Lucene search
+L

2883 matches found

OSV
OSV
added 2026/04/03 10:16 p.m.30 views

UBUNTU-CVE-2026-34990

OpenPrinting CUPS is an open source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and prior, a local unprivileged user can coerce cupsd into authenticating to an attacker-controlled localhost IPP service with a reusable Authorization: Local ... token. That...

7.8CVSS5.9AI score0.00289EPSS
Exploits1References4
AlpineLinux
AlpineLinux
added 2026/04/03 9:23 p.m.4 views

CVE-2026-27456

util-linux is a random collection of Linux utilities. Prior to version 2.41.4, a TOCTOU Time-of-Check-Time-of-Use vulnerability has been identified in the SUID binary /usr/bin/mount from util-linux. The mount binary, when setting up loop devices, validates the source file path with user privilege...

4.7CVSS5.7AI score0.00118EPSS
Exploits1References3
OSV
OSV
added 2026/03/27 5:21 p.m.4 views

GHSA-453R-G2PG-CXXQ Local Incus UI web server vulnerable to nuthentication bypass

Summary The web server spawned by incus webui incorrectly validates the authentication token such that an invalid value will be accepted. Details incus webui runs a local web server on a random localhost port. For authentication, it provides the user with a URL containing an authentication token...

8.8CVSS6AI score0.00347EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/03/26 11:3 p.m.3 views

CVE-2025-12708

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...

6.2CVSS5.8AI score0.00093EPSS
Exploits0References1
CVE
CVE
added 2026/03/26 4:18 p.m.17 views

CVE-2026-3113

CVE-2026-3113 affects Mattermost (versions listed) where bulk exports fail to enforce file permissions during download, enabling other local server users to read exported contents. Root cause: permissions are not properly set on the downloaded bulk export, allowing access beyond the intended owne...

5.5CVSS5.8AI score0.00127EPSS
Exploits0References1Affected Software1
RedhatCVE
RedhatCVE
added 2026/03/26 2:58 p.m.6 views

CVE-2026-4606

GV Edge Recording Manager ERM v2.3.1 improperly runs application components with SYSTEM-level privileges, allowing any local user to gain full control of the operating system. During installation, ERM creates a Windows service that runs under the LocalSystem account. When the ERM application is...

10CVSS5.8AI score0.00298EPSS
Exploits0References1
NVD
NVD
added 2026/03/25 9:16 p.m.8 views

CVE-2025-36258

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

7.1CVSS0.00155EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 8:25 p.m.31 views

CVE-2025-36258 IBM InfoSphere Information Server is vulnerable due to plaintext storage of a password

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

7.1CVSS0.00155EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/25 8:25 p.m.4 views

CVE-2025-36258

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

7.1CVSS5.8AI score0.00155EPSS
Exploits0References2Affected Software1
CVE
CVE
added 2026/03/25 8:25 p.m.21 views

CVE-2025-36258

CVE-2025-36258 affects IBM InfoSphere Information Server 11.7.0.0–11.7.1.6. The root cause is plaintext storage of user credentials and other sensitive information, allowing a local user to read them. IBM’s security bulletin notes a CVSSv3.1 base score of 7.1 (vector: AV:L/AC:L/PR:N/UI:N/S:C/C:H/...

7.1CVSS5.8AI score0.00155EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/03/25 8:16 p.m.1 views

CVE-2025-12708

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...

5.5CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
added 2026/03/25 8:4 p.m.28 views

CVE-2025-12708 Multiple Vulnerabilities in IBM Concert Software

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...

6.2CVSS0.00093EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.9 views

PT-2026-28093

IBM Concert 1.0.0 through 2.2.0 contains hard-coded credentials that could be obtained by a local user...

6.2CVSS5.8AI score0.00093EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/03/25 12:0 a.m.13 views

PT-2026-28113

IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 product stores user credentials and other sensitive information in plain text which can be read by a local user...

7.1CVSS5.8AI score0.00155EPSS
Exploits0References2
NVD
NVD
added 2026/03/19 3:16 a.m.4 views

CVE-2025-36051

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user...

6.2CVSS0.00101EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/03/19 1:55 a.m.5 views

CVE-2025-36051

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user...

6.2CVSS5.8AI score0.00101EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/03/19 1:55 a.m.28 views

CVE-2025-36051 IBM QRadar SIEM Information Disclosure

IBM QRadar SIEM 7.5.0 through 7.5.0 Update Package 14 stores potentially sensitive information in configuration files that could be read by a local user...

6.2CVSS0.00101EPSS
Exploits0References1
Snyk
Snyk
added 2026/03/16 8:41 p.m.4 views

Incorrect Permission Assignment for Critical Resource

Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Incorrect Permission Assignment for Critical Resource due to the creation of session transcript files with overly broad default permissions. An attacker can access sensitive transcript...

8.4CVSS5.9AI score0.0012EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/03/06 12:0 a.m.4 views

NewStart CGSL MAIN 6.06 (SP) : util-linux Vulnerability (NS-SA-2026-0013)

The remote NewStart CGSL host, running version MAIN 6.06 SP, has util-linux packages installed that are affected by a vulnerability: - Blkid in util-linux before 2.26rc-1 allows local users to execute arbitrary code. CVE-2014-9114 Note that Nessus has not tested for these issues but has instead...

7.8CVSS6.1AI score0.00648EPSS
Exploits0References3
NVD
NVD
added 2026/03/05 2:16 a.m.8 views

CVE-2026-29125

IDC SFX2100 Satalite Recievers set the /etc/resolv.conf file to be world-writable by any local user, allowing DNS resolver tampering that can redirect network communications, facilitate man-in-the-middle attacks, and cause denial of service...

7.1CVSS0.00106EPSS
Exploits1References1
Rows per page
Query Builder