Lucene search
+L

818 matches found

NVD
NVD
added yesterday7 views

CVE-2026-63095

Dendrite through 0.13.8 contains an improper authorization vulnerability in the Matrix Client-Server API that allows any authenticated local user to delete third-party identifier bindings belonging to other users by submitting an arbitrary address and medium to the account deletion endpoint witho...

7.1CVSS
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-63097

Dendrite 0.13.8 is affected by an improper access-control in the syncapi /context endpoint (syncapi/routing/context.go). The flaw uses a flawed membership check that only considers RoomExists, ignoring IsInRoom, HasBeenInRoom, and Membership fields, allowing authenticated local users who have lef...

5.3CVSS5.4AI score
Exploits0References2
EUVD
EUVD
added yesterday6 views

EUVD-2026-45195

Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint syncapi/routing/context.go that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while...

5.3CVSS5.4AI score
Exploits0References2
Nuclei
Nuclei
added yesterday17 views

Images to WebP < 1.9 - Authenticated Local File Inclusion

The Images to WebP WordPress plugin before version 1.9 did not validate or sanitize the tab parameter before using it in the include function. id: CVE-2021-24644 info: name: Images to WebP 1.9 - Authenticated Local File Inclusion author: Sourabh-Sahu severity: high description: | The Images to We...

7.5CVSS7.3AI score0.05028EPSS
Exploits2References2
Positive Technologies
Positive Technologies
added yesterday6 views

PT-2026-60790

Dendrite through 0.13.8 contains an improper access control vulnerability in the syncapi /context endpoint syncapi/routing/context.go that allows authenticated local users to access post-leave room state events by exploiting a flawed membership check that evaluates only the RoomExists field while...

5.3CVSS5.3AI score
Exploits0References3
NVD
NVD
added 2 days ago6 views

CVE-2026-53411

A time-of-check to time-of-use TOCTOU race condition in the installation and uninstallation process of certain Zoom Clients for Windows could allow an authenticated local user to escalate privileges...

7.8CVSS0.00143EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 5 days ago13 views

PT-2026-57623

Name of the Vulnerable Software and Affected Versions Gigabyte Control Center affected versions not specified Description The MBStorage DRAM lighting control module within Gigabyte Control Center GCC contains an improper access control issue. Authenticated local attackers can send specific IOCTL...

8.5CVSS6.1AI score0.00109EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/07/09 9:3 p.m.33 views

CVE-2026-33802 Junos OS: EX Series: Unauthorized users can execute service-impacting CLI command

A Missing Authorization vulnerability in the CLI of Juniper Networks Junos OS on EX Series allows a local, authenticated attacker to cause a Denial-of-Service DoS. On EX2300, EX4000, EX4100, EX4300-MP Multigigabit and EX4400 switches, an authenticated, local attacker with no specific permissions ...

6.8CVSS0.00123EPSS
Exploits0References1
OSV
OSV
added 2026/06/25 10:34 p.m.6 views

GO-2026-5523 Arc has an authenticated arbitrary local-file read via DuckDB I/O functions that bypasses RBAC table-level checks in github.com/basekick-labs/arc

Arc has an authenticated arbitrary local-file read via DuckDB I/O functions that bypasses RBAC table-level checks in github.com/basekick-labs/arc...

5.9AI score0.00029EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/22 12:0 a.m.5 views

Cisco Umbrella Virtual Appliance < 3.8.5 Privilege Escalation (cisco-sa-umbrella-priv-esc-F4wJB7AU)

According to its self-reported version, Cisco Umbrella Insights Virtual Appliance is affected by a vulnerability. - A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability i...

6CVSS6AI score0.00104EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.4 views

Astra Linux – Vulnerability in Intel Microcode

The sequence of processor instructions may lead to unexpected behavior on some Intel processors. This could potentially allow an authenticated user to enable privilege escalation, information disclosure, or denial of service through local access...

8.8CVSS7AI score0.01728EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in Intel Microcode

Observable timing discrepancies in some Intel processors may allow an authenticated user to potentially enable information disclosure through local access...

3.3CVSS6.4AI score0.00383EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.9 views

Astra Linux – Vulnerability in Intel Microcode

The removal or modification of security-critical code in certain Intel processors may allow an authenticated user to potentially enable information disclosure through local access...

5.5CVSS6.5AI score0.00347EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.6 views

Astra Linux – Vulnerability in Intel Microcode

The sequence of processor instructions in IntelR CoreTM Ultra Processors may lead to unexpected behaviors. This could potentially allow an authenticated user to enable denial of service through local access...

4.7CVSS6.3AI score0.00279EPSS
Exploits0References2
NVD
NVD
added 2026/06/17 5:16 p.m.16 views

CVE-2026-20246

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this...

6CVSS0.00104EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/17 4:17 p.m.10 views

EUVD-2026-37751

A vulnerability in the vmadmin CLI of Cisco Umbrella Virtual Appliance could allow an authenticated, local attacker to elevate privileges on an affected device. This vulnerability is due to insufficient validation of user-supplied commands. An attacker with vmadmin privileges could exploit this...

6CVSS5.3AI score0.00104EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/11 1:52 p.m.31 views

CVE-2026-10847 Local Privilege Escalation vulnerability in Check Point Identity Agent Full for Windows OS

A local privilege escalation vulnerability exists in Check Point Identity Agent Full for Windows OS. An authenticated local user may be able to execute arbitrary code with SYSTEM privileges due to improper handling of executable resolution during the log collection process. Successful exploitatio...

7.8CVSS0.00124EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/09 6:30 p.m.17 views

EUVD-2026-35464

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

6.8CVSS5.4AI score0.00229EPSS
Exploits0References14
NVD
NVD
added 2026/06/09 5:17 p.m.10 views

CVE-2026-9210

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

7.1CVSS0.00216EPSS
Exploits0References32
Cvelist
Cvelist
added 2026/06/09 3:50 p.m.34 views

CVE-2026-0415 Insufficient input validation vulnerability in certain Orbi routers

Insufficient input validation vulnerability in the listed NETGEAR models allows authenticated administrators connected to the local network to make unauthorized modification of router software and functionality...

6.8CVSS0.00229EPSS
Exploits0References14
Rows per page
Query Builder