Lucene search
+L

3032 matches found

Cvelist
Cvelist
added yesterday15 views

CVE-2019-25764

UNSUPPORTED WHEN ASSIGNED Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ...

7.3CVSS0.0009EPSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2019-20200

UNSUPPORTED WHEN ASSIGNED Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ...

7.3CVSS5.5AI score0.0009EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2019-25764

UNSUPPORTED WHEN ASSIGNED Exposed IOCTL with Insufficient Access Control in the ASUS AURA SYNC driver allows a local user to bypass the driver's verification and invoke arbitrary IOCTLs, resulting in privilege escalation. Refer to the 'End-of-Life Notice and Driver Update for Legacy ASUS Drivers ...

7.3CVSS5.5AI score0.0009EPSS
Exploits0References2
CVE
CVE
added yesterday11 views

CVE-2019-25764

CVE-2019-25764 concerns the ASUS AURA SYNC driver, where an exposed IOCTL with insufficient access control enables a local user to bypass verification and invoke arbitrary IOCTLs, leading to privilege escalation. The available connected documents confirm the affected component as the ASUS AURA SY...

7.3CVSS6.2AI score0.0009EPSS
Exploits0References1
Nuclei
Nuclei
added yesterday78 views

ASUS DSL-AC88U - Authentication Bypass

A vulnerability in the ASUS DSL-AC88U router permits unauthorized individuals to bypass authentication.When adding "/js/..%2f%2f" or "/images/..%2f%2e" to the requested URL, it will be recognized as passing the authentication.This vulnerability is part of a broader authentication bypass issue...

9.8CVSS8.8AI score0.43456EPSS
Exploits0References3
NVD
NVD
added 3 days ago9 views

CVE-2026-8919

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS0.00264EPSS
Exploits0References1
NVD
NVD
added 3 days ago7 views

CVE-2026-15029

Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protection...

8.4CVSS0.00118EPSS
Exploits0References1
NVD
NVD
added 3 days ago9 views

CVE-2026-15030

Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation. Refer to the ' Security...

5.6CVSS0.00101EPSS
Exploits0References1
NVD
NVD
added 3 days ago8 views

CVE-2026-13385

An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middleMITM user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware '...

9.5CVSS0.00103EPSS
Exploits0References1
NVD
NVD
added 3 days ago8 views

CVE-2026-13585

Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe...

8.2CVSS0.00112EPSS
Exploits0References1
NVD
NVD
added 3 days ago9 views

CVE-2026-11851

Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...

5.9CVSS0.00314EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago8 views

EUVD-2026-44590

An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middleMITM user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware '...

9.5CVSS6.3AI score0.00103EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago41 views

CVE-2026-13385

An Improper Validation of Integrity Check Value and Improper Certificate Validation in certain ASUS router models allows a remote man-in-the-middleMITM user to make the router download and execute arbitrary command via a spoofed server. Refer to the ' Security Update for ASUS Router Firmware '...

9.5CVSS0.00103EPSS
Exploits0References1
CVE
CVE
added 3 days ago14 views

CVE-2026-13385

The CVE-2026-13385 entry affects certain ASUS router models. It covers an vulnerability path where an attacker can perform a remote MITM to cause the device to download and execute arbitrary commands via a spoofed server, due to improper validation of the integrity check value and improper certif...

9.5CVSS6.3AI score0.00103EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago11 views

EUVD-2026-44589

Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protection...

8.4CVSS6.2AI score0.00118EPSS
Exploits0References1
CVE
CVE
added 3 days ago13 views

CVE-2026-15029

The CVE-2026-15029 entry covers an Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager. The vulnerability permits a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests...

8.4CVSS6.2AI score0.00118EPSS
Exploits0References1
CVE
CVE
added 3 days ago10 views

CVE-2026-15030

The CVE-2026-15030 entry concerns ASUS components: System Control Interface v3, System Control Interface, and ASUS Business Manager. The weakness is an out-of-bounds read caused by a crafted IOCTL request that bypasses validation, enabling a local administrator to read memory regions beyond the i...

5.6CVSS6.1AI score0.00101EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-44588

Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation. Refer to the ' Security...

5.6CVSS6.1AI score0.00101EPSS
Exploits0References1
EUVD
EUVD
added 3 days ago9 views

EUVD-2026-44587

Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe...

8.2CVSS6AI score0.00112EPSS
Exploits0References1
Cvelist
Cvelist
added 3 days ago37 views

CVE-2026-13585

Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe...

8.2CVSS0.00112EPSS
Exploits0References1
Rows per page
Query Builder