90 matches found
CVE-2026-21054
Improper export of android application components in InputSharing prior to version 2.7.01.4 allows local attackers to access sharing data...
EUVD-2026-41533
Dell PowerProtect Data Domain, versions 7.7.1.0 through 8.6, LTS2026 release version 8.6.1.0 through 8.6.1.10, LTS2025 release version 8.3.1.0 through 8.3.1.30, LTS2024 release versions 7.13.1.0 through 7.13.1.70 contain an incorrect permission Assignment for critical resource vulnerability. A hi...
HPESBHF04959 rev.1 - Certain HPE SimpliVity AMD Servers Using Certain AMD EPYC Processors, AMD-SB-3020: SEV-SNP RMP Initialization Vulnerability, Local Unauthorized Access Vulnerability
Potential Security Impact: Local: Unauthorized Access SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE SimpliVity 325 Gen11 - Prior to SimpliVity Gen11 Support Pack SVTSP 20260417 HPE SimpliVity 325 Gen10 Plus - Prior to SimpliVity Gen10 Support Pack SVTSP 20260417 CVSS Scores:...
TencentOS Server 4: cups (TSSA-2026:0276)
The version of Tencent Linux installed on the remote TencentOS Server 4 host is prior to tested version. It is, therefore, affected by multiple vulnerabilities as referenced in the TSSA-2026:0276 advisory. Package updates are available for TencentOS Server 4 that fix the following vulnerabilities...
ASUS Business System Control Interface 安全漏洞
ASUS Business System Control Interface is a system control interface developed by ASUS, a Chinese technology company. There is a security vulnerability in the ASUS Business System Control Interface. This vulnerability stems from improper permission allocation, which may allow unauthorized local...
Windows Graphics Component Denial of Service Vulnerability
Null pointer dereference in Microsoft Graphics Component allows an unauthorized attacker to deny service locally...
CVE-2026-28485 OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP Endpoints
OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...
CVE-2026-28485 OpenClaw 2026.1.5 < 2026.2.12 - Missing Authentication in Browser Control HTTP Endpoints
OpenClaw versions 2026.1.5 prior to 2026.2.12 fail to enforce mandatory authentication on the /agent/act browser-control HTTP route, allowing unauthorized local callers to invoke privileged operations. Remote attackers on the local network or local processes can execute arbitrary browser-context...
CVE-2026-22285
Dell Device Management Agent DDMA, versions prior to 26.02, contain a Plaintext Storage of Password vulnerability. A high privileged attacker with local access could potentially exploit this vulnerability, leading to Unauthorized Access...
Microsoft Excel Elevation of Privilege Vulnerability
Heap-based buffer overflow in Microsoft Office Excel allows an unauthorized attacker to elevate privileges locally...
CVE-2026-20939
CVE-2026-20939: Windows File Explorer information disclosure allowing a locally authenticated user to view sensitive data. The issue has a CVSSv3.1 base score of 5.5 (Local, Low attack complexity, Low privileges, Confidentiality impact: High). Microsoft has released fixes in January 2026 security...
PYSEC-2025-219
An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...
PYSEC-2025-219
An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...
CVE-2025-65681
An issue was discovered in Overhang.IO tutor-open-edx overhangio/tutor 20.0.2 allowing local unauthorized attackers to gain access to sensitive information due to the absence of proper cache-control HTTP headers and client-side session checks...
HPESBHF04963 rev.2 - Certain HPE SimpliVity servers Using Certain AMD EPYC Processors. AMD-SB-3029: Stale Translation Lookaside Buffer (TLB) Entry Vulnerability, Local Unauthorized Access Vulnerability
Potential Security Impact: Local: Unauthorized Access SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE SimpliVity 325 Gen10 Plus - Prior to HPE SimpliVity Gen10 Support Pack SVTSP 20250630 HPE SimpliVity 325 Gen11 - Prior to HPE SimpliVity Gen11 Support Pack SVTSP 20260116 CVSS...
HPESBHF04962 rev.1 - Certain HPE ProLiant DL/XL servers Using Certain AMD EPYC Processors. AMD-SB-3029: Stale Translation Lookaside Buffer (TLB) Entry Vulnerability, Local Unauthorized Access Vulnerability
Potential Security Impact: Local: Unauthorized Access SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE ProLiant Compute DL325 Gen12 - Prior to 1.1005-27-2025 HPE ProLiant Compute DL345 Gen12 - Prior to 1.1005-27-2025 HPE ProLiant DL145 Gen11 - Prior to 1.7008-07-2025 HPE ProLia...
Microsoft Office Denial of Service Vulnerability
Uncaught exception in Microsoft Office allows an unauthorized attacker to deny service locally...
HPESBHF04956 rev.1 - Certain HPE ProLiant AMD Servers Using Certain AMD EPYC Processors, AMD-SB-3020: SEV-SNP RMP Initialization Vulnerability, Local Unauthorized Access Vulnerability
Potential Security Impact: Local: Unauthorized Access SUPPORTED SOFTWARE VERSIONS: ONLY impacted versions are listed. HPE ProLiant DL325 Gen10 Plus server - Prior to v3.9010-03-2025 HPE ProLiant DL325 Gen10 Plus v2 server - Prior to v3.9010-03-2025 HPE ProLiant DL345 Gen10 Plus server - Prior to...
EUVD-2022-37353
Malicious code in bioql PyPI...
CVE-2025-43882
Dell ThinOS 10, versions prior to 250810.0127, contains an Unverified Ownership vulnerability. A local low-privileged attacker could potentially exploit this vulnerability leading to Unauthorized Access...