586 matches found
EUVD-2026-32602
Budibase is an open-source low-code platform. Prior to 3.38.1, the POST /api/global/users/onboard endpoint is protected by workspaceBuilderOrAdmin middleware, allowing any user with builder permissions to access it. When SMTP email is not configured the default for self-hosted Budibase instances,...
CVE-2026-32991
Improper authorization checks of team members privileges allow a team member to escalate privileges to the team owner account...
Microsoft Windows Ancillary Function Driver for WinSock 安全漏洞
The Microsoft Windows Ancillary Function Driver for WinSock is a supplementary function driver for Winsock by Microsoft Corporation. There are security vulnerabilities associated with the Microsoft Windows Ancillary Function Driver for WinSock. Attackers can exploit these vulnerabilities to gain...
ALSA-2026:15892 Important: thunderbird security update
Mozilla Thunderbird is a standalone mail and newsgroup client. Security Fixes: firefox: thunderbird: Incorrect boundary conditions in the Libraries component in NSS CVE-2026-6772 firefox: thunderbird: Use-after-free in the JavaScript Engine component CVE-2026-6754 firefox: thunderbird: Spoofing...
Microsoft Windows 资源管理错误漏洞
Microsoft Windows is an operating system used by personal devices by the American company Microsoft. There is a resource management vulnerability in Microsoft Windows. Attackers can exploit this vulnerability to gain higher privileges. The following products and versions are affected: Windows 10...
PT-2026-32796
CVE-2026-32070 Use after free in Windows Common Log File System Driver allows an authorized attacker to elevate privileges locally. https://t.co/LTdrTi0Kff...
CVE-2026-33641
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...
CVE-2026-33641
Glances is an open-source system cross-platform monitoring tool. Prior to version 4.5.3, Glances supports dynamic configuration values in which substrings enclosed in backticks are executed as system commands during configuration parsing. This behavior occurs in Config.getvalue and is implemented...
PT-2026-27172
Name of the Vulnerable Software and Affected Versions AVideo versions up to and including 26.0 Description AVideo is an open source video platform. A user with the "Videos Moderator" permission can escalate privileges to perform full video management operations, including ownership transfer and...
Execution with Unnecessary Privileges
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Execution with Unnecessary Privileges via the sandbox.docker configuration. An attacker can gain unauthorized access to host resources or execute arbitrary commands on the host by injecti...
WordPress plugin Starfish Review Generation & Marketing 安全漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows for the creation of personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. The...
CVE-2025-58383
A vulnerability in Brocade Fabric OS versions before 9.2.1c2 could allow an administrator-level user to execute the bind command, to escalate privileges and bypass security controls allowing the execution of arbitrary commands...
Synology DiskStation Manager Improper Control of Dynamically-Managed Code Resources (CVE-2024-5401)
Improper control of dynamically-managed code resources vulnerability in WebAPI component in Synology DiskStation Manager DSM before 7.1.1-42962-8 and 7.2.1-69057-2 and 7.2.2-72806 and Synology Unified Controller DSMUC before 3.1.4-23079 allows remote authenticated users to obtain privileges witho...
MiracleLinux 7 : kernel-3.10.0-1160.59.1.el7 (AXSA:2022-3092:04)
The remote MiracleLinux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the AXSA:2022-3092:04 advisory. kernel: use after free in eventpoll.c may lead to escalation of privilege CVE-2020-0466 kernel: Use After Free in unixgc which could result in a loc...
CVE-2008-7050
The passwordcheck function in auth/authphpbb3.php in WoW Raid Manager 3.5.1 before Patch 1, when using PHPBB3 authentication, 1 does not invoke the CheckPassword function with the required arguments, which always triggers an authentication failure, and 2 returns true instead of false when an...
CVE-1999-0436
Domain Enterprise Server Management System DESMS in HP-UX allows local users to gain privileges...
EUVD-2025-202224
Integer overflow or wraparound in Windows Projected File System allows an authorized attacker to elevate privileges locally...
EUVD-2025-202248
Use of uninitialized resource in Windows Remote Access Connection Manager allows an authorized attacker to elevate privileges locally...
EUVD-2020-29042
Malware in sbrugna...
EUVD-2014-8731
Malware in sbrugna...