Lucene search
K

22 matches found

NVD
NVD
added yesterday4 views

CVE-2026-14961

Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...

6.2CVSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added yesterday3 views

CVE-2026-14961

Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...

6.2CVSS6.2AI score
Exploits1References2Affected Software1
CVE
CVE
added yesterday7 views

CVE-2026-14961

CVE-2026-14961 affects Pegatron tdeio64.sys exposing the .�5cTdeIo device. The IOCTL dispatch lacks privilege validation and does not validate user-supplied kernel addresses, allowing arbitrary kernel memory read/write and privilege escalation to NT AUTHORITY\SYSTEM. The linked explainer also not...

6.2CVSS6.2AI score
Exploits1References1
Cvelist
Cvelist
added yesterday10 views

CVE-2026-14961 CVE-2026-14961

Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...

Exploits1References1
EUVD
EUVD
added yesterday4 views

EUVD-2026-44731

Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...

6.2CVSS6.2AI score
Exploits1References1
EUVD
EUVD
added 2026/06/01 4:25 p.m.17 views

EUVD-2026-33669

Improper access control in the PCTCore64.sys Windows kernel driver from PC Tools Internet Security allows user-mode processes to access the PCTCoreDriver WDM device interface and invoke privileged IOCTL handlers. A local attacker with the ability to access or load the affected driver can exploit...

7.8CVSS5.8AI score0.00161EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/03/23 12:7 p.m.2 views

CVE-2026-31847

Hidden functionality in the /goform/setSysTools endpoint in Nexxt Solutions Nebula 300+ firmware through version 12.01.01.37 allows remote enablement of a Telnet service. By sending a crafted POST request with parameters such as telnetManageEn=true and telnetPwd, an authenticated attacker can...

8.5CVSS5.9AI score0.00424EPSS
Exploits0References3Affected Software1
EUVD
EUVD
added 2026/02/25 12:30 p.m.8 views

EUVD-2026-8634

A flaw was found in the udisks storage management daemon that exposes a privileged D-Bus API for restoring LUKS encryption headers without proper authorization checks. The issue allows a local unprivileged user to instruct the root-owned udisks daemon to overwrite encryption metadata on block...

7.1CVSS5.4AI score0.00075EPSS
Exploits0References3
CNNVD
CNNVD
added 2026/02/25 12:0 a.m.9 views

udisks 安全漏洞

udisks is a daemon developed by stored-project, open-source software used for querying and managing storage devices. udisks has a security vulnerability that stems from the lack of authorization checks in the privileged D-Bus API. This vulnerability could allow non-privileged local users to...

7.1CVSS5.8AI score0.00075EPSS
Exploits0References3
EUVD
EUVD
added 2026/01/17 12:30 a.m.6 views

EUVD-2026-3111

Microsoft Edge Elevation Service exposes a privileged COM interface that inadequately validates the privileges of the calling process. A standard non‑administrator local user can invoke the IElevatorEdge interface method LaunchUpdateCmdElevatedAndWait, causing the service to execute privileged...

5.1CVSS6.5AI score0.0025EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/01/16 12:0 a.m.8 views

Microsoft Edge security vulnerabilities

Microsoft Edge is a web browser included with Windows 10 and later versions from Microsoft. There is a security vulnerability in Microsoft Edge, which stems from improper validation of privileged COM interfaces. This vulnerability could allow non-administrator users to execute privileged update...

7.1CVSS5.9AI score0.0025EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/01/16 12:0 a.m.18 views

PT-2026-3326

Name of the Vulnerable Software and Affected Versions Microsoft Edge affected versions not specified Description The Microsoft Edge Elevation Service has a design flaw where a privileged COM interface does not properly check the permissions of the process making the request. A standard local user...

7.2CVSS5.4AI score0.0025EPSS
Exploits0References11
CNNVD
CNNVD
added 2026/01/09 12:0 a.m.6 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc., from the South Korean company Samsung SAMSUNG. A security vulnerability exists in SAMSUNG Mobile devices versions prior to SMR Jan-2026 Release 1, which stems from improper access control and could...

7.8CVSS6.5AI score0.00129EPSS
Exploits0References1
OSV
OSV
added 2025/12/04 9:16 p.m.5 views

CVE-2025-55948

This vulnerability fundamentally arises from yzcheng90 X-SpringBoot 6.0's implementation of role-based access control RBAC through dual dependency on frontend menu systems and backend permission tables, without enforcing atomic synchronization between these components. The critical flaw manifests...

7.3CVSS5.9AI score0.00249EPSS
Exploits1References2
Tenable Nessus
Tenable Nessus
added 2025/08/11 12:0 a.m.5 views

Linux Distros Unpatched Vulnerability : CVE-2019-12474

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Wikimedia MediaWiki 1.23.0 through 1.32.1 has an information leak. Privileged API responses that include whether a recent change has been patrolled may be cache...

7.5CVSS7.7AI score0.02043EPSS
Exploits0References2
OSV
OSV
added 2024/09/04 6:15 a.m.4 views

CVE-2024-34655

Incorrect use of privileged API in UniversalCredentialManager prior to SMR Sep-2024 Release 1 allows local attackers to access privileged API related to UniversalCredentialManager...

5.5CVSS5.8AI score0.00137EPSS
Exploits0References1
CNNVD
CNNVD
added 2024/09/04 12:0 a.m.3 views

SAMSUNG Mobile devices 安全漏洞

SAMSUNG Mobile devices are a range of Samsung mobile devices, including cell phones, tablets, etc. from Samsung South Korea. A security vulnerability exists in SAMSUNG Mobile devices SMR Sep-2024 Release 1 version and earlier versions, which stems from the DualDarManagerProxy component containing...

5.5CVSS6.5AI score0.00133EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2024/09/03 12:0 a.m.5 views

PT-2024-26075 · Unknown · Universalcredentialmanager

Name of the Vulnerable Software and Affected Versions: UniversalCredentialManager versions prior to SMR Sep-2024 Release 1 Description: The issue is related to the incorrect use of privileged API in UniversalCredentialManager, allowing local attackers to access privileged API related to...

6.2CVSS6.9AI score0.00137EPSS
Exploits0References5
OSV
OSV
added 2024/06/04 7:15 a.m.2 views

CVE-2024-20884

Incorrect use of privileged API vulnerability in getSemBatteryUsageStats in BatteryStatsService prior to SMR Jun-2024 Release 1 allows local attackers to use privileged API...

7.8CVSS5.8AI score0.00148EPSS
Exploits0References1
OSV
OSV
added 2023/11/28 10:15 a.m.5 views

CVE-2023-6150

Incorrect Use of Privileged APIs vulnerability in ESKOM Computer e-municipality module allows Collect Data as Provided by Users.This issue affects e-municipality module: before v.105...

7.5CVSS5.8AI score0.00596EPSS
Exploits0References1
Rows per page
Query Builder