109 matches found
CVE-2026-33828
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...
EUVD-2026-35657
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...
CVE-2026-33828
Trust boundary violation in Windows Attestation allows an authorized attacker to elevate privileges locally...
CVE-2026-44000
vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, a sandbox boundary violation in vm2 allows host object identity to cross into the sandbox through host Promise resolution. When a host-side Promise that resolves to a host object is exposed to the sandbox, the value delivered to the...
gix and gitoxide's symlinked .gitmodules are followed and parsed from outside of the repository
Summary attachments: pocs.zip When Repository::submodules loads submodule metadata, it prefers the worktree .gitmodules file if that path exists. In the current implementation, the path is read with std::fs::read, which follows symlinks. As a result, a repository can present a symlinked .gitmodul...
GHSA-PG4W-G64P-QWHJ gix and gitoxide's symlinked .gitmodules are followed and parsed from outside of the repository
Summary attachments: pocs.zip When Repository::submodules loads submodule metadata, it prefers the worktree .gitmodules file if that path exists. In the current implementation, the path is read with std::fs::read, which follows symlinks. As a result, a repository can present a symlinked .gitmodul...
PT-2026-38896
Summary attachments: pocs.zip When Repository::submodules loads submodule metadata, it prefers the worktree .gitmodules file if that path exists. In the current implementation, the path is read with std::fs::read, which follows symlinks. As a result, a repository can present a symlinked .gitmodul...
CVE-2026-29646
In OpenXiangShan NEMU prior to 55295c4, when running with RVH Hypervisor extension enabled, a VS-mode guest write to the supervisor interrupt-enable CSR sie may be handled incorrectly and can influence machine-level interrupt enable state mie. This breaks privilege/virtualization isolation and ca...
CVE-2026-29646
In OpenXiangShan NEMU prior to 55295c4, when running with RVH Hypervisor extension enabled, a VS-mode guest write to the supervisor interrupt-enable CSR sie may be handled incorrectly and can influence machine-level interrupt enable state mie. This breaks privilege/virtualization isolation and ca...
ROS-20260410-73-0010
Vulnerability in libssh related to initial buffer boundary violation. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
Trust Boundary Violation
Overview openclaw is a 🦞 OpenClaw — Personal AI Assistant Affected versions of this package are vulnerable to Trust Boundary Violation via the wake process. An attacker can inject unauthorized payloads into the trusted System: prompt channel by sending authenticated /hooks/wake or mapped wake...
ROS-20260317-73-0021
A vulnerability in the drivers/comedi/drivers/das6402.c module of the Linux operating system kernel is related to a violation of the initial buffer boundary. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20260216-73-0030
A vulnerability in the RMI component of the Oracle Java SE software platform, Oracle GraalVM for JDK and Oracle GraalVM Enterprise Edition virtual machines is related to an operation exceeding buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker acting remotely t...
ROS-20260202-73-0008
Vulnerability in kernel-lt related to reading outside buffer boundaries in memory. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
ROS-20260112-7317
Vulnerability of cmd.c, driver.h components of the Linux operating system kernel is related to reading outside the allowed data buffer boundaries. Exploitation of the vulnerability could allow an attacker to cause a denial of service...
CVE-2025-14095
A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...
CVE-2025-14095
A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...
CVE-2025-14095
CVE-2025-14095, CVE-2025-14096, and CVE-2025-14097 describe vulnerabilities in multiple Radiometer products. The issues arise from design weaknesses in application/OS access control, credential protection, and remote code execution conditions, with exploitation involving physical access (for 1409...
EUVD-2025-203887
A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...
CVE-2025-14095 Privilege boundary violation in Radiometer Products
A "Privilege boundary violation" vulnerability is identified affecting multiple Radiometer Products. Exploitation of this vulnerability gives a user with physical access to the analyzer, the possibility to gain unauthorized access to functionalities outside the restricted environment. The...