Lucene search
K

215057 matches found

Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.18 views

Microsoft Edge (Chromium) < 149.0.4022.80 (CVE-2026-32208)

The version of Microsoft Edge installed on the remote Windows host is prior to 149.0.4022.80. It is, therefore, affected by a vulnerability as referenced in the June 18, 2026 advisory. Note that Nessus has not tested for this issue but has instead relied only on the application's self-reported...

8.8CVSS6AI score0.00282EPSS
Exploits0References3
Tenable Nessus
Tenable Nessus
added 2026/06/19 12:0 a.m.9 views

Python Library yt-dlp < 2026.6.9 Multiple Vulnerabilities

The detected version of the yt-dlp Python package is prior to 2026.6.9. It is, therefore, affected by multiple vulnerabilities: - A vulnerability exists in yt-dlp that allows a remote attacker to write arbitrary OS-shortcut files such as .desktop, .url, .webloc to the user's filesystem, bypassing...

9.6CVSS6.7AI score0.00555EPSS
Exploits1References4
CVE
CVE
added 2026/06/18 7:39 p.m.19 views

CVE-2026-25865

CVE-2026-25865 affects Punto Switcher 4.5.0.583. The vulnerability is an unquoted search path element invoked via WinExec when calling RunDll32.exe for shell32.dll Control_RunDLL input.dll, enabling local arbitrary code execution if an attacker places a malicious executable earlier in the search ...

8.5CVSS6.3AI score0.00149EPSS
Exploits0References3
IBM Security Bulletins
IBM Security Bulletins
added 2026/06/18 5:57 p.m.11 views

Security Bulletin: Use of Aspera products with Windows XP/IE 8

Question Security Bulletin: Use of Aspera products with Windows XP/IE 8 "Business Unit":"code":"BU059","label":"IBM Software w/o TPS","Product":"code":"SS8NDZ","label":"IBM Aspera","Component":"","Platform":"code":"PF025","label":"Platform Independent","Version":"All Versions","Edition":"","Line...

5.4AI score
Exploits0Affected Software1
The Hacker News
The Hacker News
added 2026/06/18 2:30 p.m.12 views

Microsoft Details Windows Clipper Malware Campaign Using USB LNK Worm and Tor-Based C2

Microsoft has disclosed details of a Windows-based cryptocurrency clipper campaign codenamed CryptoBandits that has targeted users since February 2026 with clipboard-intercepting malware with self-spreading capabilities and using the Tor anonymity network to hide communication. "The clipper in th...

6.4AI score
Exploits0
NVD
NVD
added 2026/06/18 2:17 p.m.10 views

CVE-2026-11958

Local privilege escalation by loading DLLs from a shared temporary directory in ANSSI’s DFIR-ORC, versions 10.2.7 and prior. An attacker with prior access to the system, can place a malicious DLL in C:\Windows\Temp and wait for the application to be executed. Because DFIR-ORC is extracted and...

7.3CVSS0.00102EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 1:45 p.m.4 views

OSEC-2026-05 Windows command execution via filename quotes.

The quoting of stdin/stdout/stderror using Filename.quotecommand on Windows is not sufficient, and allows the & character to be passed through. This allows an attacker to inject a shell command if they can specify the stdin/stdout/stderr of a program to be executed. Exploit bash $ opam exec --...

6.1CVSS5.3AI score
Exploits0
EUVD
EUVD
added 2026/06/18 11:1 a.m.9 views

EUVD-2026-37877

Local privilege escalation by loading DLLs from a shared temporary directory in ANSSI’s DFIR-ORC, versions 10.2.7 and prior. An attacker with prior access to the system, can place a malicious DLL in C:\Windows\Temp and wait for the application to be executed. Because DFIR-ORC is extracted and...

7.3CVSS5.3AI score0.00102EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/18 11:1 a.m.6 views

CVE-2026-11958

Local privilege escalation by loading DLLs from a shared temporary directory in ANSSI’s DFIR-ORC, versions 10.2.7 and prior. An attacker with prior access to the system, can place a malicious DLL in C:\Windows\Temp and wait for the application to be executed. Because DFIR-ORC is extracted and...

7.3CVSS5.3AI score0.00102EPSS
Exploits0References3
CVE
CVE
added 2026/06/18 11:1 a.m.18 views

CVE-2026-11958

ANSSI DFIR-ORC (versions up to 10.2.7) is affected by local privilege escalation via DLLs loaded from a shared temporary directory. An attacker with prior system access can drop a malicious DLL in C:\Windows\Temp and wait for the DFIR-ORC process, which is extracted and executed from that locatio...

7.3CVSS5.3AI score0.00102EPSS
Exploits0References2
OSV
OSV
added 2026/06/18 9:53 a.m.8 views

BIT-PYTHON-MIN-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.4AI score0.00136EPSS
Exploits0References9
OSV
OSV
added 2026/06/18 9:53 a.m.5 views

BIT-PYTHON-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.5AI score0.00136EPSS
Exploits0References9
OSV
OSV
added 2026/06/18 9:49 a.m.6 views

BIT-LIBPYTHON-2026-12003 CPython >3.11 Insecure Input Validation resulting in privilege escalation

To allow builds of Python to be run from an in-tree layout rather than an installed file layout, the VPATH variable is defined at build time and used to locate certain landmarks - specifically, Modules/setup.local. When this landmark is found relative to VPATH relative to the executable, Python...

5.3CVSS5.4AI score0.00136EPSS
Exploits0References9
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.8 views

SUSE CVE-2026-12437

Use after free in WebShare in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker who had compromised the renderer process to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

8.3CVSS5.3AI score0.00279EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.9 views

SUSE CVE-2026-12440

Use after free in DigitalCredentials in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to potentially perform a sandbox escape via a crafted HTML page. Chromium security severity: Critical...

9.6CVSS5.3AI score0.00251EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.8 views

SUSE CVE-2026-12444

Out of bounds read in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to obtain potentially sensitive information from process memory via a malicious file. Chromium security severity: High...

5.5CVSS5.2AI score0.00143EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 2:0 a.m.9 views

SUSE CVE-2026-12449

Use after free in Chromoting in Google Chrome on Windows prior to 149.0.7827.155 allowed a local attacker to perform OS-level privilege escalation via a malicious file. Chromium security severity: High...

7.8CVSS5.2AI score0.00109EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.8 views

SUSE CVE-2026-12461

Out of bounds read in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to obtain potentially sensitive information from process memory via a crafted HTML page. Chromium security severity: High...

6.5CVSS5.3AI score0.00242EPSS
Exploits0References3
SUSE CVE
SUSE CVE
added 2026/06/18 1:59 a.m.8 views

SUSE CVE-2026-12466

Heap buffer overflow in WebRTC in Google Chrome on Windows prior to 149.0.7827.155 allowed a remote attacker to execute arbitrary code via a crafted HTML page. Chromium security severity: High...

8.8CVSS6.3AI score0.00426EPSS
Exploits0References3
RedhatCVE
RedhatCVE
added 2026/06/17 10:29 p.m.8 views

CVE-2026-48818

A flaw was found in Starlette, a lightweight ASGI framework. On Windows systems, the StaticFiles component is vulnerable to Server-Side Request Forgery SSRF. A remote attacker can exploit this by providing a specially crafted Universal Naming Convention UNC path, which causes the system to initia...

7.5CVSS5AI score0.00368EPSS
Exploits0References7
Rows per page
Query Builder