Lucene search
K

3926 matches found

ATTACKERKB
ATTACKERKB
added 2026/05/27 8:6 a.m.14 views

CVE-2026-40851

A local attacker can perform a confusion attack on the cfgparser via a specially crafted file on an USB stick leading to code execution. This can result in a total loss of confidentiality, integrity and availability...

8.4CVSS5.9AI score0.00133EPSS
Exploits0References2Affected Software4
CVE
CVE
added 2026/05/27 8:6 a.m.26 views

CVE-2026-40851

Technical details are not publicly available in the provided documents. Monitor for updates from NVD, CVE List, CIRCL, and CVELIST for any affected products, root cause, and fixes.

8.4CVSS5.9AI score0.00133EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux, Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: scsi: mpt3sas: A kernel panic occurred during the drive powercycle test. While iterating through Shost’s sdev list, it is possible that one of the drives is being removed, and its sastarget object is freed, but its sdev object...

7.8CVSS6.3AI score0.00229EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in freerdp3

FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.20.1, a heap-buffer overflow occurred during drive reads when a server-controlled read length was used to read file data into an IRP output stream buffer without a hard upper limit. This allowed an oversized read ...

9.8CVSS5.6AI score0.00453EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.8 views

Astra Linux – Vulnerability in Git

Git for Windows is a fork of Git that contains Windows-specific patches. This vulnerability affects users working on multi-user machines, where untrusted parties have write access to the same hard disk. These untrusted parties could create the folder C:.git, which would be included in Git...

7.8CVSS6.7AI score0.00782EPSS
Exploits0References2
Tenable Nessus
Tenable Nessus
added 2026/05/20 12:0 a.m.9 views

Amazon Linux 2023 : freerdp, freerdp-devel, freerdp-libs (ALAS2023-2026-1643)

It is, therefore, affected by a vulnerability as referenced in the ALAS2023-2026-1643 advisory. FreeRDP is a free implementation of the Remote Desktop Protocol. Versions prior to 3.25.0 have an off-by- one in the path traversal filter in channels/drive/client/drivefile.c. The containsdotdot...

6.1CVSS5.8AI score0.002EPSS
Exploits1References4
RedHat Linux
RedHat Linux
added 2026/05/19 1:29 p.m.9 views

freerdp: FreeRDP heap-buffer-overflow

A heap based buffer overflow has been discovered in FreeRDP. This heap-buffer-overflow occurs in drive read when a server-controlled read length is used to read file data into an IRP output stream buffer without a hard upper bound, allowing an oversized read to overwrite heap memory...

9.8CVSS5.9AI score0.00453EPSS
Exploits1References6
Positive Technologies
Positive Technologies
added 2026/05/19 12:0 a.m.13 views

PT-2026-41960

Name of the Vulnerable Software and Affected Versions zrok affected versions not specified Description A path traversal issue exists when using the zrok2 copy command to move files from a WebDAV or zrok drive to a local filesystem. An attacker can provide a malicious DAV href containing directory...

8.3CVSS5.9AI score0.00061EPSS
Exploits0References4
GithubExploit
GithubExploit
added 2026/05/17 6:54 p.m.97 views

chrome-148-exploit-poc

World Fun Zone - 2026 Security Research Framework Conferen...

5.8AI score
Exploits0
Cvelist
Cvelist
added 2026/05/17 12:11 p.m.42 views

CVE-2018-25326 Google Drive for WordPress 2.2 Path Traversal RCE via gdrive-ajaxs.php

Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the filename parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to...

8.7CVSS0.00641EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/05/17 12:11 p.m.10 views

CVE-2018-25326

Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the filename parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to...

8.7CVSS5.9AI score0.00641EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/17 12:11 p.m.10 views

CVE-2018-25326 Google Drive for WordPress 2.2 Path Traversal RCE via gdrive-ajaxs.php

Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the filename parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to...

8.7CVSS5.9AI score0.00641EPSS
Exploits0References3
CVE
CVE
added 2026/05/17 12:11 p.m.18 views

CVE-2018-25326

CVE-2018-25326 affects Google Drive for WordPress 2.2 and involves a path traversal vulnerability in gdrive-ajaxs.php. An unauthenticated attacker can exploit a crafted POST request by setting ajaxstype to del_fl_bkp and including directory traversal sequences in the file_name parameter (e.g., .....

8.7CVSS5.9AI score0.00641EPSS
Exploits0References3
Positive Technologies
Positive Technologies
added 2026/05/17 12:0 a.m.10 views

PT-2026-41552

Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file name parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to del ...

8.7CVSS5.9AI score0.00641EPSS
Exploits0References4
CNNVD
CNNVD
added 2026/05/17 12:0 a.m.12 views

WordPress plugin Google Drive 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...

8.7CVSS5.9AI score0.00641EPSS
Exploits0References1
NVD
NVD
added 2026/05/16 4:16 p.m.12 views

CVE-2020-37231

Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code...

8.5CVSS0.0012EPSS
Exploits0References4
CVE
CVE
added 2026/05/16 3:25 p.m.14 views

CVE-2020-37231

CVE-2020-37231 affects Privacy Drive 3.17.0 and is due to an unquoted service path in the pdsvc.exe service binary. This enables local privilege escalation to LocalSystem during service startup or system reboot by placing a malicious executable in the unquoted path directory. Metrics indicate a h...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/16 3:25 p.m.6 views

CVE-2020-37231

Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/16 3:25 p.m.9 views

CVE-2020-37231 Privacy Drive 3.17.0 Unquoted Service Path Privilege Escalation

Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4
EUVD
EUVD
added 2026/05/16 3:25 p.m.10 views

EUVD-2020-31232

Privacy Drive 3.17.0 contains an unquoted service path vulnerability in the pdsvc.exe service binary that allows local attackers to escalate privileges by exploiting the service startup process. Attackers can place malicious executables in the unquoted path directories to execute arbitrary code...

8.5CVSS6.2AI score0.0012EPSS
Exploits0References4
Rows per page
Query Builder