Lucene search
K

220436 matches found

CVE
CVE
added 23 minutes ago5 views

CVE-2026-49501

Dell PowerScale OneFS versions 9.5.0.0 through 9.10.1.7, and versions 9.11.0.0 through 9.13.0.2 contains an Improper Privilege Management vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Elevation of privileges...

6.7CVSS
Exploits0References1
CVE
CVE
added 8 hours ago10 views

CVE-2026-15029

The CVE-2026-15029 entry covers an Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager. The vulnerability permits a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests...

8.4CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added 8 hours ago8 views

EUVD-2026-44589

Untrusted Pointer Dereference in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to perform arbitrary physical memory read and write operations via crafted IOCTL requests to the driver, bypassing OS-enforced memory protection...

8.4CVSS6.2AI score
Exploits0References1
CVE
CVE
added 8 hours ago7 views

CVE-2026-15030

The CVE-2026-15030 entry concerns ASUS components: System Control Interface v3, System Control Interface, and ASUS Business Manager. The weakness is an out-of-bounds read caused by a crafted IOCTL request that bypasses validation, enabling a local administrator to read memory regions beyond the i...

5.6CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 8 hours ago7 views

EUVD-2026-44588

Out-of-bounds Read in ASUS System Control Interface v3, ASUS System Control Interface, and ASUS Business Manager allows a local administrator to read memory regions beyond the intended firmware boundary by supplying a crafted IOCTL request that bypasses the validation. Refer to the ' Security...

5.6CVSS6.1AI score
Exploits0References1
CVE
CVE
added 8 hours ago9 views

CVE-2026-13585

The CVE-2026-13585 affects the ASUS System Control Interface (SCI) driver and ASUS Business Manager. The root cause is Allocation of Resources Without Limits and Throttling, leading to potential exposure of sensitive information via crafted IOCTL requests. A local administrator can leverage this ...

8.2CVSS6AI score
Exploits0References1
CVE
CVE
added 8 hours ago6 views

CVE-2026-8920

The vulnerability CVE-2026-8920 concerns ASUS Aura Wallpaper Service. It describes Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path, enabling a local user to perform file operations by sending crafted commands that contain an arbitrary ...

8.5CVSS6.2AI score
Exploits0References1
EUVD
EUVD
added 8 hours ago5 views

EUVD-2026-44586

Improper Restriction of Communication Channel to Intended Endpoints and External Control of File Name or Path in Aura Wallpaper Service allow a local user to perform file operations by sending crafted commands containing an arbitrary file path and bypassing the service’s path restrictions . On...

8.5CVSS6.2AI score
Exploits0References1
CVE
CVE
added 8 hours ago8 views

CVE-2026-8919

CVE-2026-8919 affects ASUS GameSDK. A permissive cross-domain policy with untrusted domains could let a remote user induce a local UNC request to the application’s local service endpoint, exposing a local NTLM hash and enabling information disclosure, data tampering, or service disruption. The is...

7.2CVSS6.1AI score
Exploits0References1
CVE
CVE
added 10 hours ago9 views

CVE-2026-13230

The CVE-2026-13230 entry concerns TP-Link Kasa EC70 v4 and EC71 v4. The issue lies in the local discovery mechanism, where geolocation-related data can be retrieved without authentication. Affects confidentiality only; no evidence of integrity or availability impact is reported. Exploitation cont...

5.3CVSS6.1AI score
Exploits0References5
EUVD
EUVD
added 10 hours ago7 views

EUVD-2026-44577

An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related da...

5.3CVSS6.1AI score
Exploits0References5
CVE
CVE
added yesterday12 views

CVE-2026-54572

Rogue symlink handling in rclone before 1.74.4: when using -l/--links, rclone serializes symlinks as .rclonelink and recreates them locally without validating the target, allowing an attacker-controlled remote to plant an escaping symlink and cause subsequent writes to land outside the destinatio...

7.5CVSS6.1AI score
Exploits0References4
EUVD
EUVD
added yesterday3 views

EUVD-2026-44541

A security flaw has been discovered in mastergo-design mastergo-magic-mcp up to 0.2.0. This issue affects the function execute of the file src/tools/get-c2d.ts of the component mcpC2d. Performing a manipulation of the argument filePath results in path traversal. The attack requires a local...

5.3CVSS5.9AI score
Exploits0References6
NVD
NVD
added yesterday7 views

CVE-2026-50649

Deserialization of untrusted data in .NET allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday7 views

CVE-2026-50650

Improper control of generation of code 'code injection' in .NET Framework allows an unauthorized attacker to elevate privileges locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-50526

Improper link resolution before file access 'link following' in .NET allows an authorized attacker to perform tampering locally...

7CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-50646

Protection mechanism failure in .NET Framework allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
NVD
NVD
added yesterday4 views

CVE-2026-47305

Protection mechanism failure in Visual Studio allows an unauthorized attacker to execute code locally...

7.8CVSS
Exploits0References1
CVE
CVE
added yesterday35 views

CVE-2026-45071

CVE-2026-45071 affects the Symfony PHP framework (dom-crawler component). Before patches, Crawler::addXmlContent() set DOMDocument::$validateOnParse = true prior to loadXML(), re-enabling external entity resolution and allowing attacker-controlled XML to resolve file:// URIs (local file disclosur...

8.7CVSS6.1AI score0.00052EPSS
Exploits0References6
NVD
NVD
added yesterday5 views

CVE-2026-58619

Use after free in Windows Sensor Data Service allows an authorized attacker to elevate privileges locally...

7CVSS
Exploits0References1
Rows per page
Query Builder