Lucene search
K

7270 matches found

OSV
OSV
added 2026/06/03 9:16 a.m.35 views

USN-8344-3 python-pip vulnerability

USN-8344-1 introduced a regression in pip. This update provides a complete fix for this issue.. We apologize for the inconvenience. Original advisory details: It was discovered that pip's bundled urllib3 library improperly handled streaming decompression of highly compressed data. A remote attack...

8.9CVSS6.8AI score0.00633EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/02 10:2 p.m.16 views

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6.2CVSS5.9AI score0.00084EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 10:2 p.m.16 views

CVE-2026-0088

In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00079EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/02 7:35 a.m.12 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.10.3

Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.10.3 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.10.3 release that simplify the process of...

7.5CVSS5.8AI score0.00615EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/02 6:45 a.m.20 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.17.0

Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.17.0 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.17.0 release that simplify the process of...

7.5CVSS7.1AI score0.00615EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/02 12:31 a.m.13 views

EUVD-2026-33800

In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00079EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/02 12:0 a.m.12 views

PT-2026-46630

Name of the Vulnerable Software and Affected Versions Google Chrome versions prior to 149.0.7827.53 Description An inappropriate implementation in the Installer on Windows allows a local attacker to achieve OS-level privilege escalation by using a malicious file. Recommendations Update to version...

9.6CVSS5.8AI score0.00493EPSS
Exploits0References437
OSV
OSV
added 2026/06/02 12:0 a.m.6 views

OPENSUSE-SU-2026:10940-1 python311-pip-26.1.2-1.1 on GA media

These are all security issues fixed in the python311-pip-26.1.2-1.1 package on the GA media of openSUSE Tumbleweed...

8CVSS5.8AI score0.0032EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/06/02 12:0 a.m.10 views

Google Chrome 安全漏洞

Google Chrome is a web browser developed by the American company Google. Versions of Google Chrome prior to 149.0.7827.53 contained a security vulnerability, which was caused by improper implementation of the Installer component. This vulnerability could allow local attackers to execute operation...

7.8CVSS5.5AI score0.0008EPSS
Exploits0References3
NVD
NVD
added 2026/06/01 10:16 p.m.12 views

CVE-2026-0089

In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00067EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 10:16 p.m.21 views

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6.2CVSS0.00084EPSS
Exploits0References1
NVD
NVD
added 2026/06/01 9:16 p.m.16 views

CVE-2026-49134

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS0.0027EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.10 views

CVE-2026-0089

In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00067EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.10 views

CVE-2026-0089

In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.10 views

CVE-2026-0088

In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00079EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:14 p.m.27 views

CVE-2026-0089

The CVE-2026-0089 issue affects the PackageInstallerService.java component and enables installation of unverified apps due to a missing permission check, enabling local privilege escalation with no extra execution privileges required and no user interaction needed. The core impact is local escala...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.39 views

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

0.00084EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.8 views

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6AI score0.00084EPSS
Exploits0References2Affected Software1
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.9 views

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

5.9AI score0.00084EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/01 6:53 p.m.15 views

EUVD-2026-33750

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS6.1AI score0.0027EPSS
Exploits0References4
Rows per page
Query Builder