Lucene search
K

182 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/08 5:57 a.m.9 views

CVE-2026-8069

PredatorSense version 3.00.3136 to 3.00.3196 contain Local Privilege Escalation LPE vulnerability.The program exposes a Windows Named Pipe that uses a custom protocol to invoke internal functions. However, this Named Pipe is misconfigured, allowing any authenticated local user to execute arbitrar...

8.5CVSS6.3AI score0.00118EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/05/06 3:45 p.m.35 views

CVE-2026-41288 WatchGuard Agent on Windows Privilege Escalation Vulnerability

Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\SYSTEM...

7.3CVSS0.00103EPSS
Exploits0References1
F5 Networks
F5 Networks
added 2026/04/06 7:22 p.m.6 views

K000160637: Intel 800 Series Ethernet vulnerability CVE-2025-24303

Security Advisory Description Improper check for unusual or exceptional conditions in the Linux kernel-mode driver for some IntelR 800 Series Ethernet before version 1.17.2 may allow an authenticated user to potentially enable escalation of privilege via local access. CVE-2025-24303 Impact This...

8.8CVSS5.9AI score0.00119EPSS
Exploits0Affected Software2
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.10 views

PT-2026-27794

Name of the Vulnerable Software and Affected Versions Cisco IOS XE Software affected versions not specified Description A flaw exists in the Cisco IOS XE Software Command Line Interface CLI that could allow a local, authenticated attacker to trigger a denial of service DoS condition on a vulnerab...

6.5CVSS5.9AI score0.00092EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/03/11 8:21 p.m.3 views

CVE-2026-1652

A potential buffer overflow vulnerability was reported in the Lenovo Virtual Bus driver used in Smart Connect that could allow a local authenticated user to corrupt memory and cause a Windows blue screen error...

6.9CVSS6.1AI score0.00095EPSS
Exploits0References2
NVD
NVD
added 2026/03/02 5:16 p.m.8 views

CVE-2025-64427

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses e.g., 127.0.0.1, localhost, or...

7.1CVSS0.00238EPSS
Exploits1References1
CVE
CVE
added 2026/03/02 4:28 p.m.22 views

CVE-2025-64427

ZimaOS (a CasaOS fork for Zima devices and x86-64 with UEFI) is vulnerable to Server-Side Request Forgery (SSRF) in version 1.5.0 and earlier. An authenticated local user can craft requests to internal targets (127.0.0.1, localhost, private ranges) due to insufficient URL validation/restriction, ...

7.1CVSS5.9AI score0.00238EPSS
Exploits1References1Affected Software1
OSV
OSV
added 2026/03/02 4:28 p.m.4 views

CVE-2025-64427 ZimaOS is vulnerable to Server-Side Request Forgery (SSRF)

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.0 and prior, due to insufficient validation or restriction of target URLs, an authenticated local user can craft requests that target internal IP addresses e.g., 127.0.0.1, localhost, or...

7.1CVSS5.9AI score0.00238EPSS
Exploits1References3
EUVD
EUVD
added 2026/02/25 6:31 p.m.9 views

EUVD-2026-8672

A vulnerability in the Object Model CLI component of Cisco Application Policy Infrastructure Controller APIC could allow an authenticated, local attacker to cause an affected device to reload unexpectedly, resulting in a denial of service DoS condition. To exploit this vulnerability, the attacker...

5.5CVSS5.8AI score0.00087EPSS
Exploits0References2
CVE
CVE
added 2026/02/25 4:14 p.m.19 views

CVE-2026-20107

The CVE concerns Cisco Application Policy Infrastructure Controller (APIC) in the Object Model CLI. A vulnerability in the CLI input validation could allow an authenticated, local attacker with any role granting CLI access to issue crafted commands and trigger a device reload, causing a DoS. Affe...

5.5CVSS5.8AI score0.00087EPSS
Exploits0References1
EUVD
EUVD
added 2026/01/15 12:31 a.m.4 views

EUVD-2025-206290

An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges...

6.8CVSS6AI score0.00118EPSS
Exploits0References2
NVD
NVD
added 2026/01/14 11:15 p.m.5 views

CVE-2025-13154

An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges...

6.8CVSS0.00118EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/01/14 10:16 p.m.4 views

CVE-2025-13154

An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges...

6.8CVSS6.2AI score0.00118EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/01/14 10:16 p.m.5 views

CVE-2025-13154

An improper link following vulnerability was reported in the SmartPerformanceAddin for Lenovo Vantage that could allow an authenticated local user to perform an arbitrary file deletion with elevated privileges...

6.8CVSS5.6AI score0.00118EPSS
Exploits0References2
CVE
CVE
added 2026/01/14 10:16 p.m.7 views

CVE-2025-13154

CVE-2025-13154 affects Lenovo Vantage SmartPerformanceAddin. Root cause: improper link following enabling an authenticated local user to delete arbitrary files with elevated privileges. Impact: local privilege escalation with high availability impact; base metrics: CVSS v3.1 (AV:L/AC:L/PR:L/UI:N/...

6.8CVSS6.2AI score0.00118EPSS
Exploits0References1
Tenable Nessus
Tenable Nessus
added 2026/01/07 12:0 a.m.4 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-000414)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-000414 advisory. Microarchitectural Load Port Data Sampling MLPDS: Load ports on some microprocessors utilizing speculative execution may allow an authenticated user to potentially...

5.6CVSS6.8AI score0.01497EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2025/12/23 8:35 a.m.7 views

CVE-2025-8305

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files...

6.5CVSS6.2AI score0.00102EPSS
Exploits0References1
NVD
NVD
added 2025/12/22 8:15 a.m.8 views

CVE-2025-8305

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files...

6.5CVSS0.00102EPSS
Exploits0References1
Cvelist
Cvelist
added 2025/12/22 7:58 a.m.24 views

CVE-2025-8305 Information Disclosure in Identity Agent Debug Files

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files...

6.5CVSS0.00102EPSS
Exploits0References1
EUVD
EUVD
added 2025/12/22 7:58 a.m.6 views

EUVD-2025-204700

An authenticated local user can obtain information that allows claiming security policy rules of another user due to sensitive information being printed in plaintext in Identity Agent for Terminal Services debug files...

6.5CVSS5.7AI score0.00102EPSS
Exploits0References2
Rows per page
Query Builder