CVE-2026-22069

CVE-2026-22069 affects O+ Connect and describes a local privilege-escalation vulnerability where the pipe interface fails to validate the caller’s identity. The CVSS 3.1 score is 7.3 (HIGH) with LOCAL attack vector, LOW privileges required, USER interaction required, scope changed, and impact on ...

CVE-2025-52915

K7RKScan.sys 23.0.0.10, part of the K7 Security Anti-Malware suite, allows an admin-privileged user to send crafted IOCTL requests to terminate processes that are protected through a third-party implementation. This is caused by insufficient caller validation in the driver's IOCTL handler, enabli...

Everyone can disable policy of any brahama console account

Lines of code Vulnerability details Impact Everyone can disable policy of any brahama console account if you look at the function disablePolicyOnConsole it designed to disable the policy and set guards to 0 which is important decision of any account but the problem is everyone can disable random...

Mozilla: Potential out-of-bounds when accessing throttled streams

A flaw was found in Mozilla. The Mozilla Foundation Security Advisory describes the issue that when accessing throttled streams, the count of available bytes needs to be checked in the calling function to be within bounds. This may have led future code to be incorrect and vulnerable...

CounterV2.setNewVariable can be invoked by anyone.

Lines of code Vulnerability details Impact The CounterV2.setNewVariable is an open function which can be invoked by anyone. function setNewVariableuint256 newVariable external reinitializer2 newVariable = newVariable; This function is intended to be invoked by PluginSetupProcessor &...

CVE-2022-28781

Improper input validation in Settings prior to SMR-May-2022 Release 1 allows attackers to launch arbitrary activity with system privilege. The patch adds proper validation logic to check the caller...