Lucene search
K

708 matches found

CVE
CVE
added yesterday9 views

CVE-2026-49794

CVE-2026-49794 concerns the Windows USB Audio Class driver (usbaudio.sys). The vulnerability is an out-of-bounds read in the driver that enables an unauthorized attacker to disclose information when a physical access scenario is present. Attacker class: physical access with low attack complexity ...

4.6CVSS6.1AI score
Exploits0References1
Nuclei
Nuclei
added 2 days ago25 views

GL.iNet <= 4.3.7 - Arbitrary File Write

GL.iNet = 4.3.7 is vulnerable to an arbitrary file write exploit, allowing an attacker to overwrite arbitrary system files. id: CVE-2023-46455 info: name: GL.iNet = 4.3.7 - Arbitrary File Write author: Zierax severity: high description: | GL.iNet = 4.3.7 is vulnerable to an arbitrary file write...

7.5CVSS7AI score0.46966EPSS
Exploits4References2
NVD
NVD
added 2026/07/07 6:16 a.m.9 views

CVE-2026-57871

Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS0.00361EPSS
Exploits0References2
EUVD
EUVD
added 2026/07/07 5:34 a.m.17 views

EUVD-2026-42008

Relative path traversal vulnerability in MicroRealEstate file upload functionality allows attackers to potentially overwrite system files. This issue affects MicroRealEstate: through 1.0.0-alpha3...

7.1CVSS6AI score0.00361EPSS
Exploits0References2
EUVD
EUVD
added 2026/06/25 1:34 p.m.5 views

EUVD-2026-39397

Winstone Servlet Engine through 0.9.10 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by sending HTTP GET requests with dot-dot-slash sequences that are not sanitized when serving static files from the configured webroot. Attackers can traver...

8.7CVSS6AI score0.00377EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/09 8:59 p.m.16 views

CVE-2026-25559

OpenBullet2 through version 0.3.2 contains a path traversal vulnerability in the wordlist endpoint that allows authenticated attackers to perform arbitrary file read, write, and delete operations by supplying unsanitized absolute paths to the upload handler and wordlist functions. Attackers can...

8.8CVSS6.4AI score0.00566EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/07 8:15 a.m.12 views

EUVD-2026-34989

A security vulnerability has been detected in SecureAge CatchPulse up to 10.9.1. Impacted is an unknown function in the library saappctl.sys of the component IOCTL Handler. The manipulation leads to information disclosure. Local access is required to approach this attack. The exploit has been...

4.8CVSS4.8AI score0.00106EPSS
Exploits1References5
Positive Technologies
Positive Technologies
added 2026/06/04 12:0 a.m.23 views

PT-2026-46247

Name of the Vulnerable Software and Affected Versions GNCC GP5 version 7.1.76 Description A lack of runtime integrity allows physically-proximate attackers to bypass file system read-only protections. This enables the modification of system files and binaries for the duration of a boot session...

4.6CVSS5.4AI score0.00135EPSS
Exploits0References6
Vulnrichment
Vulnrichment
added 2026/06/04 12:0 a.m.12 views

CVE-2026-36180

A lack of runtime integrity in GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass file system read-only protections and modify system files and binaries for the duration of a boot session via a bind-mount attack...

5.5AI score0.00135EPSS
Exploits0References3
NVD
NVD
added 2026/05/29 2:16 p.m.17 views

CVE-2026-10074

DreamMaker developed by Interinfo has an Arbitrary File Read vulnerability, allowing privileged local attackers to exploit Relative Path Traversal to download arbitrary system files...

6.9CVSS0.00347EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/28 9:36 a.m.33 views

CVE-2026-46183 mm/damon/sysfs-schemes: protect path kfree() with damon_sysfs_lock

In the Linux kernel, the following vulnerability has been resolved: mm/damon/sysfs-schemes: protect path kfree with damonsysfslock damonsysfsquotgoal-path can be read and written by users, via DAMON sysfs 'path' file. It can also be indirectly read, for the parameters on,offline committing to...

0.0012EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/28 2:39 a.m.38 views

CVE-2026-9789 NitroSense V3: Security Vulnerability Information

A Local Privilege Escalation LPE vulnerability affects Acer NitroSense software versions prior to 3.01.3052. The vulnerability stems from the the PSAdminAgent service, which creates a Named Pipe with a weak Access Control List ACL. This allows any authenticated local user to connect and send...

8.5CVSS0.00152EPSS
Exploits1References1
Debian CVE
Debian CVE
added 2026/05/27 12:17 p.m.10 views

CVE-2026-45922

In the Linux kernel, the following vulnerability has been resolved: RDMA/mlx5: Fix memory leak in GETDATADIRECTSYSFSPATH handler The UVERBSHANDLERMLX5IBMETHODGETDATADIRECTSYSFSPATH function allocates memory for the device path using kobjectgetpath. If the length of the device path exceeds the...

5.5CVSS5.9AI score0.00155EPSS
Exploits0
Positive Technologies
Positive Technologies
added 2026/05/25 12:0 a.m.11 views

PT-2026-43218

PCViewer vt1000 contains a directory traversal vulnerability that allows unauthenticated attackers to read arbitrary files by submitting relative path sequences in GET requests. Attackers can use path traversal sequences ../../../../../../../../../../../../etc/passwd to access sensitive system...

8.7CVSS5.9AI score0.00785EPSS
Exploits0References4
NVD
NVD
added 2026/05/21 9:16 a.m.29 views

CVE-2026-5434

Rejected reason: This CVE ID has been rejected or withdrawn by its CVE Numbering Authority...

0.00041EPSS
Exploits0
Cvelist
Cvelist
added 2026/05/21 8:38 a.m.61 views

CVE-2026-5434

...

0.00041EPSS
Exploits0
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.6 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: nvme-multipath: fixed the suspicious RCU usage warning When I run the NVME over TCP test in virtme-ng, I receive the following “suspicious RCU usage” warning in nvmempathaddsysfslink: ''' 5.024557 T44 nvmet: Created nvm...

5.5CVSS6AI score0.00129EPSS
Exploits0References2
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.4 views

Astra Linux – Vulnerabilities in Linux 5.10, Linux 5.15, Linux 6.1

In the Linux kernel, the following vulnerability has been resolved: ACPI: sysfs: validate return type of STR method Only buffer objects are valid return values of STR. If anything else is returned by descriptionshow, it will access invalid memory...

7.1CVSS6.7AI score0.00253EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/05/19 4:42 p.m.50 views

CVE-2026-47107 Windmill < 1.703.2 Incorrect Default Permissions in nsjail Configuration

Windmill prior to 1.703.2 contains an incorrect default permissions vulnerability in nsjail sandbox configuration files where /etc is bind-mounted without read-write restrictions, allowing authenticated users to write arbitrary entries to /etc/hosts, /etc/resolv.conf, and...

8.6CVSS0.0024EPSS
Exploits0References4
ATTACKERKB
ATTACKERKB
added 2026/05/14 3:18 p.m.3 views

CVE-2026-40893

Gotenberg is a Docker-powered stateless API for PDF files. Prior to 8.31.0, Gotenberg only checks if the tag is exactly FileName, so System:FileName slips right through and ExifTool happily renames the file. This allows remote attackers to move, rename, and change permissions for arbitrary files...

8.2CVSS6AI score0.00347EPSS
Exploits1References2Affected Software1
Rows per page
Query Builder