73 matches found
Microsoft Defender for Endpoint for Mac Information Disclosure Vulnerability
Exposure of private personal information to an unauthorized actor in Microsoft Defender allows an authorized attacker to disclose information locally...
Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally...
Windows Cryptographic Services Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally...
CVE-2026-46468
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access 'Link following' vulnerabilit...
UBUNTU-CVE-2026-13601
A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...
PT-2026-50241
In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...
Windows Shell Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network...
Windows Shell Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...
e107 安全漏洞
e107 is a set of open-source, free content management systems CMS developed by the E107 team, based on PHP and MySQL. This system supports various plugins and theme options, and can be used for personal blogs, discussion communities, archives, etc. Versions of e107 prior to 2.3.4 contained securi...
GHSA-G39V-CVJH-8FPF Home Assistant MCP Server: YAML config backups written under www/ are served unauthenticated at /local/
Summary When ENABLEYAMLCONFIGEDITING=true, every haconfigsetyaml call backs up the pre-edit file to /www/yamlbackups/, which Home Assistant serves at /local/ with no authentication. Anyone who can reach the HA web interface can download the most recent pre-edit configuration.yaml or other YAML fi...
EUVD-2026-29638
Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...
nodejs: Node.js: Local server can be started without network permission via Permission API flaw
A flaw was found in Node.js. The Node.js Permission API can allow a local server to be started through a Unix domain socket, even when the --allow-net permission is not explicitly granted. This bypasses intended security restrictions, potentially leading to unintended local network exposure or...
Windows Print Spooler Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...
Remote Procedure Call Information Disclosure Vulnerability
Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally...
Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks
A flaw was found in Node.js. The Node.js Permission Model, designed to restrict network access, incorrectly omits permission checks for Unix Domain Socket UDS server operations. This allows local code, even when explicitly denied network access, to create and expose inter-process communication IP...
CVE-2026-33572 OpenClaw < 2026.2.17 - Insufficient File Permissions in Session Transcript Files
OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output...
CVE-2026-4040
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...
GHSA-XQ7H-VWJP-5VRH @grackle-ai/powerline Runs Without Authentication by Default
Impact When --token is not provided and GRACKLEPOWERLINETOKEN is not set, the PowerLine gRPC server runs with zero authentication. A warning is logged "NO AUTH development only" but nothing prevents deployment in this state. Any client that can reach the PowerLine port can spawn agent sessions,...
CVE-2026-4040
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...
CVE-2026-4040 OpenClaw File Existence tools.exec.safeBins information exposure
A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...