVE-2026-8501

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit...

7.8CVSS0.00161EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/01 4:25 p.m.32 views

CVE-2026-8501 CVE-2026-8501

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit...

0.00161EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/06/01 4:25 p.m.12 views

CVE-2026-8501 CVE-2026-8501

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit...

5.8AI score0.00161EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 4:25 p.m.30 views

CVE-2026-8501

CVE-2026-8501 affects the PC Tools PCTCore64.sys Windows kernel driver. The driver exposes the .�5CPCTCoreDriver WDM device interface with no access control, allowing user-mode processes to invoke privileged IOCTL handlers and perform low-level operations. Documented impacts include credential th...

7.8CVSS5.8AI score0.00161EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/01 12:30 a.m.11 views

EUVD-2026-33526

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

6.5CVSS6.4AI score0.00192EPSS
Exploits0References6
NVD
NVD
added 2026/06/01 12:16 a.m.11 views

CVE-2026-10204

A weakness has been identified in OFCMS 1.1.3. The affected element is the function Query of the file \ofcms-admin\src\main\java\com\ofsoft\cms\admin\controller\system\SysUserController.java of the component JSON Query Interface. This manipulation causes sql injection. The attack may be initiated...

6.5CVSS0.00192EPSS
Exploits0References5
Rows per page
Query Builder