33 matches found
CVE-2026-20852
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...
CVE-2026-20804
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...
CVE-2026-20852
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...
CVE-2026-20852
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...
CVE-2026-20804
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...
CVE-2026-20804
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...
CVE-2026-20852
CVE-2026-20852 is a Windows Hello privilege-assignment vulnerability that enables a locally authenticated attacker to tamper with local data due to incorrect privilege handling in the Windows Hello component. The issue is labeled as a local, high-severity problem with no user interaction required...
CVE-2026-20852
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...
CVE-2026-20804
Incorrect privilege assignment in Windows Hello allows an unauthorized attacker to perform tampering locally...
CVE-2026-20804
CVE-2026-20804 concerns an issue in Windows Hello where an incorrect privilege assignment can enable a local attacker to tamper with biometric authentication locally. The entry identifies the affected area as Windows Hello and the root cause as a privilege/permission misassignment, resulting in p...
PT-2026-2698
Name of the Vulnerable Software and Affected Versions Windows Hello affected versions not specified Description A flaw in Windows Hello’s privilege assignment allows a local attacker to perform tampering on the system. This issue could allow unauthorized access and manipulation of the system...
PT-2026-2657
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description A flaw in Windows Hello’s privilege assignment can allow an attacker to perform tampering locally. This issue allows attackers to affect the system. Recommendations At the moment, there is no...
EUVD-2025-198049
In Checkmk versions prior to 2.4.0p16, 2.3.0p41, and all versions of 2.2.0 and older, the mkinotify plugin creates world-readable and writable files, allowing any local user on the system to read the plugin's output and manipulate it, potentially leading to unauthorized access to or modification ...
CVE-2025-46362
Dell Alienware Command Center 6.x AWCC, versions prior to 6.10.15.0, contain an Improper Access Control vulnerability. A low privileged attacker with local access could potentially exploit this vulnerability, leading to Information Tampering...
CVE-2025-46368
Summary (concrete): CVE-2025-46368 affects Dell Alienware Command Center (AWCC) 6.x prior to 6.10.15.0. The vulnerability is described as an insecure temporary file issue that could enable a local, low-privilege attacker to tamper information. Impact: information tampering with local access; no r...
Dell Alienware Command Center 访问控制错误漏洞
DELL Alienware Command Center is Dell's proprietary control software for Alienware-branded computers, which is used to customize hardware features, optimize performance and manage game settings. An improper access control vulnerability exists in DELL Alienware Command Center, which can be exploit...
GHSA-RG9H-VX28-XXP5 llama-index has Insecure Temporary File
The llamaindex library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, dat...
CVE-2025-7707
The llamaindex library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, dat...
CVE-2025-7707
The llamaindex library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, dat...
CVE-2025-7707 World-Writable NLTK Cache Directory Vulnerability in run-llama/llama_index
The llamaindex library version 0.12.33 sets the NLTK data directory to a subdirectory of the codebase by default, which is world-writable in multi-user environments. This configuration allows local users to overwrite, delete, or corrupt NLTK data files, leading to potential denial of service, dat...