Lucene search
+L

287 matches found

NVD
NVD
added 4 days ago3 views

CVE-2026-50337

Incorrect type conversion or cast in Windows Notification allows an authorized attacker to elevate privileges locally...

7.8CVSS0.00318EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 4 days ago6 views

Windows Notification Elevation of Privilege Vulnerability

Incorrect type conversion or cast in Windows Notification allows an authorized attacker to elevate privileges locally...

7.8CVSS6.1AI score0.00318EPSS
Exploits0
NVD
NVD
added 5 days ago8 views

CVE-2026-51536

In OpENer 2.3.0 commit 76b95cf when parsing incoming CIP Common Industrial Protocol network packets, the length parameter is inconsistently typed across the call stack. Specifically, an upstream length calculated as an int is passed to a downstream function that expects an EipInt16 a 16-bit signe...

9.1CVSS0.00472EPSS
Exploits0References2
Microsoft CVE
Microsoft CVE
added 2026/06/27 8:7 a.m.8 views

thunderbolt: Validate XDomain request packet size before type cast

...

8.1CVSS5.8AI score0.00283EPSS
Exploits0
SUSE CVE
SUSE CVE
added 2026/06/26 2:12 a.m.10 views

SUSE CVE-2026-53147

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...

8.1CVSS5.9AI score0.00283EPSS
Exploits0References3
Debian CVE
Debian CVE
added 2026/06/25 8:38 a.m.8 views

CVE-2026-53147

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...

8.1CVSS5.8AI score0.00283EPSS
Exploits0
OSV
OSV
added 2026/06/25 8:38 a.m.3 views

CVE-2026-53147 thunderbolt: Validate XDomain request packet size before type cast

In the Linux kernel, the following vulnerability has been resolved: thunderbolt: Validate XDomain request packet size before type cast tbxdphandlerequest casts the received packet buffer to protocol-specific structs without verifying that the allocation is large enough for the target type. A peer...

8.1CVSS5.9AI score0.00283EPSS
Exploits0References9
Snyk
Snyk
added 2026/05/22 5:32 a.m.8 views

Incorrect Type Conversion or Cast

Overview golang.org/x/crypto/ssh is a SSH client and server Affected versions of this package are vulnerable to Incorrect Type Conversion or Cast due to an incorrectly placed cast from bytes to int in the AES-GCM packet decoder process. An attacker can cause a server-side panic by sending special...

8.7CVSS5.8AI score0.00359EPSS
Exploits0References2
UbuntuCve
UbuntuCve
added 2026/05/22 12:0 a.m.14 views

CVE-2026-46597

An incorrectly placed cast from bytes to int allowed for server-side panic in the AES-GCM packet decoder for well-crafted inputs...

7.5CVSS5.8AI score0.00359EPSS
Exploits0References5
AstraLinux
AstraLinux
added 2026/05/20 5:53 a.m.5 views

Astra Linux – Vulnerability in Linux 5.10

In the Linux kernel, the following vulnerabilities have been resolved: drm/xe: Fixed a potential integer overflow in the page size calculation. Explicitly cast tbo-pagealignment to u64 before shifting bits to prevent overflow when assigning to minpagesize...

5.5CVSS6AI score0.00197EPSS
Exploits0References2
CNVD
CNVD
added 2026/04/08 12:0 a.m.7 views

OpenClaw has an unspecified vulnerability (CNVD-2026-16698)

OpenClaw is an intelligent artificial assistant open-sourced by OpenClaw. OpenClaw suffers from a security vulnerability that can be exploited by an attacker to cause an attacker with operator.pairing privileges to cast tokens with broader privileges to obtain an operator.admin token and execute...

9.9CVSS7.7AI score0.0054EPSS
Exploits0
ATTACKERKB
ATTACKERKB
added 2026/04/02 5:42 p.m.5 views

CVE-2026-34593

Ash Framework is a declarative, extensible framework for building Elixir applications. Prior to version 3.22.0, Ash.Type.Module.castinput/2 unconditionally creates a new Erlang atom via Module.concatvalue for any user-supplied binary string that starts with "Elixir.", before verifying whether the...

8.2CVSS5.8AI score0.00423EPSS
Exploits1References3Affected Software1
EUVD
EUVD
added 2026/03/05 3:31 a.m.10 views

EUVD-2026-9516

Multiple SUID root-owned binaries are found in /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 in International Data Casting IDC SFX2100 Satellite Receiver, which may lead to local privlidge escalation from t...

8.6CVSS5.8AI score0.00119EPSS
Exploits1References2
NVD
NVD
added 2026/03/05 2:16 a.m.8 views

CVE-2026-29126

Incorrect permission assignment world-writable file in /etc/udhcpc/default.script in International Data Casting IDC SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges local privilege escalation and persistence via...

8.5CVSS0.00142EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 2026/03/05 1:51 a.m.6 views

CVE-2026-29126

Incorrect permission assignment world-writable file in /etc/udhcpc/default.script in International Data Casting IDC SFX2100 Satellite Receiver allows a local unprivileged attacker to potentially execute arbitrary commands with root privileges local privilege escalation and persistence via...

8.5CVSS6.1AI score0.00142EPSS
Exploits1References2
CVE
CVE
added 2026/03/05 1:23 a.m.13 views

CVE-2026-29124

The CVE-2026-29124 entry affects International Data Casting (IDC) SFX2100 Satellite Receiver. It reports multiple SUID root-owned binaries located under /home/monitor/terminal, /home/monitor/kore-terminal, /home/monitor/IDE-DPack/terminal-dpack, and /home/monitor/IDE-DPack/terminal-dpack2 that ma...

8.6CVSS5.8AI score0.00119EPSS
Exploits1References1Affected Software1
Vulnrichment
Vulnrichment
added 2026/03/05 12:53 a.m.2 views

CVE-2026-29122 `/bin/date` Binary given SETUID Permissions on IDC SFX2100 Leading to Potential LPE

International Data Casting IDC SFX2100 satellite receiver comes with the /bin/date utility installed with the setuid bit set. This configuration grants elevated privileges to any local user who can execute the binary. A local actor is able to use the GTFObins resource to preform privileged file...

9.2CVSS6AI score0.00139EPSS
Exploits1References2
Positive Technologies
Positive Technologies
added 2026/03/05 12:0 a.m.12 views

PT-2026-23120

Name of the Vulnerable Software and Affected Versions International Data Casting IDC SFX2100 Satellite Receiver affected versions not specified Description Multiple SUID root-owned binaries are present in the following directories: /home/monitor/terminal, /home/monitor/kore-terminal,...

8.6CVSS5.8AI score0.00119EPSS
Exploits1References6
Cvelist
Cvelist
added 2026/02/24 1:50 a.m.26 views

CVE-2026-25989 ImageMagick has integer overflow or wraparound and incorrect conversion between numeric types in the internal SVG decoder

ImageMagick is free and open-source software used for editing and manipulating digital images. Prior to versions 7.1.2-15 and 6.9.13-40, a crafted SVG file can cause a denial of service. An off-by-one boundary check instead of = that allows bypass the guard and reach an undefined sizet cast...

7.5CVSS0.00594EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/02/22 11:31 p.m.6 views

CVE-2026-2588

Crypt::NaCl::Sodium versions through 2.001 for Perl has an integer overflow flaw on 32-bit systems. Sodium.xs casts a STRLEN sizet to unsigned long long when passing a length pointer to libsodium functions. On 32-bit systems sizet is typically 32-bits while an unsigned long long is at least 64-bi...

5.6AI score0.00346EPSS
Exploits0References4
Rows per page
Query Builder