Lucene search
K

1735 matches found

EUVD
EUVD
added 2026/03/09 3:30 p.m.5 views

EUVD-2026-10331

Software installed and run as a non-privileged user may conduct improper GPU system calls to gain write permission to read-only wrapped user-mode memory. This is caused by improper handling of the memory protections for the user-mode wrapped memory resource...

4.4CVSS5.8AI score0.00124EPSS
Exploits0References2
CVE
CVE
added 2026/03/09 12:23 p.m.15 views

CVE-2026-21736

CVE-2026-21736 is a GPU DDK vulnerability where a non-privileged user can perform improper GPU system calls to gain write access to read-only wrapped user-mode memory. The enrichment notes an insufficient permission check in PhysmemWrapExtMem() when write attribute support is enabled; the root ca...

4.4CVSS5.8AI score0.00124EPSS
Exploits0References1Affected Software1
OSV
OSV
added 2026/02/27 7:29 p.m.4 views

GHSA-QMJJ-P7M9-WJRV @actual-app/sync-server: Missing authorization in sync endpoints allows cross-user budget file access in multi-user mode

In multi-user mode OpenID, the sync API endpoints /sync/ don't verify that the authenticated user owns or has access to the file being operated on. Any authenticated user can read, modify, and overwrite any other user's budget files by providing their file ID. Affected Code File:...

7.1CVSS6AI score0.00295EPSS
Exploits1References5
GitLab Advisory Database
GitLab Advisory Database
added 2026/02/27 12:0 a.m.9 views

@actual-app/sync-server: Missing authorization in sync endpoints allows cross-user budget file access in multi-user mode

In multi-user mode OpenID, the sync API endpoints /sync/ don't verify that the authenticated user owns or has access to the file being operated on. Any authenticated user can read, modify, and overwrite any other user's budget files by providing their file ID...

7.1CVSS5.9AI score0.00295EPSS
Exploits1References6Affected Software1
NVD
NVD
added 2026/02/26 11:16 p.m.5 views

CVE-2026-27638

Actual is a local-first personal finance tool. Prior to version 26.2.1, in multi-user mode OpenID, the sync API endpoints /sync/ don't verify that the authenticated user owns or has access to the file being operated on. Any authenticated user can read, modify, and overwrite any other user's budge...

7.1CVSS0.00295EPSS
Exploits1References3
Cvelist
Cvelist
added 2026/02/26 10:14 p.m.20 views

CVE-2026-27638 ActualBudget missing authorization in sync endpoints allows cross-user budget file access in multi-user mode

Actual is a local-first personal finance tool. Prior to version 26.2.1, in multi-user mode OpenID, the sync API endpoints /sync/ don't verify that the authenticated user owns or has access to the file being operated on. Any authenticated user can read, modify, and overwrite any other user's budge...

7.1CVSS0.00295EPSS
Exploits1References3
Vulnrichment
Vulnrichment
added 2026/02/26 10:14 p.m.2 views

CVE-2026-27638 ActualBudget missing authorization in sync endpoints allows cross-user budget file access in multi-user mode

Actual is a local-first personal finance tool. Prior to version 26.2.1, in multi-user mode OpenID, the sync API endpoints /sync/ don't verify that the authenticated user owns or has access to the file being operated on. Any authenticated user can read, modify, and overwrite any other user's budge...

7.1CVSS5.9AI score0.00295EPSS
Exploits1References3
CVE
CVE
added 2026/02/26 10:14 p.m.21 views

CVE-2026-27638

CVE-2026-27638 affects ActualBudget in multi-user mode, where the sync endpoints (/sync/*) fail to verify file ownership. This allows any authenticated user to read, modify, or overwrite another user’s budget files by supplying a file ID. Version 26.2.1 patches the issue. The CVSS-derived metrics...

7.1CVSS5.4AI score0.00295EPSS
Exploits1References3Affected Software1
OSV
OSV
added 2026/02/19 2:23 p.m.12 views

USN-8033-8 linux-intel-iotg vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux UML; - x86 architecture; - Block layer subsystem;...

7.8CVSS6.9AI score0.00248EPSS
Exploits4References115
Ubuntu
Ubuntu
added 2026/02/19 10:10 a.m.12 views

USN-8033-7: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux UML; - x86 architecture; - Block layer subsystem;...

7.8CVSS8.2AI score0.00248EPSS
Exploits4
Ubuntu
Ubuntu
added 2026/02/17 2:57 p.m.18 views

USN-8033-5: Linux kernel vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux UML; - x86 architecture; - Block layer subsystem;...

7.8CVSS8.7AI score0.00248EPSS
Exploits4
Ubuntu
Ubuntu
added 2026/02/13 9:44 a.m.22 views

USN-8033-4: Linux kernel (AWS) vulnerabilities

Several security issues were discovered in the Linux kernel. An attacker could possibly use these to compromise the system. This update corrects flaws in the following subsystems: - Nios II architecture; - Sun Sparc architecture; - User-Mode Linux UML; - x86 architecture; - Block layer subsystem;...

7.8CVSS7.3AI score0.00248EPSS
Exploits4
OSV
OSV
added 2026/02/12 10:16 p.m.6 views

ALPINE-CVE-2025-14282

A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's file...

5.4CVSS5.5AI score0.00364EPSS
Exploits0References1
OSV
OSV
added 2026/02/12 10:16 p.m.5 views

UBUNTU-CVE-2025-14282

A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's file...

5.4CVSS5.8AI score0.00364EPSS
Exploits0References5
OSV
OSV
added 2026/02/12 9:37 p.m.13 views

CVE-2025-14282 Dropbear: privilege escalation via unix domain socket forwardings

A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's file...

5.4CVSS6AI score0.00364EPSS
Exploits0References10
ATTACKERKB
ATTACKERKB
added 2026/02/12 9:37 p.m.4 views

CVE-2025-14282

A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's file...

5.4CVSS5.5AI score0.00364EPSS
Exploits0References3Affected Software1
Cvelist
Cvelist
added 2026/02/12 9:37 p.m.25 views

CVE-2025-14282 Dropbear: privilege escalation via unix domain socket forwardings

A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's file...

5.4CVSS0.00364EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/02/12 9:37 p.m.6 views

CVE-2025-14282 Dropbear: privilege escalation via unix domain socket forwardings

A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's file...

5.4CVSS5.4AI score0.00364EPSS
Exploits0References5
CVE
CVE
added 2026/02/12 9:37 p.m.268 views

CVE-2025-14282

Affected software. Dropbear SSH server. In multi-user mode, the server forwards sockets requested by the remote client as root, and only switches to the logged-in user upon spawning a shell or performing user-file operations. The ability to use unix domain sockets as forwarding destinations allow...

5.4CVSS5.4AI score0.00364EPSS
Exploits0References7
AlpineLinux
AlpineLinux
added 2026/02/12 9:37 p.m.2 views

CVE-2025-14282

A flaw was found in Dropbear. When running in multi-user mode and authenticating users, the dropbear ssh server does the socket forwardings requested by the remote client as root, only switching to the logged-in user upon spawning a shell or performing some operations like reading the user's file...

5.4CVSS5.4AI score0.00364EPSS
Exploits0
Rows per page
Query Builder