Lucene search
K

3754 matches found

Vulnrichment
Vulnrichment
added 2026/05/08 4:36 a.m.7 views

CVE-2026-8148

NAVER MYBOX Explorer for Windows before 3.0.11.160 allows a local attacker to escalate privileges to NT AUTHORITY\SYSTEM via registry manipulation due to improper privilege checks...

5.7AI score0.00094EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/07 4:0 p.m.103 views

TRYHACKME_FLATLINE_REPORT

TryHackMe – Flatline CTF | Penetration Testing Report !Platf...

7.5CVSS6AI score0.0352EPSS
Exploits5
OSV
OSV
added 2026/05/06 8:59 p.m.7 views

GHSA-X597-9FR4-5857 Hugo's Node tool execution allows file system access outside the project directory

Impact When building a Hugo site that uses Node-based asset pipelines PostCSS, Babel, TailwindCSS, Hugo invoked the configured Node tools without restrictions on file system access. As a result, executing hugo against an untrusted site could allow code running through these tools to read or write...

8.6CVSS5.8AI score0.00274EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/06 3:45 p.m.7 views

CVE-2026-41288 WatchGuard Agent on Windows Privilege Escalation Vulnerability

Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITY\SYSTEM...

7.3CVSS5.8AI score0.00103EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/05/06 12:52 a.m.10 views

sudo: Sudo: Privilege escalation due to failure in privilege drop calls

A flaw was found in Sudo. A local user could exploit a failure in the setuid, setgid, or setgroups calls, which are used to drop privileges before running the mailer. This oversight allows for privilege escalation, enabling the user to gain elevated access on the system...

7.8CVSS5.8AI score0.00173EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 2026/05/06 12:0 a.m.10 views

PT-2026-37645

Incorrect permission assignment for a resource in the patch management component of the WatchGuard Agent on Windows allows an authenticated local user to elevate their privileges to NT AUTHORITYSYSTEM...

7.3CVSS5.8AI score0.00103EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/05 7:31 p.m.9 views

EUVD-2026-27464

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, NamedPipeServer::OpenHandler copies the server field from NAMEDPIPEOPENREQ into a fixed WCHAR pipename160 stack buffer using wcscat without verifying null termination. The handler only...

8.8CVSS6.2AI score0.00174EPSS
Exploits1References1
EUVD
EUVD
added 2026/05/05 7:28 p.m.9 views

EUVD-2026-27461

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGIDSBIEINIRUNSBIECTRL message is handled before normal sandbox and impersonation checks, and for non-sandbox...

7.3CVSS6.5AI score0.00172EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/05/05 7:28 p.m.10 views

CVE-2026-34461

Sandboxie-Plus is an open source sandbox-based isolation software for Windows. In versions 1.17.2 and earlier, the SbieIniServer RunSbieCtrl handler contains a stack buffer overflow. The MSGIDSBIEINIRUNSBIECTRL message is handled before normal sandbox and impersonation checks, and for non-sandbox...

7.3CVSS6.5AI score0.00172EPSS
Exploits1References2Affected Software1
CVE
CVE
added 2026/05/05 7:24 p.m.19 views

CVE-2026-34458

Sandbo xie-Plus (Windows) vulnerability CVE-2026-34458 affects versions 1.17.2 and earlier. The root cause is an INI CRLF injection in Sandboxie.ini via MSGID_SBIE_INI_ADD_SETTING and MSGID_SBIE_INI_SET_SETTING, allowing a standard local user to bypass EditAdminOnly/ConfigPassword and inject a ne...

9.3CVSS5.9AI score0.00251EPSS
Exploits1References2Affected Software1
OSV
OSV
added 2026/05/05 4:33 p.m.6 views

GHSA-V37H-5MFM-C47C VM2 Has Sandbox Breakout Through Inspect Function

Summary VM2 suffers from a sandbox breakout vulnerability through the inspect function. This allows attackers to write code which can escape from the VM2 sandbox and execute arbitrary commands on the host system. Details The node inspect method allows to log details of objects. To get to the...

9.8CVSS6.2AI score0.01186EPSS
Exploits1References7
EUVD
EUVD
added 2026/05/05 12:30 a.m.25 views

EUVD-2026-27149

Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service in Amazon WorkSpaces for Windows before 2.6.2034.0 allows a local non-admin authenticated user to place arbitrary files into arbitrary locations bypassing file system permission protections, leadi...

8.5CVSS5.9AI score0.00122EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/05 12:0 a.m.8 views

PT-2026-37229

Name of the Vulnerable Software and Affected Versions Sandboxie-Plus versions prior to 1.17.3 Description An issue exists in the NamedPipeServer::OpenHandler function where the server field from NAMED PIPE OPEN REQ is copied into a fixed WCHAR pipename160 stack buffer using wcscat without verifyi...

8.8CVSS6.3AI score0.00174EPSS
Exploits1References5
CVE
CVE
added 2026/05/04 12:47 a.m.16 views

CVE-2026-42369

GV-VMS V20 WebCam Server contains a stack overflow in the b64decoder path of the gvapi flow. The decoded base64 string is copied into a 256-byte local Buffer without bounds checking, so if the decoded data exceeds 256 characters an attacker can trigger a stack overflow. The product is described a...

10CVSS6.2AI score0.00514EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.19 views

PT-2026-36929

Name of the Vulnerable Software and Affected Versions Amazon WorkSpaces for Windows versions prior to 2.6.2034.0 Description Improper privilege management in the log rotation mechanism of the Skylight Workspace Config Service allows a local non-admin authenticated user to place arbitrary files in...

8.5CVSS5.9AI score0.00122EPSS
Exploits0References7
CVE
CVE
added 2026/04/30 6:35 p.m.25 views

CVE-2026-7461

CVE-2026-7461 affects the FSx Windows File Server volume mounting component inside Amazon ECS Agent on Windows, prior to version 1.103.0. The root cause is improper neutralization of inputs used in an OS command, allowing a remote authenticated actor to run shell commands with SYSTEM privileges o...

7.5CVSS5.7AI score0.00547EPSS
Exploits0References3Affected Software1
Malwarebytes
Malwarebytes
added 2026/04/29 1:27 p.m.9 views

Microsoft won’t patch PhantomRPC: Feature or bug?

A researcher has discovered a weakness called PhantomRPC that Microsoft does not consider a vulnerability it plans to patch. PhantomRPC involves Windows Remote Procedure Call RPC, the core of communication between Windows processes. The vulnerability lets a process with impersonation rights...

5.8AI score
Exploits0
NVD
NVD
added 2026/04/27 3:15 a.m.7 views

CVE-2026-3006

Successful exploitation of the race condition vulnerability could allow an attacker to trigger a kernel heap overflow, potentially leading to local privilege escalation and granting system-level access to the affected software...

7CVSS0.00102EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/04/27 2:35 a.m.5 views

CVE-2026-3006

Successful exploitation of the race condition vulnerability could allow an attacker to trigger a kernel heap overflow, potentially leading to local privilege escalation and granting system-level access to the affected software...

7CVSS5.2AI score0.00102EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/04/27 2:35 a.m.4 views

CVE-2026-3006 Race Condition Vulnerability

Successful exploitation of the race condition vulnerability could allow an attacker to trigger a kernel heap overflow, potentially leading to local privilege escalation and granting system-level access to the affected software...

7CVSS5.3AI score0.00102EPSS
Exploits0References2
Rows per page
Query Builder