Lucene search
K

415 matches found

ATTACKERKB
ATTACKERKB
added 5 days ago7 views

CVE-2026-0276

A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...

4.8CVSS6AI score0.00137EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 5 days ago36 views

CVE-2026-0276 Cortex XDR Broker VM: Privilege Escalation (PE) Vulnerability

A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...

4.8CVSS0.00137EPSS
Exploits0References1
EUVD
EUVD
added 5 days ago7 views

EUVD-2026-42690

A privilege escalation vulnerability in Palo Alto Networks Cortex® XDR Broker VM enables a locally authenticated user to perform actions as the root user...

4.8CVSS6AI score0.00137EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/26 10:15 a.m.9 views

CVE-2025-7958

A Code Injection vulnerability existed in Trellix Network Security CM and NX. A locally authenticated admin user can execute arbitrary code using the web interface and Alert artifact details...

8.5CVSS6.2AI score0.00197EPSS
Exploits0References2Affected Software1
Fedora
Fedora
added 2026/06/26 12:59 a.m.7 views

[SECURITY] Fedora 44 Update: python-django-allauth-65.18.0-1.fc44

Integrated set of Django applications addressing authentication, registration, account management as well as 3rd party social account authentication. Most existing Django apps that address the problem of social authentication focus on just that. You typically need to integrate another app in orde...

6.1CVSS5.7AI score0.00159EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/17 9:5 p.m.21 views

CVE-2026-8049 CVE-2026-8049

In SignalRGB versions prior to 1.3.7.0, the \.\SignalIo device object is created without an explicit SDDL security descriptor and without FILEDEVICESECUREOPEN. This results in overly permissive default access control, allowing any authenticated local user to obtain a handle to the device and issu...

0.00087EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 8:40 p.m.8 views

CVE-2026-0268 Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

6.9CVSS5.5AI score0.00115EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/10 8:40 p.m.36 views

CVE-2026-0268 Prisma Access Agent: Local Authenticated VPN Enforcement Bypass on Linux

A security control bypass vulnerability in Prisma Access Agent for Linux allows a local attacker to route network traffic outside the VPN tunnel. This does not impact Prisma Access Agent on Windows, macOS, iOS, Android, or ChromeOS...

6.9CVSS0.00115EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/10 2:9 p.m.11 views

EUVD-2026-36049

A potential authentication bypass was reported in Lenovo Smart Connect for Windows that could allow a local authenticated user to execute arbitrary code with elevated privileges...

7.3CVSS6AI score0.00108EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/04 10:3 a.m.14 views

CVE-2026-8036

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

8.4CVSS5.9AI score0.00107EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/06/02 5:26 p.m.8 views

CVE-2026-8036

Improper input validation in NI-PAL may allow a local authenticated user to access arbitrary system memory, potentially leading to privilege escalation. This vulnerability affects NI-PAL 26.3.0 and prior versions on Windows and Linux...

8.4CVSS5.9AI score0.00107EPSS
Exploits0References2
NVD
NVD
added 2026/06/01 9:16 a.m.18 views

CVE-2026-32325

Privilege chaining issue exists in ServerView Agents for Windows V11.60.04 and earlier. If this vulnerability is exploited, a local authenticated attacker who can log in to the server where the affected product is installed may obtain SYSTEM privilege...

8.5CVSS0.00097EPSS
Exploits0References2
PyPA
PyPA
added 2026/05/28 5:16 p.m.20 views

PYSEC-2026-191

Synapse is an open source Matrix homeserver implementation. Prior to 1.152.1, local authenticated users can cause Synapse to starve other requests of CPU and lead to other requests failing, causing other users to be denied service. This vulnerability is fixed in 1.152.1...

6.8CVSS5.8AI score0.00128EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/05/26 2:16 p.m.21 views

CVE-2026-7310

A heap-based buffer overflow vulnerability exists in XML parser functionality in the HiDraw. An authenticated malicious user with local access can exploit this vulnerability using a specially crafted XML file which may lead to memory corruption and potential arbitrary code execution. Successful...

4.4CVSS0.00103EPSS
Exploits0References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerability in Mariadb 10.3

MariaDB CONNECT Storage Engine Format String Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected MariaDB installations. Authentication is required to exploit this vulnerability. The specific flaw exists within the processing of SQL...

7.8CVSS7.4AI score0.00657EPSS
Exploits0References2
NVD
NVD
added 2026/05/13 7:16 p.m.14 views

CVE-2026-0236

A code injection vulnerability in Palo Alto Networks Prisma® Browser on macOS fails to properly restrict access to its AppleScript interface allowing a locally authenticated non-admin user to leverage this exposed Apple Event handler to send unauthorized commands to the browser...

7.8CVSS0.00144EPSS
Exploits0References1
NVD
NVD
added 2026/05/13 7:16 p.m.7 views

CVE-2026-0235

A race condition vulnerability in Palo Alto Networks Prisma® Browser enables a locally authenticated non-admin user to bypass certain access and data control policies...

5.8CVSS0.00173EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/13 12:0 a.m.11 views

Palo Alto Networks Prisma Access Agent 安全漏洞

Palo Alto Networks Prisma Access Agent is a zero-trust network access client agent developed by Palo Alto Networks. There is a security vulnerability in the Palo Alto Networks Prisma Access Agent, which stems from issues with the permission management mechanism. This vulnerability allows...

8.5CVSS6.1AI score0.00144EPSS
Exploits0References1
NVD
NVD
added 2026/05/12 3:16 p.m.15 views

CVE-2026-7432

A race condition in Ivanti Secure Access Client before 22.8R6 allows a locally authenticated user to escalate privileges to SYSTEM...

7.8CVSS0.00284EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/12 2:31 p.m.5 views

CVE-2026-8110

Incorrect permissions assignment in the agent of Ivanti Endpoint Manager before version 2024 SU6 allows a local authenticated attacker to escalate their privileges...

7.8CVSS5.8AI score0.00245EPSS
Exploits0References2
Rows per page
Query Builder