Lucene search
K

7319 matches found

ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-40952

CVE-2026-40952 is a privilege misconfiguration in the Secure Access installer for the Windows client and server prior to version 14.55. Attackers with local access to the client or server can use it to elevate privileges to Administrator when Secure Access is installed in a non-default location...

8.5CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday8 views

CVE-2026-40952

The CVE-2026-40952 entry describes a privilege misconfiguration in the Windows Secure Access installer for the client and server prior to version 14.55. Local attackers with access to the affected system can elevate privileges to Administrator when Secure Access is installed in a non-default loca...

8.5CVSS6.1AI score
Exploits0References1Affected Software1
NVD
NVD
added yesterday6 views

CVE-2026-61449

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS
Exploits0References2
EUVD
EUVD
added yesterday4 views

EUVD-2026-44647

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS6.1AI score
Exploits0References2
Cvelist
Cvelist
added yesterday10 views

CVE-2026-61449 Grav before 2.0.2 Decompression Bomb via Forged ZIP Size

Grav 2.0.1 contains a decompression-bomb size-cap bypass in ZipArchiver and GPM\Installer. The size bound introduced in 2.0.1 sums the uncompressed size declared in each entry's ZIP central-directory header ZipArchive::statIndex'size' and rejects archives exceeding...

7.1CVSS
Exploits0References2
EUVD
EUVD
added yesterday7 views

EUVD-2026-44591

The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...

8.4CVSS7.1AI score0.00142EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday7 views

CVE-2026-42936

The installer of HYPER SBI 2 insecurely loads Dynamic Link Libraries. If there is a crafted DLL at the same directory when invoking the affected installer, arbitrary code may be executed with the privilege of the user invoking the installer...

8.4CVSS7.1AI score0.00142EPSS
Exploits0References2
Nuclei
Nuclei
added yesterday37 views

osCommerce 2.3.4.1 - Remote Code Execution

osCommerce Online Merchant 2.3.4.1 contains a remote code execution caused by insecure default configuration and missing authentication in the installer workflow, letting unauthenticated attackers execute arbitrary PHP code via install4.php, exploit requires accessible /install/ directory after...

9.3CVSS6.6AI score0.0282EPSS
Exploits0References4
Nuclei
Nuclei
added yesterday43 views

ShokoServer System - Local File Inclusion (LFI)

ShokoServer is a media server which specializes in organizing anime. In affected versions the /api/Image/WithPath endpoint is accessible without authentication and is supposed to return default server images. The endpoint accepts the parameter serverImagePath, which is not sanitized in any way...

8.6CVSS7.1AI score0.08147EPSS
Exploits1References2
NVD
NVD
added 2 days ago6 views

CVE-2026-58540

Improper authorization in Windows Installer allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00284EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-50490

Use after free in Windows Installer allows an authorized attacker to elevate privileges locally...

7CVSS0.00252EPSS
Exploits0References1
NVD
NVD
added 2 days ago2 views

CVE-2026-50400

Stack-based buffer overflow in Windows App Installer allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00245EPSS
Exploits0References1
NVD
NVD
added 2 days ago3 views

CVE-2026-48572

Concurrent execution using shared resource with improper synchronization 'race condition' in Windows App Installer allows an authorized attacker to elevate privileges locally...

7CVSS0.00168EPSS
Exploits0References1
NVD
NVD
added 2 days ago5 views

CVE-2026-48571

Use after free in Windows App Installer allows an authorized attacker to elevate privileges locally...

7CVSS0.00219EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-58540 Windows Installer Elevation of Privilege Vulnerability

...

7.8CVSS0.00284EPSS
Exploits0References1
CVE
CVE
added 2 days ago5 views

CVE-2026-58540

CVE-2026-58540 is a Windows Installer elevation-of-privilege vulnerability. The issue arises from improper authorization in Windows Installer, enabling a locally authenticated attacker to gain elevated privileges. CVSSv3.1 metrics (Microsoft-supplied) indicate a local attack vector, low attack co...

7.8CVSS6AI score0.00284EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago31 views

CVE-2026-50490 Windows Installer Elevation of Privilege Vulnerability

...

7CVSS0.00252EPSS
Exploits0References1
CVE
CVE
added 2 days ago6 views

CVE-2026-50490

CVE-2026-50490 describes a use-after-free vulnerability in Windows Installer that could allow an authenticated, locally located attacker to elevate privileges. The initial description confirms local privilege escalation with high impact (CVE ID: 2026-50490; vulnerable component: Windows Installer...

7CVSS6AI score0.00252EPSS
Exploits0References1
Cvelist
Cvelist
added 2 days ago22 views

CVE-2026-50400 Windows App Package Installer Elevation of Privilege Vulnerability

...

7.8CVSS0.00245EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2 days ago4 views

CVE-2026-50400 Windows App Package Installer Elevation of Privilege Vulnerability

...

7.8CVSS6.1AI score0.00245EPSS
Exploits0References1
Rows per page
Query Builder