Lucene search
+L

5233 matches found

Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.18 views

PT-2026-45599

Name of the Vulnerable Software and Affected Versions Google Android affected versions not specified Description An integer overflow in the l2c fcr clone buf function of l2c fcr.cc allows for controlled heap corruption within the privileged Bluetooth process. This issue can lead to local escalati...

8CVSS6AI score0.00107EPSS
Exploits0References3
OSV
OSV
added 2026/06/01 12:0 a.m.17 views

ASB-A-453649377

In multiple functions of ubsanthrowingruntime.cpp, there is a possible persistent denial of service due to an integer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.5CVSS6AI score0.00074EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.11 views

ASB-A-405392600

In startAnimation of StageCoordinator.java, there is a possible tapjacking issue due to a tapjacking/overlay attack. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00072EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.11 views

ASB-A-484973621

In Load of LoadedArsc.cpp, there is a possible out of bounds write due to a heap buffer overflow. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS6.2AI score0.00075EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.17 views

PUB-A-494629585

In Write of msgtohostbuffer.cc, there is a possible out of bounds write due to an incorrect bounds check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00068EPSS
Exploits0References1
OSV
OSV
added 2026/06/01 12:0 a.m.13 views

ASB-A-397217317

In getCallingPackageName of Shared.java, there is a possible way to bypass activity start restrictions due to a confused deputy. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00068EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/28 1:22 p.m.14 views

CVE-2026-49237

An issue was discovered in Canonical Multipass for macOS before version 1.16.3 due to an incomplete fix for CVE-2025-5199. While the patch in version 1.16.0 updated the ownership of the multipassd daemon binary to root:wheel, five co-located binaries multipass, qemu-img, qemu-system-aarch64,...

7.8CVSS6AI score0.0015EPSS
Exploits2References2
CVE
CVE
added 2026/05/28 2:39 a.m.38 views

CVE-2026-9789

The CVE-2026-9789 entry describes a Local Privilege Escalation affecting Acer NitroSense software prior to 3.01.3052. The root cause is a PSAdminAgent service that creates a Named Pipe with a weak ACL, allowing any authenticated local user to connect and issue commands. The service does not verif...

8.5CVSS5.9AI score0.00152EPSS
Exploits1References1
RedhatCVE
RedhatCVE
added 2026/05/27 8:11 p.m.11 views

CVE-2026-46036

A flaw was found in the Linux kernel's vfio/cdx component. A race condition can occur during concurrent VFIODEVICESETIRQS ioctls input/output control calls, specifically within the vfiocdxsetmsitrigger function. This allows two callers to interact in a way that leads to a use-after-free...

7.8CVSS5.8AI score0.00139EPSS
Exploits0References4
Positive Technologies
Positive Technologies
added 2026/05/27 12:0 a.m.15 views

PT-2026-43542

A local user with low privileges may be able to influence the behavior of a privileged system service by manipulating configuration or application-related files located in user-writable areas of the filesystem. The affected service processes data from locations that are not sufficiently protected...

8.7CVSS5.8AI score0.0019EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/26 6:39 a.m.45 views

CVE-2026-44469 Incorrect Default Permissions in CODESYS Development System

The affected product extracts installation files to a temporary directory with incorrect default permissions during administrative installation. A low-privileged local attacker can exploit a TOCTOU race condition with a practical time window to replace verified files with malicious ones before...

8.5CVSS0.00105EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/21 1:3 p.m.7 views

CVE-2026-34929

An origin validation vulnerability in the Apex One/SEP agent could allow a local attacker to escalate privileges on affected installations. This is similar to CVE-2026-34927 but exists in a different inter-process communication mechanism. Please note: an attacker must first obtain the ability to...

7.8CVSS6AI score0.00246EPSS
Exploits0References2
CVE
CVE
added 2026/05/20 1:9 p.m.25 views

CVE-2026-42834

CVE-2026-42834 describes an elevation-of-privilege vulnerability in Windows Admin Center within Azure Portal caused by improper link resolution before file access ("link following"). An authorized attacker could exploit this locally to gain higher privileges on the affected system. Affected compo...

7.8CVSS5.8AI score0.00408EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 2026/05/20 1:9 p.m.21 views

EUVD-2026-31101

Improper link resolution before file access 'link following' in Microsoft Defender allows an authorized attacker to elevate privileges locally...

7.8CVSS5.8AI score0.08371EPSS
Exploits2References1
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in Linux

In various methods of kernel-based drivers, there is a possibility of an out-of-bounds write due to a heap buffer overflow. This could lead to a local escalation of privileges, requiring system execution privileges. User interaction is not required for exploitation. Product: Android Versions:...

6.7CVSS7.1AI score0.00149EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10, Linux, Linux 5.15

A use-after-free vulnerability in the Linux Kernel traffic control index filter tcindex can be exploited to achieve local privilege escalation. The tcindexdelete function does not properly deactivate filters in the case of a perfect hash; moreover, it deletes the underlying structure without...

7.8CVSS6.7AI score0.01037EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerability in xorg-server

A vulnerability was discovered in X.Org. This security flaw arises because the handler for the XIPassiveUngrab request accesses out-of-bounds memory when invoked with a high keycode or button code. This issue can lead to local privileges escalation on systems where the X server is running with...

8.8CVSS7.3AI score0.02516EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Ceph

A privilege escalation flaw was discovered in Ceph. Ceph-crash.service allows a local attacker to escalate privileges to root through a crash dump, thereby exposing privileged information...

7.8CVSS7.1AI score0.00327EPSS
Exploits1References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.3 views

Astra Linux – Vulnerabilities in Linux, Linux-5.10, Linux-5.15, Linux-6.1

A use-after-free vulnerability exists in the Linux kernel’s net/sched: schhfsc HFSC qdisc traffic control component, which can be exploited to achieve local privilege escalation. If a class with a link-sharing curve i.e., with the HFSCFSC flag set has a parent without a link-sharing curve, then...

7.8CVSS6.6AI score0.0029EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.9 views

Astra Linux – Vulnerability found in Linux 5.15, Linux 6.1

A use-after-free vulnerability exists in the netfilter component of the Linux kernel’s nftables module, which can be exploited to achieve local privilege escalation. The nftsetelemcatchalldeactivate function checks whether the catch-all set element is active in the current generation rather than...

7.8CVSS6.6AI score0.00284EPSS
Exploits0References2
Rows per page
Query Builder