1870 matches found
PT-2026-47632
A security flaw has been discovered in TOTOLINK EX200 4.0.3c.7646. This affects an unknown function of the file /etc/vsftpd.conf of the component vsftpd. The manipulation results in least privilege violation. It is possible to launch the attack remotely. The exploit has been released to the publi...
ZenML ZenML Server - Improper Authentication
ZenML Server in the ZenML machine learning package before 0.46.7 for Python allows remote privilege escalation because the /api/v1/users/usernameorid/activate REST API endpoint allows access on the basis of a valid username along with a new password in the request body. id: CVE-2024-25723 info:...
Apache CouchDB 1.7.0 / 2.x < 2.1.1 - Remote Privilege Escalation
Due to differences in the Erlang-based JSON parser and JavaScript-based JSON parser, it is possible in Apache CouchDB before 1.7.0 and 2.x before 2.1.1 to submit users documents with duplicate keysfor 'roles' used for access control within the database, including the special case 'admin' role, th...
SUSE CVE-2026-11295
Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...
CVE-2026-0097
In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
EUVD-2026-34631
Inappropriate implementation in Chromoting in Google Chrome on Linux prior to 149.0.7827.53 allowed a remote attacker to perform OS-level privilege escalation via malicious network traffic. Chromium security severity: Medium...
EUVD-2026-34569
Inappropriate implementation in NFC in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Medium...
ROS-20260605-73-0036
The vulnerability in Tomcat11 is related to errors in the implementation of authentication procedures. Exploiting this vulnerability can allow an attacker, operating remotely, to increase their privileges...
ROS-20260605-73-0035
The vulnerability in Tomcat10 is related to errors in the implementation of authentication procedures. Exploiting this vulnerability can allow a malicious actor to gain increased privileges remotely...
Linux Distros Unpatched Vulnerability : CVE-2026-11058
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Integer overflow in CredentialProvider in Google Chrome on Windows prior to 149.0.7827.53 allowed a remote attacker who had compromised the renderer process to...
EUVD-2026-33807
In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0097
In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0097
In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0097
In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
CVE-2026-0097
Technical details about CVE-2026-0097 are not publicly available in the provided documents. Monitor for updates from sources such as the Android bulletin and NVD.
ASB-A-446114623
In multiple locations, there is a possible way to bypass user interaction when pairing an LE device due to a logic error. This could lead to remote proximal/adjacent escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
PUB-A-481652507
In numberOfReportBlocks of RtpSession.cpp, there is a possible out of bounds write due to an integer overflow. This could lead to remote escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...
Exploit for Improper Privilege Management in Apache Couchdb
Lab7-CVE-2017-12635-12636 I. SYSTEM ANALYSIS Ide...
kvf-admin 安全漏洞
kvf-admin is a set of rapid development frameworks, scaffolding, backend management systems, and permission systems developed by KalvinGit’s individual developers. Version 1.1.0 of kvf-admin contains a security vulnerability. This vulnerability stems from improper permission settings in the...
CVE-2026-38807
The CVE-2026-38807 entry concerns an insecure permissions vulnerability in kvf-admin v1.0.0 that enables a remote attacker to escalate privileges via the UserController.java component. Affected software is kvf-admin; the root cause is insecure access control in UserController.java leading to unau...