Lucene search
+L

2575 matches found

nuclei
nuclei
added yesterday45 views

Apache DolphinScheduler >= 3.1.0, < 3.2.2 Resource File Read And Write

File read and write vulnerability in Apache DolphinScheduler, authenticated users can illegally access additional resource files. This issue affects Apache DolphinScheduler from 3.1.0 before 3.2.2. id: CVE-2024-30188 info: name: Apache DolphinScheduler = 3.1.0, 3.2.2 Resource File Read And Write...

8.8CVSS6.1AI score0.05987EPSS
Exploits0References3
euvd
euvd
added 2 days ago4 views

EUVD-2026-44731

Pegatron Tdelo64.sys exposes a privileged device interface, \.\TdeIo, that fails to properly restrict access to sensitive IOCTL functionality. The driver's IOCTL dispatcher does not validate caller privileges or verify user-supplied kernel memory addresses before performing memory operations. By...

6.2CVSS6.2AI score0.00121EPSS
Exploits1References1
cvelist
cvelist
added 2 days ago36 views

CVE-2026-60062 NGINX Agent Vulnerability

The NGINX Agent configdirs directive allows a low-privileged attacker to gain limited read and write access to files outside of the designated secure directory. The configdirs directive required for this issue can also be configured through NGINX Instance Manager. A successful exploit may allow a...

6.4CVSS0.00197EPSS
Exploits0References1
nvd
nvd
added 3 days ago4 views

CVE-2026-48321

ColdFusion is affected by an Incorrect Authorization vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized read and write access. Exploitation of this issue does not require user interaction. Scope is changed...

10CVSS0.00516EPSS
Exploits0References1
cvelist
cvelist
added 3 days ago39 views

CVE-2026-48321 ColdFusion | Incorrect Authorization (CWE-863)

ColdFusion is affected by an Incorrect Authorization vulnerability that could result in privilege escalation. An attacker could leverage this vulnerability to gain unauthorized read and write access. Exploitation of this issue does not require user interaction. Scope is changed...

9.3CVSS0.00516EPSS
Exploits0References1
cve
cve
added 3 days ago9 views

CVE-2026-48321

Technical details are not publicly available in the provided documents; no affected products, versions, or remediation are specified. Monitor for updates.

10CVSS6.1AI score0.00516EPSS
Exploits0References1Affected Software1
nvd
nvd
added 3 days ago4 views

CVE-2026-47984

Adobe Commerce is affected by an Incorrect Authorization vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to bypass security measures and gain unauthorized read and write access. Exploitation of this issue does not require user interactio...

9.1CVSS0.00492EPSS
Exploits0References1
nvd
nvd
added 4 days ago7 views

CVE-2026-9492

The MBStorage DRAM lighting control module within Gigabyte Control Center GCC developed by GIGABYTE Technology has an Improper Access Control vulnerability. Authenticated local attackers can send specific IOCTL commands through the driver MyPortIOx64.sys bundled with the module, thereby arbitrari...

8.5CVSS0.00109EPSS
Exploits0References2
osv
osv
added last week1 views

SUSE-SU-2026:2853-1 Security update for tiff

This update for tiff fixes the following issues: Update to version 4.7.2. Security issues fixed: - CVE-2026-12912: heap-based buffer overflow when processing crafted PixarLog-compressed TIFF image bsc1269779. - CVE-2026-36849: denial of service when processing a a crafted TIFF file containing a...

7.8CVSS6.9AI score0.00553EPSS
Exploits0References6
cve
cve
added last week10 views

CVE-2026-57476

CVE-2026-57476 describes a vulnerability in Deloitte AI Assist for Customer where unauthenticated API endpoints allowed an attacker knowing specific parameters to read from or inject content into the retrieval-augmented generation (RAG) corpus. The issue was mitigated on 2026-03-25 by restricting...

6.3CVSS6.1AI score0.00238EPSS
Exploits0References4Affected Software1
osv
osv
added 2026/07/09 5:4 p.m.4 views

CVE-2026-59212 Open WebUI: Model meta.knowledge read-only file access can be upgraded to file write/delete

Open WebUI is an extensible, feature-rich, and user-friendly self-hosted AI platform. From 0.9.6 before 0.10.0, verifyknowledgefileaccess only checked read access while file write and delete routes later trusted object-derived access through writable model meta.knowledge entries, allowing a user...

5.4CVSS6.1AI score0.00308EPSS
Exploits1References6
osv
osv
added 2026/07/08 11:36 a.m.6 views

BIT-PYTHON-2026-5713 Out-of-bounds read/write during remote profiling and asyncio process introspection when connecting to malicious target

The "profiling.sampling" module Python 3.15+ and "asyncio introspection capabilities" 3.14+, "python -m asyncio ps" and "python -m asyncio pstree" features could be used to read and write addresses in a privileged process if that process connected to a malicious or "infected" Python process via t...

5.3CVSS5.7AI score0.00132EPSS
Exploits0References7
cvelist
cvelist
added 2026/07/07 10:11 p.m.29 views

CVE-2026-59705 mem0 - OpenMemory API Unauthenticated Access via Memory Endpoints

mem0's openmemory/api component contains an unauthenticated access vulnerability that allows unauthenticated attackers to read, write, and delete arbitrary user memories by accessing API routers registered without authentication middleware. Attackers can supply arbitrary userid parameters or...

9.8CVSS0.00498EPSS
Exploits0References4
vulnrichment
vulnrichment
added 2026/07/07 4:2 p.m.12 views

CVE-2026-57851 MSI KernCoreLib64.sys Privilege Escalation via IOCTL Handlers

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS6AI score0.0017EPSS
Exploits0References2
cve
cve
added 2026/07/07 4:2 p.m.17 views

CVE-2026-57851

MSI Feature Manager contains a local privilege escalation via the KernCoreLib64.sys kernel driver. An attacker with local access can use exposed IOCTL handlers to perform arbitrary physical memory read/write and unrestricted I/O port operations without administrator privileges. This can enable ma...

8.5CVSS6AI score0.0017EPSS
Exploits0References2
cvelist
cvelist
added 2026/07/07 4:2 p.m.40 views

CVE-2026-57851 MSI KernCoreLib64.sys Privilege Escalation via IOCTL Handlers

MSI Feature Manager contains a local privilege escalation vulnerability in the KernCoreLib64.sys kernel driver that allows any locally logged-on user to perform arbitrary physical memory read/write and unrestricted I/O port operations by accessing exposed IOCTL handlers without administrator...

8.5CVSS0.0017EPSS
Exploits0References2
euvd
euvd
added 2026/07/04 1:15 p.m.9 views

EUVD-2026-41674

A flaw has been found in RT-Thread up to 5.2.2. Affected is the function read/write/sysioctl of the file components/lwp/lwpsyscall.c of the component Parameter Handler. Executing a manipulation can lead to divide by zero. The attack may be launched remotely. The exploit has been published and may...

5.3CVSS5.5AI score0.00309EPSS
Exploits0References7
attackerkb
attackerkb
added 2026/07/03 8:19 p.m.6 views

CVE-2026-26231

Gitea versions up to and including 1.26.1 allow the Allow edits from maintainers permission path to authorize commits to repositories that the user can read but should not be able to write...

8.5CVSS5.9AI score0.00291EPSS
Exploits0References6
susecve
susecve
added 2026/07/03 3:2 a.m.5 views

SUSE CVE-2026-55628

In versions prior to 7.1.2-26he, the -concatenate operation is missing policy checks, potentially resulting in both reading and writing to paths disallowed by the security policy. This issue has been fixed in version 7.1.2-26...

5.5CVSS5.9AI score0.00098EPSS
Exploits0References3
osv
osv
added 2026/07/01 11:16 p.m.3 views

DEBIAN-CVE-2026-14420

Out of bounds read and write in Dawn in Google Chrome prior to 150.0.7871.46 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.8AI score0.00253EPSS
Exploits0References1
Rows per page
Query Builder