Lucene search
K

660 matches found

Nuclei
Nuclei
added yesterday44 views

GeoServer Demo Request Endpoint - Server Side Request Forgery

It is possible to achieve Server Side Request Forgery SSRF via the Demo request endpoint if Proxy Base URL has not been set. An unauthenticated user can supply a request that will be issued by the server, allowing enumeration of internal networks and, in the case of cloud instances, access to...

8.2CVSS6.9AI score0.01923EPSS
Exploits0References4
SUSE CVE
SUSE CVE
added 4 days ago6 views

SUSE CVE-2024-7881

An unprivileged context can trigger a data memory-dependent prefetch engine to fetch the contents of a privileged location and consume those contents as an address that is also dereferenced...

5.1CVSS6.1AI score0.00191EPSS
Exploits0References2
CVE
CVE
added 5 days ago11 views

CVE-2026-7639

CVE-2026-7639 describes a vulnerability where software running as a non-privileged user can trigger a sequence of improper GPU system calls that cause use-after-free in the driver, enabling unprivileged access to memory from shader code. The failure path in MMU mapping can prevent complete cleanu...

7.8CVSS6.1AI score0.00122EPSS
Exploits0References1
OSV
OSV
added 5 days ago3 views

CVE-2026-46388 osquery: Unprivileged users can temporarily read file carve contents

osquery is a SQL powered operating system instrumentation, monitoring, and analytics framework. Prior to 5.23.1, an unprivileged attacker can read the contents of an osquery file carve until the carve completes and the temporary files are deleted because in-progress carve directories are not...

4.4CVSS6.2AI score0.00094EPSS
Exploits0References6
NVD
NVD
added 6 days ago7 views

CVE-2025-27462

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS0.00158EPSS
Exploits0References1
NVD
NVD
added 6 days ago7 views

CVE-2025-27463

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS0.00158EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago6 views

EUVD-2025-210445

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
CVE
CVE
added 6 days ago53 views

CVE-2025-27464

CVE-2025-27464 is part of a XenServer/Citrix Hypervisor set of flaws affecting Windows guest VMs. The root cause is that the XenServer VM Tools for Windows (XenServer VM Tools, Windows) before version 9.4.1 expose devices/facilities without proper security descriptors, enabling an unprivileged gu...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2025-27464 WinPVDrivers: Excessive permissions on user-exposed devices

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 6 days ago42 views

CVE-2025-27463

The CVE-2025-27463 entry corresponds to the Windows PV drivers exposed by XenServer/Citrix Hypervisor. These PV devices (XenCons, XenIface, XenBus) reportedly expose facilities to userspace with no security descriptors, making them fully accessible to unprivileged users. The connected sources ide...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago34 views

CVE-2025-27463 WinPVDrivers: Excessive permissions on user-exposed devices

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS0.00158EPSS
Exploits0References1
CVE
CVE
added 6 days ago3413 views

CVE-2025-27462

CVE-2025-27462 refers to the Windows PV drivers in XenServer/Citrix Hypervisor where several PV interfaces (XenCon s, XenIface, XenBus) expose no security descriptors, making them accessible to unprivileged users. The CVE is tied to the Windows PV drivers for XenServer 8.x; Linux guests are unaff...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2025-210443

This CNA information record relates to multiple CVEs; the text explains which aspects/vulnerabilities correspond to which CVE. The Windows PV drivers expose various facilities to userspace. Several of these have no security descriptor, and are therefore fully accessible to unprivileged users. The...

9.4CVSS7.4AI score0.00158EPSS
Exploits0References1
OSV
OSV
added 2026/06/30 3:19 p.m.2 views

CVE-2026-13455 PostgreSQL Anonymizer: Unrestricted function can leak the secret salt

PostgreSQL Anonymizer contains a vulnerability that allows unprivileged masked users to repeatedly call the anon.hash function and collects seed, hashoutput pairs to perform an offline brute-force attack and deduce the salt. The problem is resolved in PostgreSQL Anonymizer 3.1.2 and later version...

4.3CVSS6AI score0.00118EPSS
Exploits0References3
NVD
NVD
added 2026/06/25 9:16 a.m.8 views

CVE-2026-53249

In the Linux kernel, the following vulnerability has been resolved: ipv4: restrict IPOPTSSRR and IPOPTLSRR options This patch restricts setting Loose Source and Record Route LSRR and Strict Source and Record Route SSRR IP options to users with CAPNETRAW capability. This prevents unprivileged...

5.5CVSS0.00128EPSS
Exploits0References8
OSV
OSV
added 2026/06/22 3:12 p.m.2 views

SUSE-SU-2026:22343-1 Security update for firewalld

This update for firewalld fixes the following issue - CVE-2026-4948: local unprivileged users can modify firewall state due to D-Bus setter mis-authorizations bsc1260903...

5.5CVSS5.8AI score0.00118EPSS
Exploits0References3
VulnCheck KEV
VulnCheck KEV
added 2026/06/16 12:0 a.m.17 views

VulnCheck KEV: CVE-2025-1055

A vulnerability in the K7RKScan.sys driver, part of the K7 Security Anti-Malware suite, allows a local low-privilege user to send crafted IOCTL requests to terminate a wide range of processes running with administrative or system-level privileges, with the exception of those inherently protected ...

5.6CVSS5.3AI score0.00211EPSS
In wildExploits1References2
Tenable Nessus
Tenable Nessus
added 2026/06/09 12:0 a.m.11 views

EulerOS 2.0 SP11 : firewalld (EulerOS-SA-2026-2202)

According to the versions of the firewalld packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : A flaw was found in firewalld. A local unprivileged user can exploit this vulnerability by mis-authorizing two runtime D-Bus Desktop Bus setter...

5.5CVSS5.5AI score0.00118EPSS
Exploits0References2
RedhatCVE
RedhatCVE
added 2026/06/05 7:17 p.m.11 views

CVE-2026-6637

Stack buffer overflow in PostgreSQL module "refint" allows an unprivileged database user to execute arbitrary code as the operating system user running the database. A distinct attack is possible if the application declares a user-controlled column as a "refint" cascade primary key and facilitate...

8.8CVSS6.4AI score0.00378EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/28 10:34 a.m.126 views

Exploit for Missing Release of Memory after Effective Lifetime in Arm 5Th_Gen_Gpu_Architecture_Kernel_Driver

CVE-2023-26083 – Mali GPU Kernel Address Leak via Timeline Str...

3.3CVSS6.8AI score0.01429EPSS
Exploits1
Rows per page
Query Builder