Lucene search
+L

2879 matches found

osv
osv
added 2026/05/05 6:55 p.m.2 views

CVE-2026-31893 Tunnelblick arbitrary file read via symlink following in tunnelblickd

Tunnelblick is an open source graphic user interface for OpenVPN on macOS. In versions 3.3beta26 through 9.0beta01, any local user can read arbitrary root-owned files by exploiting a symlink following vulnerability in tunnelblick-helper, reachable through the world-accessible tunnelblickd Unix...

6.8CVSS6AI score0.00242EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2026/05/05 12:0 a.m.11 views

PT-2026-37225

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, an INI injection vulnerability allows any standard local user to bypass configuration restrictions EditAdminOnly and ConfigPassword and inject arbitrary directives into the global...

9.3CVSS5.9AI score0.00251EPSS
Exploits1References3
cve
cve
added 2026/05/04 12:37 p.m.120 views

CVE-2026-24072

CVE-2026-24072 is an escalation-of-privilege issue in Apache HTTP Server up to version 2.4.66, where local ".htaccess" authors can read files with the privileges of the httpd user due to a vulnerability in various modules (notably via the ap_expr/mod_rewrite path). The fixed version is 2.4.67. Pr...

8.8CVSS5.8AI score0.00654EPSS
Exploits1References2Affected Software1
redhatcve
redhatcve
added 2026/05/01 6:4 p.m.5 views

CVE-2026-43039

A flaw was found in the Linux kernel's icssg-prueth network driver. This vulnerability allows for information disclosure, where uninitialized kernel memory contents can be exposed to user applications. This occurs because the driver fails to properly copy received packet data into a network buffe...

9.8CVSS5.8AI score0.00308EPSS
Exploits0References4
nvd
nvd
added 2026/04/30 10:16 p.m.5 views

CVE-2025-36335

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

6.2CVSS0.00093EPSS
Exploits0References1
attackerkb
attackerkb
added 2026/04/30 9:12 p.m.4 views

CVE-2025-36335

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

6.2CVSS5.1AI score0.00093EPSS
Exploits0References2
vulnrichment
vulnrichment
added 2026/04/30 9:12 p.m.6 views

CVE-2025-36335 Vulnerabilities found

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

6.2CVSS5.8AI score0.00093EPSS
Exploits0References1
euvd
euvd
added 2026/04/30 9:12 p.m.9 views

EUVD-2025-209604

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

6.2CVSS5.1AI score0.00093EPSS
Exploits0References1
cvelist
cvelist
added 2026/04/30 9:12 p.m.30 views

CVE-2025-36335 Vulnerabilities found

IBM watsonx.data intelligence 5.2.0, 5.2.1, 5.3.0, 5.3.1 stores user credentials in plain text which can be read by a local user...

6.2CVSS0.00093EPSS
Exploits0References1
osv
osv
added 2026/04/27 5:15 p.m.15 views

JLSEC-2026-212

util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...

4.7CVSS5.3AI score0.00118EPSS
Exploits1References3
redhatcve
redhatcve
added 2026/04/24 7:5 p.m.8 views

CVE-2026-31591

A flaw was found in the Linux kernel's Kernel-based Virtual Machine KVM component. This vulnerability allows a local user in userspace to manipulate or run a virtual CPU vCPU while its state is being synchronized during the Secure Nested Paging SNP launch process. This improper synchronization ca...

5.5CVSS5.5AI score0.00122EPSS
Exploits0References4
redhatcve
redhatcve
added 2026/04/22 6:46 p.m.5 views

CVE-2026-31482

A flaw was found in the Linux kernel, specifically within the s390 architecture's kernel entry process. Due to an incomplete update, a critical register r12 was not properly cleared when entering the kernel. This oversight could allow a local user to potentially access sensitive system informatio...

5.5CVSS5.7AI score0.00122EPSS
Exploits0References4
osv
osv
added 2026/04/22 5:17 p.m.4 views

SUSE-SU-2026:21340-1 Security update for the Linux Kernel (Live Patch 12 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-35.1 fixes various security issues The following security issues were fixed: - CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...

7.8CVSS5.6AI score0.0015EPSS
Exploits0References5
osv
osv
added 2026/04/22 4:44 p.m.6 views

SUSE-SU-2026:21305-1 Security update for the Linux Kernel RT (Live Patch 5 for SUSE Linux Enterprise Micro 6.0)

This update for the SUSE Linux Enterprise Kernel 6.4.0-25.1 fixes various security issues The following security issues were fixed: - CVE-2025-40309: Bluetooth: SCO: Fix UAF on scoconnfree bsc1255066. - CVE-2026-23268: apparmor: fix unprivileged local user can do privileged policy management...

7.8CVSS5.6AI score0.0015EPSS
Exploits0References5
nessus
nessus
added 2026/04/21 12:0 a.m.7 views

Unity Linux 20.1070e Security Update: kernel (UTSA-2026-013251)

The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-013251 advisory. The dohidpsockioctl function in net/bluetooth/hidp/sock.c in the Linux kernel before 5.0.15 allows a local user to obtain potentially sensitive information from kern...

3.3CVSS6.7AI score0.00495EPSS
Exploits0References4
attackerkb
attackerkb
added 2026/04/09 9:27 p.m.3 views

CVE-2026-33788

A Missing Authentication for Critical Function vulnerability in the Flexible PIC Concentrators FPCs of Juniper Networks Junos OS Evolved on PTX Series allows a local, authenticated attacker with low privileges to gain direct access to FPCs installed in the device. A local user with low privileges...

8.5CVSS5.9AI score0.00114EPSS
Exploits0References2
nvd
nvd
added 2026/04/03 11:17 p.m.4 views

CVE-2026-34933

Avahi is a system which facilitates service discovery on a local network via the mDNS/DNS-SD protocol suite. Prior to version 0.9-rc4, any unprivileged local user can crash avahi-daemon by sending a single D-Bus method call with conflicting publish flags. This issue has been patched in version...

5.5CVSS0.00203EPSS
Exploits1References4
osv
osv
added 2026/04/03 10:16 p.m.30 views

UBUNTU-CVE-2026-34990

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That...

7.8CVSS5.9AI score0.00289EPSS
Exploits1References4
alpinelinux
alpinelinux
added 2026/04/03 9:23 p.m.4 views

CVE-2026-27456

util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...

4.7CVSS5.7AI score0.00118EPSS
Exploits1References3
osv
osv
added 2026/03/27 5:21 p.m.4 views

GHSA-453R-G2PG-CXXQ Local Incus UI web server vulnerable to nuthentication bypass

Summary The web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. Details incus webui runs a local web server on a random localhost port. For authentication, it provides the user with a URL containing an authentication token...

8.8CVSS6AI score0.00347EPSS
Exploits0References5
Rows per page
Query Builder