Lucene search
+L

5821 matches found

cvelist
cvelist
added 2026/06/17 8:55 a.m.33 views

CVE-2026-41280 Apache DolphinScheduler: Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects

Incorrect Authorization vulnerability allows users with system login privileges to delete task definitions in unauthorized projects This issue affects Apache DolphinScheduler versions prior to 3.4.2. Users are recommended to upgrade to version 3.4.2, which fixes this issue...

0.00437EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/17 12:0 a.m.15 views

PT-2026-50428

Name of the Vulnerable Software and Affected Versions Plane CE version 1.3.1 Description A low-privileged project member can submit arbitrary HTML and JavaScript via the description html field. This occurs when creating an intake work item through the 'API v1 intake' endpoint. Recommendations At...

6.9CVSS5.9AI score0.00165EPSS
Exploits1References5
cisco
cisco
added 2026/06/15 4:0 p.m.12 views

Cisco Catalyst SD-WAN Manager Arbitrary File Write Vulnerability

A vulnerability in the web UI of Cisco Catalyst SD-WAN Manager, formerly SD-WAN vManage, could allow an authenticated, remote attacker to create a file or overwrite any file on the filesystem of an affected system. This vulnerability exists because the affected software does not properly validate...

6.5CVSS5.6AI score0.07683EPSS
Exploits2References1
euvd
euvd
added 2026/06/13 12:34 a.m.12 views

EUVD-2026-36630

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

5.3AI score0.00118EPSS
Exploits0References2
nvd
nvd
added 2026/06/12 10:16 p.m.17 views

CVE-2026-34195

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping...

8.8CVSS0.00328EPSS
Exploits0References1
vulnrichment
vulnrichment
added 2026/06/12 9:57 p.m.6 views

CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

5.3AI score0.00118EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/12 9:57 p.m.36 views

CVE-2026-41158 GPU DDK - Backed sparse PMRs are not handled by deferred free mechanism after shrink

Software installed and run as a non-privileged user may conduct GPU system calls to write to arbitrary freed physical pages. Physical memory allocated and freed, without the deferred free mechanism can lead to those resources being used for read/write by the GPU after the kernel module has freed...

0.00118EPSS
Exploits0References1
cve
cve
added 2026/06/12 9:43 p.m.25 views

CVE-2026-34195

Summary: CVE-2026-34195 describes a GPU DDK kernel heap OOB write caused by incorrect indexing of internal state during sparse allocation remapping, specifically involving PMRChangeSparseMemOSMem and physical page translation from virtual page indexes. This is triggered by non-privileged user act...

8.8CVSS5.3AI score0.00328EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/12 9:43 p.m.34 views

CVE-2026-34195 GPU DDK - Kernel heap OOB write in PMRChangeSparseMemOSMem due to incorrect physical page translation from virtual page indexes

Software installed and run as a non-privileged user may conduct intentional GPU sparse memory API calls to cause out of bounds write in the kernel. The product incorrectly indexes internal state when performing sparse allocation remapping...

0.00328EPSS
Exploits0References1
nvd
nvd
added 2026/06/12 7:16 p.m.15 views

CVE-2026-10715

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

5.1CVSS0.00238EPSS
Exploits0References3
vulnrichment
vulnrichment
added 2026/06/12 6:22 p.m.13 views

CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

5.1CVSS5.5AI score0.00238EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/12 6:22 p.m.35 views

CVE-2026-10715 Camaleon CMS 2.9.2 - Improper authorization in draft autosave endpoint

Camaleon CMS 2.9.2 contains an improper authorization vulnerability in the administrator draft autosave endpoint. A low-privileged authenticated user can send an arbitrary postid to POST /admin/posttype//drafts and overwrite the draft associated with another user's post...

5.1CVSS0.00238EPSS
Exploits0References3
cve
cve
added 2026/06/12 5:35 p.m.73 views

CVE-2026-48165

CVE-2026-48165 affects MariaDB server in Galera replication scenarios. A high-privileged MariaDB user could have used the wsrep_sst_receive_address or wsrep_sst_donor global system variables to run shell commands as the mariadbd process user on the Galera joiner node. Affected versions are 10.6.1...

9.1CVSS5.5AI score0.00967EPSS
Exploits0References12Affected Software1
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.13 views

PT-2026-49069

Name of the Vulnerable Software and Affected Versions File Browser versions prior to 2.63.6 Description A low-privileged authenticated user with create and delete permissions in their own isolated scope can delete share-link records belonging to any other user, including the administrator. This...

7.2CVSS5.9AI score0.00411EPSS
Exploits0References9
ptsecurity
ptsecurity
added 2026/06/12 12:0 a.m.20 views

PT-2026-49023

Name of the Vulnerable Software and Affected Versions The product name cannot be determined affected versions not specified Description Software installed and run as a non-privileged user may perform GPU system calls to write to arbitrary freed physical pages. This occurs because physical memory...

5.2AI score0.00118EPSS
Exploits0References3
cvelist
cvelist
added 2026/06/11 9:41 p.m.38 views

CVE-2026-45172 Idira Privileged Session Manager for SSH (PSMP): Arbitrary Command Execution via Improper Neutralization of Special Elements used in an OS Command

Due to incomplete input validation in Idira Privileged Session Manager for SSH PSMP versions prior to 15.0.2, 14.6.3, 14.2.5, and 14.0.6, an authenticated, low-privileged user could potentially execute arbitrary commands on the PSMP host. CyberArk Security Bulletins: CA26-17 and CA26-18...

8.7CVSS0.0055EPSS
Exploits0References4
nvd
nvd
added 2026/06/11 4:16 p.m.15 views

CVE-2024-45636

IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user...

4.4CVSS0.00094EPSS
Exploits0References1
cvelist
cvelist
added 2026/06/11 3:10 p.m.36 views

CVE-2024-45636 IBM Security QRadar EDR Software has a vulnerability where user credentials may be stored in plain text, potentially exposing sensitive information.

IBM Security QRadar EDR 3.12 through 3.12.24 stores user credentials in plain text which can be read by a local privileged user...

4.1CVSS0.00094EPSS
Exploits0References1
ptsecurity
ptsecurity
added 2026/06/11 12:0 a.m.17 views

PT-2026-48669

Name of the Vulnerable Software and Affected Versions IBM Security QRadar EDR versions 3.12 through 3.12.24 Description User credentials are stored in plain text, which allows a local privileged user to read this sensitive information. Recommendations At the moment, there is no information about ...

4.4CVSS5.8AI score0.00094EPSS
Exploits0References5
redhat
redhat
added 2026/06/10 11:13 p.m.1 views

mariadb: Arbitrary code execution via global system variable manipulation by a high-privileged user

A flaw was found in MariaDB server. A high-privileged MariaDB user could exploit this vulnerability by manipulating specific global system variables, namely wsrepsstreceiveaddress or wsrepsstdonor. This manipulation could allow the user to execute arbitrary shell commands as the user ID of the...

9.1CVSS6.3AI score0.00967EPSS
Exploits0References6
Rows per page
Query Builder