Lucene search
+L

5822 matches found

euvd
euvd
added 2026/06/08 2:53 p.m.10 views

EUVD-2026-35082

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...

7.5CVSS5.4AI score0.00338EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/08 2:53 p.m.45 views

CVE-2026-22164 GPU DDK - Kernel heap OOB write in DevmemIntComputeVirtualIndicesFromLogical

Software installed and run as a non-privileged user may conduct improper GPU system calls to corrupt kernel heap memory. By creating resources of certain types and presenting a set of parameters to the affected interface the exploit can be used to corrupt kernel memory...

0.00338EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/08 7:6 a.m.11 views

CVE-2026-41723 VMSA-2026-0004: VMware Cloud Foundation Operations updates address multiple vulnerabilities (CVE-2026-41722, CVE-2026-41723 and CVE-2026-41724)

VMware Cloud Foundation Operations contains multiple stored cross-site scripting vulnerabilities.A malicious actor with privileges to create policies, views or text-widgets may be able to inject scripts to perform administrative actions in VMware Cloud Foundation Operations...

8CVSS5.2AI score0.00399EPSS
Exploits0References1
cnnvd
cnnvd
added 2026/06/08 12:0 a.m.16 views

Imagination Graphics DDK 安全漏洞

Imagination Graphics DDK is a GPU driver toolkit developed by the British company Imagination. There is a security vulnerability in Imagination Graphics DDK. This vulnerability arises from improper GPU system calls when the software runs as a non-privileged user. This leads to errors in managing...

7.1CVSS5.3AI score0.00116EPSS
Exploits0References2
redhatcve
redhatcve
added 2026/06/05 7:47 p.m.11 views

CVE-2026-9223

Missing authorization in the vault import feature in Devolutions Server 2026.1.16.0 and earlier allows a low-privileged authenticated user to create new vaults via a crafted import request...

4.3CVSS5.4AI score0.00152EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:45 p.m.11 views

CVE-2026-22167

Software installed and run as a non-privileged user may conduct improper GPU system calls to force GPU to write to arbitrary physical memory pages. Under certain circumstances this exploit could be used to corrupt data pages not allocated by the GPU driver but memory pages in use by the kernel an...

7.8CVSS5.5AI score0.00148EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:42 p.m.10 views

CVE-2025-36074

IBM Security Verify Directory Container 10.0.0 through 10.0.0.3 IBM Security Verify Directory could be vulnerable to malicious file upload by not validating file type. A privileged user could upload malicious files into the system that can be sent to victims for performing further attacks against...

7.2CVSS5.4AI score0.0034EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:40 p.m.10 views

CVE-2025-35991

Improper initialization in the UEFI firmware for some Intel platforms within Ring 0: Bare Metal OS may allow an information disclosure. System software adversary with a privileged user combined with a high complexity attack may enable data exposure. This result may potentially occur via local...

5.6CVSS5.3AI score0.00095EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:39 p.m.10 views

CVE-2026-34213

Docmost is open-source collaborative wiki and documentation software. Starting in version 0.3.0 and prior to version 0.71.0, improper authorization in Docmost allows a low-privileged authenticated user to overwrite another page's attachment within the same workspace by supplying a victim...

5.4CVSS5.5AI score0.0017EPSS
Exploits2References1
redhatcve
redhatcve
added 2026/06/05 7:37 p.m.19 views

CVE-2026-3867

An improper ownership management vulnerability has been identified in Moxa’s Secure Router. Because of improper ownership management, a low-privileged authenticated user may access a configuration file containing the hashed password of the administrative account. Successful exploitation of this...

6CVSS5.4AI score0.0024EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:31 p.m.13 views

CVE-2026-33570

PowerSYSTEM Center REST API endpoint for devices allows a low privilege authenticated user to access information normally limited by operational permissions...

6.9CVSS5.4AI score0.00161EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:20 p.m.13 views

CVE-2026-41229

Froxlor is open source server administration software. Prior to version 2.3.6, PhpHelper::parseArrayToString writes string values into single-quoted PHP string literals without escaping single quotes. When an admin with changeserversettings permission adds or updates a MySQL server via the API, t...

9.1CVSS5.7AI score0.0048EPSS
Exploits1References1
redhatcve
redhatcve
added 2026/06/05 7:17 p.m.11 views

CVE-2026-33392

In JetBrains YouTrack before 2025.3.131383 high privileged user can achieve RCE via sandbox bypass...

7.2CVSS5.4AI score0.00426EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:15 p.m.13 views

CVE-2026-20879

Out-of-bounds write for the IntelR Data Center Graphics Driver for VMware ESXi software before version 2.0.2 within Ring 1: Device Drivers may allow a denial of service. System software adversary with a privileged user combined with a low complexity attack may enable data corruption. This result...

8.3CVSS5.3AI score0.0012EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:10 p.m.12 views

CVE-2026-8835

IBM HTTP Server 8.5, and 9.0 is vulnerable to invalid pointer dereference. A privileged user, authenticated to the Administration Server, could exploit this vulnerability to expose sensitive information or cause a denial of service...

7.3CVSS5.5AI score0.00252EPSS
Exploits0References1
f5
f5
added 2026/06/04 6:35 a.m.23 views

K000161575: PostgreSQL vulnerability CVE-2022-1552

Security Advisory Description A flaw was found in PostgreSQL. There is an issue with incomplete efforts to operate safely when a privileged user is maintaining another user's objects. The Autovacuum, REINDEX, CREATE INDEX, REFRESH MATERIALIZED VIEW, CLUSTER, and pgamcheck commands activated...

8.8CVSS7.2AI score0.12403EPSS
Exploits0
nvd
nvd
added 2026/06/03 1:16 p.m.15 views

CVE-2026-35082

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

8.8CVSS0.00494EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/03 10:42 a.m.8 views

CVE-2026-35084 Stack buffer overflow in method dali-devconfig

A remote attacker with user privileges can exploit a stack buffer overflow in dali-devconfig to gain full system access as root...

8.8CVSS6AI score0.00456EPSS
Exploits0References1
cve
cve
added 2026/06/03 10:41 a.m.19 views

CVE-2026-35082

The CVE-2026-35082 entry describes a Local File Inclusion in the ugw-logread method, where insufficient validation of user-supplied input lets a remote attacker with user privileges access arbitrary local files. The CERT/VDE metrics indicate HIGH impact (confidentiality, integrity, availability) ...

8.8CVSS6AI score0.00494EPSS
Exploits0References1Affected Software1
euvd
euvd
added 2026/06/03 10:40 a.m.13 views

EUVD-2026-34076

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS
Exploits0References1
Rows per page
Query Builder