Lucene search
+L

8753 matches found

jvn
jvn
added 2026/06/09 5:7 a.m.9 views

CamView installer insecurely loads Dynamic Link Libraries

Overview CamView installer provided by ARUCOM Inc. insecurely loads Dynamic Link Libraries. Uncontrolled search path element CWE-427 - CVE-2015-9268 The CVSS evaluation above assume that a victim user is directed to download and place a specially crafted DLL file with the affected installer and t...

9.3CVSS7.7AI score0.01525EPSS
Exploits1References5
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.18 views

PT-2026-48103

Name of the Vulnerable Software and Affected Versions Microsoft Windows Narrator Braille affected versions not specified Description An untrusted search path in Windows Narrator Braille allows an authorized attacker to elevate privileges locally. This issue is related to an exposed dangerous...

7.8CVSS7AI score0.00432EPSS
Exploits0References4
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.21 views

PT-2026-48260

Name of the Vulnerable Software and Affected Versions Acrobat Reader versions 24.001.30365 and 26.001.21651 and earlier Description An Uncontrolled Search Path Element issue exists where the application does not properly validate the paths used to search for files. This can lead to arbitrary code...

7.7CVSS6AI score0.00151EPSS
Exploits0References6
ptsecurity
ptsecurity
added 2026/06/09 12:0 a.m.17 views

PT-2026-48039

Name of the Vulnerable Software and Affected Versions Windows Storage affected versions not specified Description An untrusted search path in Windows Storage allows an authorized attacker to elevate privileges locally. Privilege escalation occurs when an application searches for a required file i...

7CVSS5.2AI score0.00218EPSS
Exploits0References6
cnnvd
cnnvd
added 2026/06/09 12:0 a.m.18 views

Adobe Acrobat Reader 代码问题漏洞

Adobe Acrobat Reader is a PDF viewer developed by Adobe Inc. in the United States. This software is used for printing, signing, and annotating PDF documents. Versions of Adobe Acrobat Reader such as 24.001.30365, 26.001.21651, and earlier versions have code vulnerabilities. These vulnerabilities...

7.7CVSS5.7AI score0.00151EPSS
Exploits0References1
nessus
nessus
added 2026/06/09 12:0 a.m.31 views

Adobe Reader < 26.001.21662 Multiple Vulnerabilities (APSB26-63)

The version of Adobe Reader installed on the remote Windows host is a version prior to 26.001.21662. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could resu...

7.8CVSS7.4AI score0.00285EPSS
Exploits0References22
nessus
nessus
added 2026/06/09 12:0 a.m.17 views

Adobe Reader < 26.001.21662 Multiple Vulnerabilities (APSB26-63) (macOS)

The version of Adobe Reader installed on the remote macOS host is a version prior to 26.001.21662. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability that could result...

7.8CVSS7.4AI score0.00285EPSS
Exploits0References22
nessus
nessus
added 2026/06/09 12:0 a.m.23 views

Adobe Acrobat < 24.001.30383 / 26.001.21662 Multiple Vulnerabilities (APSB26-63) (macOS)

The version of Adobe Acrobat installed on the remote macOS host is a version prior to 24.001.30383 or 26.001.21662. It is, therefore, affected by multiple vulnerabilities. - Acrobat Reader versions 24.001.30365, 26.001.21651 and earlier are affected by a Stack-based Buffer Overflow vulnerability...

7.8CVSS7.4AI score0.00285EPSS
Exploits0References22
osv
osv
added 2026/06/08 1:54 p.m.10 views

JLSEC-2026-600

Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to say, the victim will execute arbitrary SQL functions of the attacker's choice. Versions before PostgreSQL...

5.4CVSS6AI score0.00159EPSS
Exploits0References1
euvd
euvd
added 2026/06/08 11:0 a.m.12 views

EUVD-2026-35045

A vulnerability was determined in CodeAstro Leave Management System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/searchstafftoassignpc.php. This manipulation of the argument Name causes sql injection. The attack is possible to be carried out remotely. The...

6.5CVSS6.5AI score0.002EPSS
Exploits0References6
nessus
nessus
added 2026/06/08 12:0 a.m.10 views

Amazon Linux 2023 : postgresql16, postgresql16-contrib, postgresql16-llvmjit (ALAS2023-2026-1767)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1767 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to...

8.8CVSS6.7AI score0.00668EPSS
Exploits0References20
nessus
nessus
added 2026/06/08 12:0 a.m.16 views

Amazon Linux 2023 : postgresql17, postgresql17-contrib, postgresql17-llvmjit (ALAS2023-2026-1766)

It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1766 advisory. Missing authorization in PostgreSQL CREATE TYPE allows an object creator to hijack other queries that use searchpath to find user-defined types, including extension-defined types. That is to...

8.8CVSS6.7AI score0.00668EPSS
Exploits0References22
snyk
snyk
added 2026/06/05 9:15 p.m.8 views

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path in the GlobalAuroraPgDatabaseDialect, which is included in the public schema. A low-privileged user can elevate privileges to rdssuperuser by creating a malicious function that executes when another user connects t...

8.6CVSS5.4AI score0.00305EPSS
Exploits0References2
snyk
snyk
added 2026/06/05 9:15 p.m.9 views

Untrusted Search Path

Overview Affected versions of this package are vulnerable to Untrusted Search Path in the GlobalAuroraPgDatabaseDialect, which is included in the public schema. A low-privileged user can elevate privileges to rdssuperuser by creating a malicious function that executes when another user connects t...

8.6CVSS5.4AI score0.00305EPSS
Exploits0References2
snyk
snyk
added 2026/06/05 9:15 p.m.8 views

Untrusted Search Path

Overview software.amazon.jdbc:aws-advanced-jdbc-wrapper is an Amazon Web Services AWS Advanced JDBC Wrapper Affected versions of this package are vulnerable to Untrusted Search Path in the GlobalAuroraPgDialect, which is included in the public schema. A low-privileged user can elevate privileges ...

8.6CVSS5.4AI score0.00305EPSS
Exploits0References2
nvd
nvd
added 2026/06/05 8:17 p.m.13 views

CVE-2026-11400

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced JDBC Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...

8.6CVSS0.00305EPSS
Exploits0References3
nvd
nvd
added 2026/06/05 8:17 p.m.13 views

CVE-2026-11401

An untrusted search path issue in the GlobalDatabasePlugin in the AWS Advanced Go Wrapper for Amazon Aurora PostgreSQL will allow a remote authenticated low-privilege actor to escalate privileges to those of another Amazon RDS user, including rdssuperuser, via a crafted function created by the...

8.6CVSS0.00305EPSS
Exploits0References3
redhatcve
redhatcve
added 2026/06/05 7:58 p.m.12 views

CVE-2023-52945

Uncontrolled search path element vulnerability in OpenSSL DLL component in Synology BeeDrive for desktop before 1.3.2-13814 allows local users to execute arbitrary code via unspecified vectors...

7.8CVSS6AI score0.00139EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:45 p.m.12 views

CVE-2026-40947

Yubico libfido2 before 1.17.0, python-fido2 before 2.2.0, and yubikey-manager before 5.9.1 have an unintended DLL search path...

2.9CVSS5.5AI score0.00131EPSS
Exploits0References1
redhatcve
redhatcve
added 2026/06/05 7:42 p.m.10 views

CVE-2025-36515

Uncontrolled search path for some AI Playground software before version 3.0.0 alpha within Ring 3: User Applications may allow an escalation of privilege. Unprivileged software adversary with an authenticated user combined with a high complexity attack may enable escalation of privilege. This...

5.4CVSS5.3AI score0.00089EPSS
Exploits0References1
Rows per page
Query Builder