Lucene search
+L

73 matches found

Microsoft CVE
Microsoft CVE
added 4 days ago13 views

Microsoft Defender for Endpoint for Mac Information Disclosure Vulnerability

Exposure of private personal information to an unauthorized actor in Microsoft Defender allows an authorized attacker to disclose information locally...

4.7CVSS6.1AI score0.00412EPSS
Exploits1
Microsoft CVE
Microsoft CVE
added 4 days ago8 views

Windows Trusted Runtime Interface Driver Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Trusted Runtime Interface Driver allows an authorized attacker to disclose information locally...

5.5CVSS6.1AI score0.00353EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 4 days ago13 views

Windows Cryptographic Services Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Cryptographic Services allows an authorized attacker to disclose information locally...

5.5CVSS6.1AI score0.00469EPSS
Exploits0
NVD
NVD
added 2026/07/03 1:17 p.m.6 views

CVE-2026-46468

Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.7, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an improper link resolution before file access 'Link following' vulnerabilit...

4.4CVSS0.00133EPSS
Exploits0References1
OSV
OSV
added 2026/06/29 10:16 a.m.5 views

UBUNTU-CVE-2026-13601

A flaw was found in Yelp due to an overly permissive Content Security Policy CSP implementation provided by yelp-xsl. A malicious Flatpak application can open crafted help content through the OpenURI portal. By embedding an untrusted CSS stylesheet within a structured SVG document,...

7.1CVSS5.9AI score0.0012EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 2026/06/17 12:0 a.m.16 views

PT-2026-50241

In MmsSmsProvider of MmsSmsProvider.java, there is a possible way to retrieve sensitive information due to a missing permission check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation...

10CVSS5.4AI score0.00115EPSS
Exploits0References3
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.12 views

Windows Shell Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information over a network...

6.5CVSS6.5AI score0.00816EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.18 views

Windows Shell Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Shell allows an authorized attacker to disclose information locally...

5.5CVSS5.4AI score0.00404EPSS
Exploits0
CNNVD
CNNVD
added 2026/05/26 12:0 a.m.10 views

e107 安全漏洞

e107 is a set of open-source, free content management systems CMS developed by the E107 team, based on PHP and MySQL. This system supports various plugins and theme options, and can be used for personal blogs, discussion communities, archives, etc. Versions of e107 prior to 2.3.4 contained securi...

4.3CVSS5.8AI score0.00193EPSS
Exploits0References3
OSV
OSV
added 2026/05/14 8:17 p.m.6 views

GHSA-G39V-CVJH-8FPF Home Assistant MCP Server: YAML config backups written under www/ are served unauthenticated at /local/

Summary When ENABLEYAMLCONFIGEDITING=true, every haconfigsetyaml call backs up the pre-edit file to /www/yamlbackups/, which Home Assistant serves at /local/ with no authentication. Anyone who can reach the HA web interface can download the most recent pre-edit configuration.yaml or other YAML fi...

6.5CVSS5.8AI score
Exploits0References6
EUVD
EUVD
added 2026/05/12 6:30 p.m.21 views

EUVD-2026-29638

Files or directories accessible to external parties in Microsoft Office Word allows an unauthorized attacker to disclose information locally...

5.5CVSS5.8AI score0.00448EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/04/21 5:31 p.m.2 views

nodejs: Node.js: Local server can be started without network permission via Permission API flaw

A flaw was found in Node.js. The Node.js Permission API can allow a local server to be started through a Unix domain socket, even when the --allow-net permission is not explicitly granted. This bypasses intended security restrictions, potentially leading to unintended local network exposure or...

3.3CVSS6.3AI score0.00154EPSS
Exploits0References5
Microsoft CVE
Microsoft CVE
added 2026/04/14 2:0 p.m.8 views

Windows Print Spooler Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows File Explorer allows an authorized attacker to disclose information locally...

5.5CVSS6.2AI score0.00353EPSS
Exploits0
Microsoft CVE
Microsoft CVE
added 2026/04/14 2:0 p.m.4 views

Remote Procedure Call Information Disclosure Vulnerability

Exposure of sensitive information to an unauthorized actor in Windows Remote Procedure Call allows an authorized attacker to disclose information locally...

5.5CVSS6.2AI score0.00443EPSS
Exploits0
RedHat Linux
RedHat Linux
added 2026/04/13 3:0 a.m.11 views

Node.js: Node.js: Unauthorized inter-process communication due to missing Unix Domain Socket permission checks

A flaw was found in Node.js. The Node.js Permission Model, designed to restrict network access, incorrectly omits permission checks for Unix Domain Socket UDS server operations. This allows local code, even when explicitly denied network access, to create and expose inter-process communication IP...

5.3CVSS6.3AI score0.00146EPSS
Exploits0References5
OSV
OSV
added 2026/03/29 12:44 p.m.2 views

CVE-2026-33572 OpenClaw < 2026.2.17 - Insufficient File Permissions in Session Transcript Files

OpenClaw before 2026.2.17 creates session transcript JSONL files with overly broad default permissions, allowing local users to read transcript contents. Attackers with local access can read transcript files to extract sensitive information including secrets from tool output...

6.8CVSS5.9AI score0.0012EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 3:6 p.m.5 views

CVE-2026-4040

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...

5.5CVSS5.1AI score0.00133EPSS
Exploits0References1
OSV
OSV
added 2026/03/25 5:30 p.m.3 views

GHSA-XQ7H-VWJP-5VRH @grackle-ai/powerline Runs Without Authentication by Default

Impact When --token is not provided and GRACKLEPOWERLINETOKEN is not set, the PowerLine gRPC server runs with zero authentication. A warning is logged "NO AUTH development only" but nothing prevents deployment in this state. Any client that can reach the PowerLine port can spawn agent sessions,...

6.3CVSS5.9AI score
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/03/12 12:2 p.m.2 views

CVE-2026-4040

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...

4.8CVSS5.3AI score0.00133EPSS
Exploits0References8
OSV
OSV
added 2026/03/12 12:2 p.m.7 views

CVE-2026-4040 OpenClaw File Existence tools.exec.safeBins information exposure

A vulnerability was identified in OpenClaw up to 2026.2.17. This issue affects the function tools.exec.safeBins of the component File Existence Handler. The manipulation leads to information exposure through discrepancy. The attack needs to be performed locally. Upgrading to version...

4.8CVSS5.4AI score0.00133EPSS
Exploits0References9
Rows per page
Query Builder