219619 matches found
Azure Monitor Agent Elevation of Privilege Vulnerability
External control of file name or path in Azure Monitor Agent allows an authorized attacker to elevate privileges locally...
.NET Core Tampering Vulnerability
A tampering vulnerability exists when .NET Core improperly handles specially crafted files. An attacker who successfully exploited this vulnerability could write arbitrary files and directories to certain locations on a vulnerable system. However, an attacker would have limited control over the...
M365 Copilot for Desktop Spoofing Vulnerability
Improper access control in M365 Copilot for Desktop allows an unauthorized attacker to perform spoofing locally...
Microsoft Word Information Disclosure Vulnerability
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...
Windows TCP/IP Denial of Service Vulnerability
...
Windows Filtering Platform (WFP) Security Feature Bypass Vulnerability
Improper access control in Windows Filtering Platform WFP allows an authorized attacker to bypass a security feature locally...
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...
Microsoft Office Spoofing Vulnerability
Improper access control in Microsoft Office allows an unauthorized attacker to perform spoofing locally...
Microsoft Office Click-To-Run Elevation of Privilege Vulnerability
Use after free in Microsoft Office allows an authorized attacker to elevate privileges locally...
Azure Logic Apps Elevation of Privilege Vulnerability
Improper access control in Azure Logic Apps allows an authorized attacker to elevate privileges over a network...
Windows Admin Center in Azure Portal Elevation of Privilege Vulnerability
Improper access control in Windows Admin Center allows an authorized attacker to elevate privileges over a network...
CVE-2026-40020
Attacker can use the IMAP SETACL command to inject the anyone permission to user's dovecot-acl file even if imapaclallowanyone=no. This causes folders to be spammed to all users. The impact is limited to being able to spam folders to other users, no unexpected access is gained. Install to fixed...
CVE-2026-40020
CVE-2026-40020 affects dovecot via IMAP SETACL: an attacker can inject the "anyone" permission into a user’s dovecot-acl file even when imap_acl_allow_anyone=no, causing folders to be spammed to all users. Impact is limited to spamming, not unauthorized data access. Multiple vendors have referenc...
EUVD-2026-29454
Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through = 1.4.0.3...
EUVD-2026-29452
Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through = 1.52.2...
EUVD-2026-29429
Affected devices do not properly restrict access to the web browser via the Control Panel when no corresponding security mechanisms are in place. This could allow an unauthenticated attacker to gain unauthorized access to the web browser, potentially enabling the discovery of backdoors, performin...
Malicious code in kaggle-runner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dcd49ca70b987b236ba4341d839addfec9afb344e1471195f2f825281092f71 kagglerunner/coordinator.py embeds a bash reverse-shell template rvsstr that connects to vtool.duckdns.org:23454 via ncat with retry/backoff plus a...
MAL-2026-3693 Malicious code in kaggle-runner (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 8dcd49ca70b987b236ba4341d839addfec9afb344e1471195f2f825281092f71 kagglerunner/coordinator.py embeds a bash reverse-shell template rvsstr that connects to vtool.duckdns.org:23454 via ncat with retry/backoff plus a...
CVE-2026-45210
Missing Authorization vulnerability in Broadstreet Broadstreet Ads broadstreet allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Broadstreet Ads: from n/a through = 1.52.2...
CVE-2026-45212
Missing Authorization vulnerability in Gabe Livan Asset CleanUp: Page Speed Booster wp-asset-clean-up allows Exploiting Incorrectly Configured Access Control Security Levels.This issue affects Asset CleanUp: Page Speed Booster: from n/a through = 1.4.0.3...