Lucene search
K

158 matches found

NVD
NVD
•added 10 hours ago•4 views

CVE-2026-14868

The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gai...

8.4CVSS
Exploits0References1
CVE
CVE
•added 11 hours ago•8 views

CVE-2026-14868

The issue involves PcVue projects where the encryption protecting user account configurations in the built‑in user directory is too weak for prior versions (

8.4CVSS5.9AI score
Exploits0References1
Cvelist
Cvelist
•added 11 hours ago•8 views

CVE-2026-14868 Weak encryption mechanism for User directory

The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gai...

8.4CVSS
Exploits0References1
CVE
CVE
•added 11 hours ago•8 views

CVE-2026-14867

PcVue projects store credentials for built-in users insecurely in the User directory, affecting all versions before 17.0.0. A local attacker could retrieve these credentials, impacting confidentiality. Active Directory accounts are not affected. The provided documents do not include explicit reme...

6.8CVSS5.9AI score
Exploits0References1
ATTACKERKB
ATTACKERKB
•added 11 hours ago•3 views

CVE-2026-14867

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...

6.8CVSS5.9AI score
Exploits0References2
EUVD
EUVD
•added 11 hours ago•5 views

EUVD-2026-42031

Credentials of built-in users are insecurely stored in the User directory of PcVue projects, all versions prior to 17.0.0. A local attacker could retrieve users’ credentials. Active Directory accounts are not affected by this vulnerability...

6.8CVSS5.9AI score
Exploits0References1
AstraLinux
AstraLinux
•added 2026/05/20 5:53 a.m.•7 views

Astra Linux – Vulnerability in Thunderbird

Previously, Firefox for macOS and Linux would download temporary files to a user-specific directory in /tmp. However, this behavior was changed so that the files were downloaded to /tmp, where they could be affected by other local users. This behavior has been reverted to the original,...

6.5CVSS6.1AI score0.0068EPSS
Exploits1References1
EUVD
EUVD
•added 2026/05/12 6:30 p.m.•9 views

EUVD-2026-29501

The loadmodel function in the neuralmagictraining.py script of the optimate project in commit a6d302f912b481c94370811af6b11402f51d377f 2024-07-21 allows arbitrary code execution. When a user supplies a directory path via the --model command-line argument, the function reads a module.py file from...

6.2AI score0.00426EPSS
Exploits0References3
Positive Technologies
Positive Technologies
•added 2026/05/12 12:0 a.m.•13 views

PT-2026-40056

Name of the Vulnerable Software and Affected Versions optimate versions prior to commit a6d302f912b481c94370811af6b11402f51d377f Description The load model function in the neural magic training.py script allows arbitrary code execution. When a directory path is supplied via the --model command-li...

9.8CVSS6.2AI score0.00426EPSS
Exploits0References4
CNNVD
CNNVD
•added 2026/05/12 12:0 a.m.•9 views

OptiMate å®‰å…Øę¼ę“ž

OptiMate is an AI model optimization tool library developed by Nebuly. There is a security vulnerability in OptiMate. This vulnerability stems from the loadmodel function in the neuralmagictraining.py script, which directly executes the content of the module.py file located in the user-provided...

9.8CVSS6AI score0.00426EPSS
Exploits0References2
Positive Technologies
Positive Technologies
•added 2026/05/12 12:0 a.m.•11 views

PT-2026-40119

The CosyVoice project thru commit 6e01309e01bc93bbeb83bdd996b1182a81aaf11e 2025-30-21 contains an insecure deserialization vulnerability CWE-502 in its model loading process. When loading model files .pt from a user-specified directory via the --model dir argument, the code uses torch.load withou...

6.5AI score0.00458EPSS
Exploits0References3
GithubExploit
GithubExploit
•added 2026/04/01 1:6 p.m.•137 views

Exploit for CVE-2026-30332

CVE-2026-30332 Description A Time-of-Check to Time-of-Use...

6AI score0.00169EPSS
Exploits1
OSV
OSV
•added 2026/03/27 7:11 a.m.•7 views

BIT-DISCOURSE-2026-33425 Discourse has inferable private group membership or existence via exclude_groups parameter

Discourse is an open-source discussion platform. Prior to versions 2026.3.0, 2026.2.1, and 2026.1.2, unauthenticated users can determine whether a specific user is a member of a private group by observing changes in directory results when using the excludegroups parameter. Versions 2026.3.0,...

6.9CVSS5.9AI score0.00207EPSS
Exploits0References2
OSV
OSV
•added 2026/03/20 11:12 p.m.•7 views

CVE-2026-33425 Discourse has inferable private group membership or existence via exclude_groups parameter

Discourse is an open-source discussion platform. Prior to versions 2026.3.0-latest.1, 2026.2.1, and 2026.1.2, unauthenticated users can determine whether a specific user is a member of a private group by observing changes in directory results when using the excludegroups parameter. Versions...

6.9CVSS5.9AI score0.00207EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
•added 2026/03/16 12:0 a.m.•4 views

EulerOS 2.0 SP12 : httpd (EulerOS-SA-2026-1396)

According to the versions of the httpd packages installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : Apache HTTP Server 2.4.65 and earlier with Server Side Includes SSI enabled and modcgid but not modcgi passes the shell-escaped query string to exe...

8.3CVSS7.2AI score0.01527EPSS
Exploits0References4
RedhatCVE
RedhatCVE
•added 2026/03/06 7:51 a.m.•5 views

CVE-2026-29127

The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation dependin...

9.2CVSS5.8AI score0.00169EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
•added 2026/03/05 2:36 a.m.•7 views

CVE-2026-29127

The IDC SFX2100 Satellite Receiver sets overly permissive file system permissions on the monitor user's home directory. The directory is configured with permissions 0777, granting read, write, and execute access to all local users on the system, which may cause local privilege escalation dependin...

9.2CVSS6AI score0.00169EPSS
Exploits1References2
RedhatCVE
RedhatCVE
•added 2026/02/27 7:44 p.m.•5 views

CVE-2026-26265

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS6AI score0.00266EPSS
Exploits0References1
EUVD
EUVD
•added 2026/02/26 3:10 p.m.•4 views

EUVD-2026-8859

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS5.7AI score0.00266EPSS
Exploits0References1
Vulnrichment
Vulnrichment
•added 2026/02/26 3:10 p.m.•3 views

CVE-2026-26265 Discourse has IDOR vulnerability in the directory items endpoint

Discourse is an open source discussion platform. Prior to versions 2025.12.2, 2026.1.1, and 2026.2.0, an IDOR vulnerability in the directory items endpoint allows any user, including anonymous users, to retrieve private user field values for all users in the directory. The userfieldids parameter ...

7.5CVSS6AI score0.00266EPSS
Exploits0References1
Rows per page
Query Builder