Lucene search
K

77 matches found

NVD
NVD
added yesterday2 views

CVE-2026-50425

Use after free in Windows Internal System User Profile allows an authorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
Cvelist
Cvelist
added yesterday15 views

CVE-2026-50425 Windows Internal System User Profile Elevation of Privilege Vulnerability

...

7.8CVSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-50425

CVE-2026-50425: A use-after-free in Windows Internal System User Profile leads to local privilege escalation for an authorized attacker. Affected component: Windows Internal System User Profile; root cause: use-after-free; impact: gain high privileges locally with no user interaction (CVSSv3.1: A...

7.8CVSS6AI score
Exploits0References1
Positive Technologies
Positive Technologies
added yesterday7 views

PT-2026-58404

Name of the Vulnerable Software and Affected Versions Windows Internal System User Profile affected versions not specified Description A use after free issue in the Windows Internal System User Profile allows an authorized attacker to elevate privileges locally. Use after free is a memory...

7.8CVSS6.2AI score
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/03 7:32 a.m.10 views

golang: internal/syscall/unix: Root.Chmod can follow symlinks out of the root

A flaw was found in the internal/syscall/unix package in the Go standard library. If the target of the Root.Chmod function is replaced with a symbolic link during execution, specifically after Root.Chmod checks the target but before acting, the chmod operation will be performed on the file the...

6.4CVSS5.7AI score0.00292EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/14 12:0 a.m.15 views

PT-2026-40951

HCL AION is affected by a vulnerability where sensitive backend infrastructure details may be exposed. Exposure of such information could reveal internal system architecture or configuration details, which may potentially assist in further analysis or targeted actions under certain conditions...

5.1CVSS5.8AI score0.00109EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/14 12:0 a.m.11 views

HCL AION 安全漏洞

HCL AION is an AI lifecycle management platform developed by the Indian company HCL. HCL AION has a security vulnerability, which stems from the possibility of exposing sensitive details related to backend infrastructure. This could lead to the disclosure of internal system architecture or...

5.1CVSS5.8AI score0.00109EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.18 views

PT-2026-37164

Name of the Vulnerable Software and Affected Versions Kirby versions prior to 4.9.0 Kirby versions prior to 5.4.0 Description Missing authorization in the system API endpoint allows authenticated users to access sensitive information. Specifically, the '/api/system' endpoint leaks the installed...

5.3CVSS5.8AI score0.00193EPSS
Exploits0References10
EUVD
EUVD
added 2026/04/01 9:5 p.m.9 views

EUVD-2026-17650

AVideo: Missing Authentication in CreatePlugin list.json.php Template Affects 21 Endpoints...

7.5CVSS5.8AI score0.00376EPSS
Exploits1References3
NVD
NVD
added 2026/03/31 9:16 p.m.5 views

CVE-2026-34732

WWBN AVideo is an open source video platform. In versions 26.0 and prior, the AVideo CreatePlugin template for list.json.php does not include any authentication or authorization check. While the companion templates add.json.php and delete.json.php both require admin privileges, the list.json.php...

7.5CVSS0.00376EPSS
Exploits1References1
CVE
CVE
added 2026/03/31 8:51 p.m.13 views

CVE-2026-34732

CVE-2026-34732 concerns WWBN AVideo. Red Hat, OSV, CVE listings confirm that versions up to 26.0 contain a missing authentication/authorization check in the CreatePlugin template’s list.json.php, unlike add.json.php and delete.json.php which require admin rights. This omission creates 21 unauthen...

7.5CVSS5.9AI score0.00376EPSS
Exploits1References1Affected Software1
EUVD
EUVD
added 2026/03/31 12:31 p.m.4 views

EUVD-2025-209145

Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface UI to execute arbitrary operating system commands as the root user on the Socket’s internal system...

8.3CVSS6.2AI score0.00976EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/03/31 11:35 a.m.24 views

CVE-2025-14213 Cato's Socket WebUI is vulnerable to OS Command Injection

Cato Networks’ Socket versions prior to 25 contain a command injection vulnerability that allows an authenticated attacker with access to the Socket web interface UI to execute arbitrary operating system commands as the root user on the Socket’s internal system...

8.3CVSS0.00976EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/03/25 12:0 a.m.11 views

IBM InfoSphere Information Server 安全漏洞

IBM InfoSphere Information Server is IBM's data integration platform for integrating, cleansing, transforming and managing enterprise data. An information disclosure vulnerability exists in IBM InfoSphere Information Server that stems from the system returning overly detailed error messages. An...

4.3CVSS5.8AI score0.00284EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/03/07 1:44 a.m.8 views

CVE-2026-28442

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...

8.5CVSS5.8AI score0.00304EPSS
Exploits1References1
NVD
NVD
added 2026/03/05 9:16 p.m.9 views

CVE-2026-28442

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...

8.5CVSS0.00304EPSS
Exploits1References1
OSV
OSV
added 2026/03/05 8:38 p.m.8 views

CVE-2026-28442 ZimaOS: Arbitrary Deletion of Internal System Files via API Path Manipulation

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...

8.5CVSS5.8AI score0.00304EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/03/05 8:38 p.m.3 views

CVE-2026-28442 ZimaOS: Arbitrary Deletion of Internal System Files via API Path Manipulation

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...

8.5CVSS5.8AI score0.00304EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/03/05 8:38 p.m.41 views

CVE-2026-28442 ZimaOS: Arbitrary Deletion of Internal System Files via API Path Manipulation

ZimaOS is a fork of CasaOS, an operating system for Zima devices and x86-64 systems with UEFI. In version 1.5.2-beta3, users are restricted from deleting internal system files or folders through the application interface. However, when interacting directly with the API, these restrictions can be...

8.5CVSS0.00304EPSS
Exploits1References1
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.13 views

PT-2026-23517

Name of the Vulnerable Software and Affected Versions ZimaOS version 1.5.2-beta3 Description ZimaOS, a fork of CasaOS, exhibits a security issue where restrictions on deleting internal system files and folders can be bypassed through manipulation of the API. Specifically, altering the path...

8.5CVSS5.8AI score0.00304EPSS
Exploits1References6
Rows per page
Query Builder