33930 matches found
CVE-2026-43685
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...
CVE-2026-43685
A Remote Code Execution vulnerability in Claris FileMaker Cloud allowed a user with Admin Console privileges to inject arbitrary operating system commands through unsanitized input in the External ODBC Data Source connection test feature. This issue is fixed in FileMaker Cloud 2.22.0.5...
CVE-2026-43685
CVE-2026-43685 is a Remote Code Execution vulnerability in Claris FileMaker Cloud. An Admin Console user can inject arbitrary operating system commands via unsanitized input in the External ODBC Data Source connection test feature. The issue is fixed in FileMaker Cloud 2.22.0.5. Documents provide...
CVE-2026-42858
Open edX Platform enables the authoring and delivery of online learning at any scale. The syncproviderdata endpoint in SAMLProviderDataViewSet allows authenticated Enterprise Admin users to supply an arbitrary URL via the metadataurl POST parameter. This URL is passed directly to requests.get in...
CVE-2026-35157
Dell ECS versions 3.8.1.0 through 3.8.1.7 and Dell ObjectScale versions prior to 4.3.0.0, contains an improper neutralization of formula elements in a CSV File vulnerability in the UI. An unauthenticated attacker with remote access could potentially exploit this vulnerability, leading to remote...
CVE-2026-44225 Pulpy: Incomplete filesystem sandbox in pulpy.fs bridge allows packaged web apps to read arbitrary user files
Pulpy is a lightweight, cross-platform desktop application packager for web apps. Prior to 0.1.1, Pulpy injects a pulpy.fs JavaScript API into every packaged web application, giving it access to the host filesystem. A validateFsPath function is supposed to sandbox this access, but its blocklist i...
EUVD-2026-29625
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...
EUVD-2026-29582
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...
EUVD-2026-29596
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...
EUVD-2026-29550
A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all...
CVE-2026-42141
Xibo is an open source digital signage platform with a web content management system and Windows display player software. Prior to 4.4.1, an authenticated Server-Side Request Forgery SSRF vulnerability in the Xibo CMS allows users with Library upload permissions to make arbitrary HTTP requests fr...
CVE-2026-35418
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-34337
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-33835
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-43929 ssrfcheck: Server-Side Request Forgery (SSRF) and Incomplete List of Disallowed Inputs
ssrfcheck is a library that checks if a string contains a potential SSRF attack. In 1.3.0 and earlier, ssrfcheck fails to block Server-Side Request Forgery attacks when the target private IP address is encoded as an IPv4-mapped IPv6 address e.g. http://::ffff:127.0.0.1/. The WHATWG URL parser bui...
CVE-2026-34337 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
...
CVE-2026-34337 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
...
CVE-2026-34337
CVE-2026-34337 describes a local privilege escalation via a use-after-free in the Windows Cloud Files Mini Filter Driver. An authorized attacker could elevate privileges locally (CVSS v3.1: AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H; base 7.8). The connected documents confirm the vulnerability descripti...
CVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
...
CVE-2026-33835
Technical details about CVE-2026-33835 are not publicly provided in the connected documents. The initial description notes a use-after-free in Windows Cloud Files Mini Filter Driver with local privilege elevation, but no vendor/product/version specifics or fix details are included here. Monitor f...