EUVD-2026-33669

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit...

CVE-2026-8501

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit...

PT-2026-43706

Netis AC1200 Router NC21 V4.0.1.4296 exposes a CGI endpoint /cgi-bin/skk get.cgi that returns the entire router configuration as a JSON response with no authentication required. Any attacker on the LAN can send a single HTTP GET request and instantly retrieve administrator credentials, WiFi...

SUSE CVE-2026-43619

Rsync version 3.4.2 and prior contain symlink race condition vulnerabilities in path-based system calls including chmod, lchown, utimes, rename, unlink, mkdir, symlink, mknod, link, rmdir, and lstat that allow local attackers to redirect operations to files outside the exported rsync module...

CVE-2026-21022

Improper handling of insufficient permissions in Routines prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

CVE-2026-21016

Incorrect privilege assignment in LocationManager prior to SMR May-2026 Release 1 allows local attackers to access sensitive information...

CVE-2025-43937

Dell PowerScale OneFS, versions prior to 9.12.0.0, contains an insertion of sensitive information into log file vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able ...

CVE-2026-35568 MCP Java-SDK has a DNS Rebinding Vulnerability

MCP Java SDK is the official Java SDK for Model Context Protocol servers and clients. Prior to 1.0.0, the java-sdk contains a DNS rebinding vulnerability. This vulnerability allows an attacker to access a locally or network-private java-sdk MCP server via a victims browser that is either local, o...

CVE-2026-22174

OpenClaw: Affected software is OpenClaw versions prior to 2026.2.22. The root cause is that the x-OpenClaw-relay-token header is injected into Chrome CDP probe traffic on loopback interfaces, enabling local processes to capture the Gateway authentication token. An attacker controlling a loopback ...

CVE-2026-24508

Dell Alienware Command Center AWCC, versions prior to 6.12.24.0, contain an Improper Certificate Validation vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information exposure...

Uncontrolled Search Path Element

Overview Affected versions of this package are vulnerable to Uncontrolled Search Path Element due to the insecure default configuration that loads configuration files from the C:\etc directory on Windows systems. An attacker can compromise confidentiality, integrity, and availability by placing...

CVE-2026-22923

A vulnerability has been identified in NX All versions V2512, NX Managed Mode All versions V2512. The affected application contains a data validation vulnerability that could allow an attacker with local access to interfere with internal data during the PDF export process that could potentially...

CVE-2020-7586

A vulnerability has been identified in SIMATIC PCS 7 V8.2 and earlier All versions, SIMATIC PCS 7 V9.0 All versions V9.0 SP3, SIMATIC PDM All versions V9.2, SIMATIC STEP 7 V5.X All versions V5.6 SP2 HF3, SINAMICS STARTER containing STEP 7 OEM version All versions V5.4 HF2. A buffer overflow...

CVE-2022-33715

Improper access control and path traversal vulnerability in LauncherProvider prior to SMR Aug-2022 Release 1 allow local attacker to access files of One UI...

CVE-2024-34626

Out-of-bounds read in applying own binary in Samsung Notes prior to version 4.4.21.62 allows local attackers to potentially read memory...

CVE-2025-40574

A vulnerability has been identified in SCALANCE LPE9403 6GK5998-3GS00-2AC2 All versions V4.0 HF0. Affected devices do not properly assign permissions to critical ressources. This could allow a non-privileged local attacker to interact with the backupmanager service...

CVE-2024-29720

CVE-2024-29720 concerns Sciter v4.4.7.0 from Terra Informatica Software. The vulnerability stems from the adopt component of Sciter's video rendering function, allowing a local attacker to obtain sensitive information. Affected product: Sciter 4.4.7.0; root cause: flaw in adopt path of video rend...

Rockwell Automation Arena Simulation

RISK EVALUATION Successful exploitation of this vulnerability could allow local attackers to execute arbitrary code on affected installations of Arena. 2. RECOMMENDED PRACTICES CISA recommends users take defensive measures to minimize the risk of exploitation of this vulnerability, such as:...

CVE-2025-57521

CVE-2025-57521 affects Bambu Studio 2.1.1.52 and earlier. The vulnerability arises at application startup when the program loads a network plug‑in without validating its digital signature or verifying authenticity. A local attacker can place a malicious component in the expected location (e.g., u...

CVE-2025-21054

Out-of-bounds read in the parsing header for JPEG decoding in libpadm.so prior to SMR Oct-2025 Release 1 allows local attackers to potentially access out-of-bounds memory...