Lucene search
K

829 matches found

Microsoft KB
Microsoft KB
added yesterday81 views

June 9, 2026—KB5094042 (Monthly Rollup)

None None...

9.8CVSS6.8AI score0.21506EPSS
Exploits2
Microsoft KB
Microsoft KB
added yesterday35 views

June 9, 2026—KB5094041 (Monthly Rollup)

None None...

9.8CVSS6.8AI score0.21506EPSS
Exploits2
Microsoft KB
Microsoft KB
added yesterday18 views

May 12, 2026-Security and Quality Rollup for .NET Framework 3.5 for Windows Server 2012 R2 (KB5087049)

None None...

7.8CVSS7AI score0.00662EPSS
Exploits0
CVE
CVE
added 6 days ago15 views

CVE-2026-33390

Summary: CVE-2026-33390 affects Arc sensors’ synchronization in Guardian/CMC prior to version 26.2.0. The root cause is an incorrect privilege assignment where Arc sensors receive CLI permissions during sync, allowing an authenticated user with limited privileges to issue administrative CLI comma...

8.1CVSS6AI score0.0021EPSS
Exploits0References1Affected Software2
Cvelist
Cvelist
added 6 days ago34 views

CVE-2026-33390 Incorrect privilege assignment for Arc sensors in Guardian/CMC before 26.2.0

An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...

8.1CVSS0.0021EPSS
Exploits0References1
NOZOMI
NOZOMI
added 2026/07/07 12:0 a.m.5 views

Incorrect privilege assignment for Arc sensors in Guardian/CMC before 26.2.0

Summary An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. Impact An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration,...

8.1CVSS6AI score0.0021EPSS
Exploits0Affected Software2
OSV
OSV
added 2026/06/25 10:34 p.m.5 views

GO-2026-5523 Arc has an authenticated arbitrary local-file read via DuckDB I/O functions that bypasses RBAC table-level checks in github.com/basekick-labs/arc

Arc has an authenticated arbitrary local-file read via DuckDB I/O functions that bypasses RBAC table-level checks in github.com/basekick-labs/arc...

5.9AI score0.00029EPSS
Exploits0References3
OSV
OSV
added 2026/06/25 10:34 p.m.4 views

GO-2026-5457 Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS in github.com/basekick-labs/arc

Arc: Unauthenticated access to Go debug pprof endpoints leaks runtime state and enables CPU-burn DoS in github.com/basekick-labs/arc...

5.8AI score0.0009EPSS
Exploits0References3
AstraLinux
AstraLinux
added 2026/06/19 11:10 a.m.5 views

Astra Linux – Vulnerability in RustC

In the standard library of Rust before version 1.29.0, there is weak synchronization in the Arc::getmut method. This synchronization issue can lead to memory safety issues due to race conditions...

5.9CVSS6.2AI score0.01054EPSS
Exploits0References1
NVD
NVD
added 2026/06/17 10:14 a.m.12 views

CVE-2026-12348

Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing...

7.4CVSS0.00283EPSS
Exploits0References1
CVE
CVE
added 2026/06/16 7:54 p.m.21 views

CVE-2026-12348

CVE-2026-12348 concerns Arc Search for Android. The entry describes an address bar spoofing flaw caused by a window.open race condition, enabling a remote attacker to render attacker-controlled content while displaying a trusted domain in the address bar (phishing risk). The CVSSv3.1 vector is pr...

7.4CVSS5.3AI score0.00283EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/16 12:0 a.m.18 views

PT-2026-49836

Address bar spoofing in Arc Search for Android allows a remote attacker to display a trusted domain in the address bar while rendering attacker-controlled content, enabling phishing...

7.4CVSS5.4AI score0.00283EPSS
Exploits0References2
NVD
NVD
added 2026/06/12 4:16 p.m.18 views

CVE-2026-46690

unboundedspsc is an "unbounded" extension of boundedspscqueue. In versions 0.2.0 and prior, sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race. At time of publication, there are no publicly available patches...

5.8CVSS0.0013EPSS
Exploits1References1
CVE
CVE
added 2026/06/12 2:56 p.m.24 views

CVE-2026-46690

Summary: CVE-2026-46690 affects the unbounded-spsc crate (0.2.0 and earlier). The vulnerability originates from an unsafe TRANSMUTE in Sender::send (DISCONNECTED branch) that reinterprets a raw pointer to a Producer as a Consumer, creating a fake Arc and enabling out-of-bounds access. This race w...

5.8CVSS5.2AI score0.0013EPSS
Exploits1References1Affected Software1
Microsoft KB
Microsoft KB
added 2026/06/09 2:0 p.m.61 views

May 12, 2026—Hotpatch KB5087423 (OS Build 26100.32772)

None None...

9.8CVSS6.9AI score0.99962EPSS
Exploits64
OSV
OSV
added 2026/06/08 11:51 p.m.11 views

GHSA-P2J4-C4G6-RPF5 Arc has an authenticated arbitrary local-file read via DuckDB I/O functions that bypasses RBAC table-level checks

Summary Arc's user-SQL validator internal/api/query.go:ValidateSQLRequest blocked only readparquet and arcpartitionagg via regex denylist. The broader DuckDB I/O function family — readcsvauto, readcsv, readjson, readjsonauto, readtext, readblob, glob, parquetmetadata, parquetschema, readxlsx, etc...

7.1CVSS5.6AI score0.00029EPSS
Exploits0References4
OSV
OSV
added 2026/05/29 7:5 p.m.7 views

GHSA-6M57-8R3P-PQX6 unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race

Summary Sender::send in src/lib.rs contains an unsafe block in the DISCONNECTED arm that transmutes a raw pointer mut Producer into the bytes of a value-level Consumer. The author's intent, visible in the surrounding comment at lines 386-390, was a value transmute. The shipped code is one level o...

5.8CVSS5.8AI score0.0013EPSS
Exploits1References3
Github Security Blog
Github Security Blog
added 2026/05/29 7:5 p.m.16 views

unbounded-spsc: Sender::send pointer-as-value transmute causes OOB read and fake-Arc drop under TX/RX race

Summary Sender::send in src/lib.rs contains an unsafe block in the DISCONNECTED arm that transmutes a raw pointer mut Producer into the bytes of a value-level Consumer. The author's intent, visible in the surrounding comment at lines 386-390, was a value transmute. The shipped code is one level o...

5.8CVSS5.8AI score0.0013EPSS
Exploits1References3Affected Software1
Positive Technologies
Positive Technologies
added 2026/05/29 12:0 a.m.14 views

PT-2026-45016

Content removed...

5.8CVSS5.2AI score0.0013EPSS
Exploits1References5
OSV
OSV
added 2026/05/20 7:23 a.m.10 views

MAL-2026-4481 Malicious code in arc-diag-util (npm)

--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 95f08d97107d726a6ae90afbf8e354b84a7e13d4a236bc8766180a362cc8344c On npm install, the package's postinstall hook runs id to capture the installer's uid/gid/group identity and opens a raw TCP socket to...

5.8AI score
Exploits0References1
Rows per page
Query Builder