Lucene search
K

6716 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/03 10:41 a.m.10 views

CVE-2026-35082

The ugw-logread method allows a remote attacker with user privileges to access arbitrary local files due to insufficient validation of user-supplied input...

8.8CVSS6AI score0.00494EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/03 10:40 a.m.13 views

CVE-2026-35080

The ugw-restoreinfo method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS6AI score0.0037EPSS
Exploits0References2
Cvelist
Cvelist
added 2026/06/03 10:39 a.m.44 views

CVE-2026-35079 Arbitrary file delete vulnerability in method ugw-restore

The ugw-restore method allows a remote attacker with user privileges to delete arbitrary local files due to insufficient validation of user-controlled input...

8.1CVSS0.0037EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2026/06/03 5:6 a.m.13 views

OpenSSH: OpenSSH: Low integrity impact from unconfirmed proxy-mode multiplexing sessions

A flaw was found in OpenSSH. This vulnerability allows for a low integrity impact due to the omission of connection multiplexing confirmation for proxy-mode multiplexing sessions. A local user, under specific and complex conditions requiring user interaction, could potentially establish a...

2.5CVSS5.8AI score0.0013EPSS
Exploits0References7
RedhatCVE
RedhatCVE
added 2026/06/02 10:2 p.m.16 views

CVE-2026-5515

IBM App Connect Enterprise 13.0.1.0 through 13.0.7.0 stores potentially sensitive information in log files that could be read by a local user...

5.5CVSS5.8AI score0.001EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/02 10:2 p.m.14 views

CVE-2026-45632

Dokploy is a free, self-hostable Platform as a Service PaaS. In 0.26.7 and earlier, the schedule router does not enforce organization/role checks. As a result, any authenticated user can create, update, run, or delete schedules belonging to other organizations if they know the scheduleId/serverId...

9.9CVSS6AI score0.00256EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/02 12:31 a.m.42 views

EUVD-2025-210009

In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00084EPSS
Exploits0References2
CVE
CVE
added 2026/06/01 10:24 p.m.28 views

CVE-2026-28511

CVE-2026-28511 affects eLabFTW. Before version 5.4.2, an authenticated user performing a numeric reference/search could receive results that include resources the user is not authorized to view. The exposed data is limited to resource titles; attempts to access the underlying protected content re...

4.3CVSS5.8AI score0.00186EPSS
Exploits0References1Affected Software1
NVD
NVD
added 2026/06/01 10:16 p.m.16 views

CVE-2025-22426

In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS0.00084EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 9:14 p.m.10 views

CVE-2025-22426

In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00084EPSS
Exploits0References1
CVE
CVE
added 2026/06/01 9:14 p.m.20 views

CVE-2025-22426

CVE-2025-22426 involves a logic error in ComputerEngine.java that can allow cross-user access to URIs, enabling local privilege escalation without user interaction. Exploitation details and affected product/version specifics are not provided in the documents; remediation/patch details are not exp...

7.8CVSS5.9AI score0.00084EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.42 views

CVE-2025-22426

In many functions of ComputerEngine.java, there is a possible way to access URIs across users due to a logic error in the code. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

0.00084EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.34 views

CVE-2025-22424

In multiple locations, there is a possible way to reveal images across users due to improper input validation. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is needed for exploitation...

0.00088EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/01 4:40 p.m.32 views

CVE-2026-45267 Nextcloud: Missing permission check for from submissions

Nextcloud is an open source content collaboration platform. Prior to version 5.2.6, a missing permissions check allowed users to request reading form submissions of other users. This issue has been patched in version 5.2.6...

6.5CVSS0.00291EPSS
Exploits0References3
CVE
CVE
added 2026/06/01 2:15 a.m.30 views

CVE-2026-10215

Dolibarr ERP CRM up to version 23.0.1 is affected by CVE-2026-10215 in the Leave Request REST API component, specifically the file htdocs/holiday/class/api_holidays.class.php, function checkUserAccessToObject. The issue allows improper authorization, potentially enabling remote exploitation. Publ...

5.3CVSS5.4AI score0.00259EPSS
Exploits0References9
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.20 views

PT-2026-45652

Name of the Vulnerable Software and Affected Versions Kiteworks versions prior to 9.3.0 Description Kiteworks is a private data network PDN. An Insecure Direct Object Reference IDOR—a flaw where an application provides direct access to objects based on user-supplied input—exists in Kiteworks Secu...

4.3CVSS5.5AI score0.00152EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/05/29 6:15 p.m.12 views

CVE-2026-49367

In JetBrains IntelliJ IDEA before 2026.1.1 command execution was possible via the guest user account...

8CVSS5.9AI score0.00332EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/29 4:53 p.m.10 views

CVE-2026-45577

Neotoma provides versioned records that persist across agent runs. From 0.6.0 to before 0.11.1, Neotoma can treat public reverse-proxied requests as local when the app receives them over a loopback socket and no Bearer token is present. In affected deployments, the REST auth middleware can resolv...

6.9CVSS5.8AI score0.00249EPSS
Exploits0References3Affected Software1
Vulnrichment
Vulnrichment
added 2026/05/29 2:0 a.m.14 views

CVE-2026-8070

Incorrect permission assignment for a critical resource in Armoury Crate allows a local user to bypass the driver’s validation mechanism, resulting in unauthorized read and write access to physical memory.Refer to the ' Security Update for Armoury Crate App ' section on the ASUS Security...

7.3CVSS5.8AI score0.0009EPSS
Exploits0References1
CNNVD
CNNVD
added 2026/05/29 12:0 a.m.10 views

ASUS Armoury Crate 安全漏洞

ASUS Armoury Crate is a software utility developed by ASUS Corporation in China. It aims to provide centralized control over supported ROG gaming products. ASUS Armoury Crate has a security vulnerability caused by improper allocation of permissions for critical resources. This vulnerability may...

7.3CVSS5.8AI score0.0009EPSS
Exploits0References2
Rows per page
Query Builder