Lucene search
K

1351 matches found

EUVD
EUVD
added yesterday8 views

EUVD-2026-43197

A weakness has been identified in MiniTool Partition Wizard up to 13.6. The affected element is an unknown function in the library pwdrvio.sys of the component Signed Kernel Driver. This manipulation causes improper access controls. The attack can only be executed locally. The exploit has been ma...

5.3CVSS5.7AI score0.00105EPSS
Exploits0References6
Positive Technologies
Positive Technologies
added 4 days ago8 views

PT-2026-56991

Name of the Vulnerable Software and Affected Versions pdeljanov Symphonia versions prior to 0.6.1 Description A flaw in the Metadata Handler component allows a local attacker to cause a denial of service. Recommendations At the moment, there is no information about a newer version that contains a...

4.8CVSS6.1AI score0.0012EPSS
Exploits0References10
Tenable Nessus
Tenable Nessus
added 6 days ago8 views

Linux Distros Unpatched Vulnerability : CVE-2026-14685

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability has been found in HdrHistogram up to 2.2.2. This vulnerability affects the function recordValueWithCount of the file...

4.8CVSS5.2AI score0.00118EPSS
Exploits0References3
OSV
OSV
added 2026/07/06 5:41 p.m.4 views

GHSA-H9F9-H6GM-WC85 flyto-core has Unauthenticated Command Execution via HTTP MCP `execute_module`

Unauthenticated Command Execution via HTTP MCP executemodule Summary The HTTP MCP endpoint POST /mcp in flyto-core accepts unauthenticated JSON-RPC tools/call requests and dispatches them to arbitrary registered modules, including sandbox.executeshell, which passes attacker-controlled input...

8.4CVSS6.4AI score
Exploits0References2
OSV
OSV
added 2026/07/06 8:16 a.m.4 views

UBUNTU-CVE-2026-14801

A security vulnerability has been detected in GPAC 26.03-DEV-rev342-g80071f700-master. The impacted element is the function txtinprobeduration of the file src/filters/loadtext.c of the component TeXML File Handler. Such manipulation of the argument txmltimescale leads to divide by zero. An attack...

4.8CVSS5.4AI score0.00112EPSS
Exploits0References9
ATTACKERKB
ATTACKERKB
added 2026/07/06 1:45 a.m.9 views

CVE-2026-14788

A security vulnerability has been detected in radareorg radare2 up to 6.1.6. Affected by this vulnerability is the function rcorebinload of the file libr/core/cfile.c. Such manipulation leads to use after free. The attack needs to be performed locally. The exploit has been disclosed publicly and...

4.8CVSS5.2AI score0.00135EPSS
Exploits1References7Affected Software1
OSV
OSV
added 2026/07/05 3:16 p.m.3 views

UBUNTU-CVE-2026-14758

A vulnerability was identified in radareorg radare2 up to 6.1.6. This vulnerability affects the function cmdanalopcode of the file libr/core/cmdanal.inc.c of the component hexpairs Parser. Such manipulation leads to integer overflow. The attack needs to be performed locally. The exploit is public...

5.5CVSS5.5AI score0.00131EPSS
Exploits1References10
ATTACKERKB
ATTACKERKB
added 2026/07/05 7:45 a.m.11 views

CVE-2026-14723

A vulnerability was determined in AD-Security ADMiner 1.9.0. Affected is the function requesta of the file adminer/scripts/analysecache.py of the component Cache Handler. This manipulation of the argument sys.argv1 causes deserialization. The attack can only be executed locally. The pull request ...

5.3CVSS5.8AI score0.00121EPSS
Exploits0References8Affected Software1
CVE
CVE
added 2026/07/05 3:15 a.m.19 views

CVE-2026-14699

CVE-2026-14699 affects zcaceres/markdownify-mcp prior to 1.1.0. The vulnerability is in assertPathAllowed (src/Markdownify.ts) and can be triggered by local manipulation, potentially causing symlink following. Exploitation is limited to local access. A fix is pending in a pull request and not yet...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References7
ATTACKERKB
ATTACKERKB
added 2026/07/05 3:15 a.m.9 views

CVE-2026-14699

A weakness has been identified in zcaceres markdownify-mcp up to 1.1.0. The affected element is the function assertPathAllowed of the file src/Markdownify.ts. Executing a manipulation can lead to symlink following. The attack can only be executed locally. The pull request to fix this issue awaits...

4.8CVSS5.6AI score0.00137EPSS
Exploits0References8Affected Software1
Positive Technologies
Positive Technologies
added 2026/07/05 12:0 a.m.8 views

PT-2026-55811

Name of the Vulnerable Software and Affected Versions radareorg radare2 versions prior to 6.1.7 Description An integer overflow occurs in the r str ndup and r str append functions within the libr/util/str.c file. This issue requires local access to be exploited. Recommendations Apply the patch...

5.5CVSS5.9AI score0.00131EPSS
Exploits1References10
Positive Technologies
Positive Technologies
added 2026/07/03 12:0 a.m.14 views

PT-2026-55581

Name of the Vulnerable Software and Affected Versions RT-Thread versions prior to 5.0.3 Description A memory corruption issue exists in the sys getaddrinfo function within the components/lwp/lwp syscall.c file. A local attacker can trigger this by manipulating the ai addr argument. Recommendation...

6.8CVSS6.2AI score0.00119EPSS
Exploits0References11
OSV
OSV
added 2026/07/02 8:23 p.m.2 views

GHSA-8W6W-23MQ-H8RG Linuxfabrik Monitoring Plugins: Sudoers may be able to obtain privilege escalation via /usr/bin/apt-get arguments

Summary In the Debian.sudoers file, apt-get is allowed for the nagios user. The full command including the arguments are not enforced and can therefore be choosen arbitrarily. This allows to easily get a root shell as the nagios user: PoC By choosing a particular argument, you can get as a nagios...

8.4CVSS5.8AI score
Exploits0References2
Cvelist
Cvelist
added 2026/06/26 8:22 p.m.29 views

CVE-2026-48770 Notepad++ WM_COPYDATA COPYDATA_FULL_CMDLINE local DoS crash

Notepad++ is a free and open-source source code editor. Prior to 8.9.6.1, a local process in the same interactive Windows session can send a malformed WMCOPYDATA message to Notepad++ using the COPYDATAFULLCMDLINE path. The handler appears to process COPYDATASTRUCT.lpData as an unbounded...

5CVSS0.00258EPSS
Exploits2References2
AstraLinux
AstraLinux
added 2026/06/24 3:11 p.m.10 views

Astra Linux – Vulnerability in cups

OpenPrinting CUPS is an open-source printing system for Linux and other Unix-like operating systems. In versions 2.4.16 and earlier, a local unprivileged user could force cupsd to authenticate against a localhost IPP service controlled by the attacker, using a reusable “Authorization: Local…”...

7.8CVSS6.2AI score0.00289EPSS
Exploits1References3
CVE
CVE
added 2026/06/21 5:45 a.m.27 views

CVE-2026-12781

CVE-2026-12781 affects EaseUS Partition Master up to 14.5. The flaw is in the kernel driver epmntdrv.sys, in an unknown function, enabling local, low-privilege access to escalate due to improper access control. Exploitation is publicly available and has been demonstrated as a local-facing vulnera...

8.5CVSS6.5AI score0.00112EPSS
Exploits0References6
Cvelist
Cvelist
added 2026/06/21 5:30 a.m.35 views

CVE-2026-12780 AOMEI Backupper Kernel Driver amwrtdrv.sys access control

A vulnerability was determined in AOMEI Backupper up to 8.3.0. Impacted is an unknown function in the library amwrtdrv.sys of the component Kernel Driver. Executing a manipulation can lead to improper access controls. The attack needs to be launched locally. The exploit has been publicly disclose...

8.5CVSS0.00111EPSS
Exploits0References5
EUVD
EUVD
added 2026/06/21 5:0 a.m.10 views

EUVD-2026-38143

A vulnerability has been found in AOMEI Partition Assistant up to 10.10.1. This vulnerability affects unknown code in the library ampa10.sys of the component Kernel Driver. Such manipulation leads to improper access controls. The attack must be carried out locally. The exploit has been disclosed ...

8.5CVSS5.2AI score0.00113EPSS
Exploits0References5
CVE
CVE
added 2026/06/21 5:0 a.m.21 views

CVE-2026-12778

The CVE-2026-12778 entry concerns AOMEI Partition Assistant up to version 10.10.1, specifically the kernel driver library ampa10.sys. The vulnerability is described as an improper access control issue in a kernel component, exploitable via a local attack. The description indicates that the exploi...

8.5CVSS6.3AI score0.00113EPSS
Exploits0References5
NVD
NVD
added 2026/06/15 4:16 a.m.11 views

CVE-2026-12214

A security flaw has been discovered in Qihoo 360 Total Security 6.0. This vulnerability affects the function RpcStringBindingComposeW of the component Nucleus Engine Monitoring Logic. Performing a manipulation of the argument NetworkAddr results in protection mechanism failure. The attack require...

8.5CVSS0.00124EPSS
Exploits0References5
Rows per page
Query Builder