Lucene search
K

120967 matches found

CNNVD
CNNVD
added 2026/01/27 12:0 a.m.5 views

EZCast Pro II security vulnerabilities

EZCast Pro II is a computer screen-sharing software developed by EZCast Corporation in China. This software allows for wireless sharing of data from computer devices onto televisions or projection screens. EZCast Pro supports screen allocation and projection permissions. Version 1.17478.146 of...

7.4CVSS5.9AI score0.00149EPSS
Exploits0References2
Kaspersky
Kaspersky
added 2026/01/27 12:0 a.m.6 views

KLA90858 Multiple vulnerabilities in Mozilla Firefox

Multiple vulnerabilities were found in Mozilla Firefox. Malicious users can exploit these vulnerabilities to execute arbitrary code, cause denial of service, bypass security restrictions. Below is a complete list of vulnerabilities: 1. Use after free vulnerability in Layout: Scrolling and Overflo...

8.1CVSS6.2AI score0.00232EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/01/27 12:0 a.m.8 views

PT-2026-4909

A low privileged remote attacker can execute arbitrary code by sending specially crafted calls to the web service of the Device Manager or locally via an API and can cause integer overflows which then may lead to arbitrary code execution within privileged processes...

8.8CVSS6.4AI score0.00414EPSS
Exploits0References2
Broadcom
Broadcom
added 2026/01/27 12:0 a.m.17 views

A vulnerability in input validation exists in curl <8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation

A vulnerability in input validation exists in curl 8.0 during communication using the TELNET protocol may allow an attacker to pass on maliciously crafted user name and "telnet options" during server negotiation. The lack of proper input scrubbing allows an attacker to send content or perform...

8.8CVSS7.6AI score0.01993EPSS
Exploits1
Github Security Blog
Github Security Blog
added 2026/01/26 6:57 p.m.7 views

vm2 has a Sandbox Escape

In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. js const VM = require"vm2"; const code = const error = new Error; error.name = Symbol; const f = async = error.stack...

10CVSS6AI score0.01222EPSS
Exploits1References5Affected Software1
OSV
OSV
added 2026/01/26 6:57 p.m.2 views

GHSA-99P7-6V5W-7XG8 vm2 has a Sandbox Escape

In vm2 for version 3.10.0, Promise.prototype.then Promise.prototype.catch callback sanitization can be bypassed. This allows attackers to escape the sandbox and run arbitrary code. js const VM = require"vm2"; const code = const error = new Error; error.name = Symbol; const f = async = error.stack...

9.8CVSS7.3AI score0.01222EPSS
Exploits1References5
Vulnrichment
Vulnrichment
added 2026/01/26 5:55 p.m.2 views

CVE-2025-71178 Crucial Storage Executive < 11.08.082025.00 Installer DLL Preloading LPE

Crucial Storage Executive installer versions prior to 11.08.082025.00 contain a DLL preloading vulnerability. During installation, the installer runs with elevated privileges and loads Windows DLLs using an uncontrolled search path, which can cause a malicious DLL placed alongside the installer t...

7.1CVSS6.3AI score0.00185EPSS
Exploits0References2
CVE
CVE
added 2026/01/26 5:55 p.m.14 views

CVE-2025-71178

CVE-2025-71178 affects Crucial Storage Executive installer versions

7.1CVSS6.3AI score0.00185EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/01/26 5:43 p.m.30 views

CVE-2020-36959 IDT PC Audio 1.0.6499.0 - 'STacSV' Unquoted Service Path

IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the STacSV service to inject malicious code that would execute with LocalSystem account...

8.5CVSS0.0013EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/01/26 4:16 p.m.5 views

GnuPG: GnuPG: Information disclosure and potential arbitrary code execution via out-of-bounds write

A flaw was found in GnuPG. An attacker can provide crafted input to the armorfilter function, which incorrectly increments an index variable, leading to an out-of-bounds write. This memory corruption vulnerability may allow for information disclosure and could potentially lead to arbitrary code...

7.8CVSS6AI score0.00129EPSS
Exploits1References9
RedhatCVE
RedhatCVE
added 2026/01/26 1:28 p.m.8 views

CVE-2026-0775

npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...

7CVSS6.3AI score0.00286EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/01/26 1:25 p.m.4 views

CVE-2026-1284

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

7.8CVSS6AI score0.00256EPSS
Exploits0References2
EUVD
EUVD
added 2026/01/26 1:25 p.m.4 views

EUVD-2026-4703

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS 2025 through Release SOLIDWORKS 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

7.8CVSS6.2AI score0.00256EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/01/26 1:25 p.m.27 views

CVE-2026-1284 Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026

An Out-Of-Bounds Write vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

7.8CVSS0.00256EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/26 1:25 p.m.2 views

CVE-2026-1283 Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026

A Heap-based Buffer Overflow vulnerability affecting the EPRT file reading procedure in SOLIDWORKS eDrawings from Release SOLIDWORKS Desktop 2025 through Release SOLIDWORKS Desktop 2026 could allow an attacker to execute arbitrary code while opening a specially crafted EPRT file...

7.8CVSS5.9AI score0.00247EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.4 views

PT-2026-4782

Kite 1.2020.1119.0 contains an unquoted service path vulnerability in the KiteService Windows service that allows local attackers to potentially execute arbitrary code. Attackers can exploit the unquoted path in 'C:Program FilesKiteKiteService.exe' to inject malicious executables and escalate...

8.5CVSS6.1AI score0.0013EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.4 views

PT-2026-4798

Name of the Vulnerable Software and Affected Versions Hiawatha version 11.7 Description A double free issue exists in the XSLT show index function of the Hiawatha webserver. This allows an unauthenticated attacker to corrupt data, potentially leading to arbitrary code execution. The issue involve...

6.5CVSS6.2AI score0.00344EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.6 views

PT-2026-4783

IDT PC Audio 1.0.6499.0 contains an unquoted service path vulnerability that allows local users to potentially execute arbitrary code with elevated system privileges. Attackers can exploit the unquoted path in the STacSV service to inject malicious code that would execute with LocalSystem account...

8.5CVSS6.2AI score0.0013EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/01/26 12:0 a.m.6 views

Dassault Systèmes SOLIDWORKS eDrawings security vulnerabilities

Dassault Systèmes SOLIDWORKS eDrawings is a collaboration tool developed by Dassault Systèmes, a French company, for viewing, sharing, and annotating 2D/3D design files. Dassault Systèmes SOLIDWORKS eDrawings has a security vulnerability that stems from a heap buffer overflow during the EPRT file...

7.8CVSS7.5AI score0.00247EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/26 12:0 a.m.4 views

PT-2026-4769

Name of the Vulnerable Software and Affected Versions SOLIDWORKS eDrawings versions 2025 through 2026 Description A heap-based buffer overflow exists in the EPRT file reading procedure of SOLIDWORKS eDrawings. This issue could allow an attacker to execute arbitrary code by opening a specially...

7.8CVSS6.3AI score0.00247EPSS
Exploits0References10
Rows per page
Query Builder