2161 matches found
CVE-2026-47470
NVIDIA TensorRT-LLM for any platform contains a vulnerability in the gRPC server chat API endpoint, where an attacker could cause CWE-20 by local attack. A successful exploit of this vulnerability might lead to denial of service...
CVE-2026-15738 Cross-namespace traffic interception via incorrect route precedence ordering in AWS Load Balancer Controller
Incorrect behavior order in the Gateway API listener-rule generation in Amazon AWS Load Balancer Controller before 3.4.2 might allow an authenticated remote user to intercept, spoof, or deny another namespace's gRPC traffic on a shared Gateway via a crafted HTTPRoute resource. To mitigate this...
CVE-2026-47470
CVE-2026-47470 affects NVIDIA TensorRT-LLM on any platform, via a vulnerability in the gRPC server chat API endpoint. The root cause is improper input validation, exploitable by a local attacker to cause a denial of service. The NVIDIA security bulletin lists remediation by updating to TensorRT-L...
CVE-2026-48069 @grpc/grps-js: An incoming malformed compressed message can cause a client or server crash
@grpc/grps-js implements the core functionality of gRPC purely in JavaScript, without a C++ addon. Prior to 1.9.16, 1.10.12, 1.11.4, 1.12.7, 1.13.5, and 1.14.4, an invalid incoming compressed message can cause a client or server process that uses @grpc/grpc-js to crash. This issue is fixed in...
CVE-2026-50365
Improper authentication in Windows RPC API allows an unauthorized attacker to elevate privileges over an adjacent network...
CVE-2026-50346
Improper authorization in RPC Runtime allows an authorized attacker to elevate privileges locally...
CVE-2026-50365 Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability
...
CVE-2026-50365 Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability
...
CVE-2026-50346 Netlogon RPC Elevation of Privilege Vulnerability
...
CVE-2026-50346 Netlogon RPC Elevation of Privilege Vulnerability
...
CVE-2026-50346
CVE-2026-50346 is a Windows RPC Runtime-related elevation-of-privilege vulnerability (Netlogon RPC). The primary description indicates improper authorization that allows a locally authenticated attacker to escalate privileges. Public references include the NVD/NCSC entries and the Microsoft updat...
Remote Access Management service/API (RPC server) Elevation of Privilege Vulnerability
Improper authentication in Windows RPC API allows an unauthorized attacker to elevate privileges over an adjacent network...
PT-2026-58334
Name of the Vulnerable Software and Affected Versions Windows affected versions not specified Description Improper authorization in the RPC Runtime allows an authorized attacker to elevate privileges locally. This issue specifically involves the Netlogon RPC, which can be leveraged to escalate a...
p11-kit: Stack exhaustion via unbounded recursion in RPC attribute parsing
A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...
CVE-2026-56303 Capgo - Unauthenticated API Key Metadata Disclosure via SECURITY DEFINER RPC Function
Capgo before 12.128.2 contains an information disclosure vulnerability in the findapikeybyvalue PostgreSQL function marked SECURITY DEFINER and executable by the anon role. Unauthenticated attackers can call this function via the /rest/v1/rpc/findapikeybyvalue endpoint to retrieve sensitive API k...
CVE-2026-56279 Capgo - Information Disclosure via get_orgs_v7 RPC Endpoint
Capgo before 12.128.2 contains an information disclosure vulnerability in the getorgsv7userid RPC function that remains publicly invokable despite intended private access controls. Unauthenticated attackers can supply arbitrary user UUIDs to retrieve foreign users' organization membership, roles,...
p11-kit: Stack exhaustion via unbounded recursion in RPC attribute parsing
A flaw was found in p11-kit. The RPC message attribute parsing functions p11rpcmessagegetattribute and p11rpcmessagegetattributearrayvalue form a mutually-recursive call chain with no recursion depth limit when processing nested CKAWRAPTEMPLATE, CKAUNWRAPTEMPLATE, and CKADERIVETEMPLATE attributes...
EulerOS 2.0 SP12 : kata-containers (EulerOS-SA-2026-2534)
"According to the versions of the kata-containers package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : gRPC-Go is the Go language implementation of gRPC. Versions prior to 1.79.3 have an authorization bypass resulting from improper input...
Linux Distros Unpatched Vulnerability : CVE-2026-59818
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - etcd is a distributed key-value store for the data of a distributed system. Prior to 3.5.32 and 3.6.13, when etcd is configured with --listen-client-http-urls t...
CVE-2026-57032
An Improper Handling of Undefined Parameters vulnerability in the packet forwarding engine pfe of Juniper Networks Junos OS on EX Series devices allows an authenticated attacker with low privileges to cause a Denial-of-Service DoS. If an attempt is made to subscribe to an unsupported telemetry...