33931 matches found
CVE-2026-33835
Technical details about CVE-2026-33835 are not publicly provided in the connected documents. The initial description notes a use-after-free in Windows Cloud Files Mini Filter Driver with local privilege elevation, but no vendor/product/version specifics or fix details are included here. Monitor f...
CVE-2026-33835 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
...
CVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
...
CVE-2026-35418 Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
...
CVE-2026-35418
CVE-2026-35418 – Summary : Use-after-free in Windows Cloud Files Mini Filter Driver allows an authorized local attacker to elevate privileges. The CVE entry is supported by NVD/EUVD/CVE records describing a local, privilege-escalation vulnerability with a high CVSS v3.1 score (7.8; LOCAL, LOW att...
CVE-2026-26083
A missing authorization vulnerability in Fortinet FortiSandbox 5.0.0 through 5.0.1, FortiSandbox 4.4.0 through 4.4.8, FortiSandbox Cloud 5.0.2 through 5.0.5, FortiSandbox PaaS 23.4 all versions, FortiSandbox PaaS 23.3 all versions, FortiSandbox PaaS 23.1 all versions, FortiSandbox PaaS 22.2 all...
CVE-2026-43993
CVE-2026-43993 : In JunoClaw’s WAVS bridge, the function computeDataVerify fetched agent-supplied URLs without validating the URL scheme, port, or resolved IP, enabling an SSRF vulnerability. Affected version range is prior to 0.x.y-security-1 . This could allow access to cloud-metadata and inter...
CVE-2026-43993 JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1...
CVE-2026-43993 JunoClaw: SSRF in WAVS computeDataVerify allows cloud-metadata and internal-service access
JunoClaw is an agentic AI platform built on Juno Network. Prior to 0.x.y-security-1, the WAVS bridge's computeDataVerify called fetch on agent-supplied URLs without validating scheme, port, or resolved IP, resulting in an SSRF vulnerability. This vulnerability is fixed in 0.x.y-security-1...
Defending consumer web properties against modern DDoS attacks
If you own, create, or maintain online services and web portals, you’re probably aware of the dramatic upswing in DDoS attacks on your domains. AI has democratized tooling not just for us but for threat actors as well. DDoS in this era has extended from simple bandwidth saturation to sophisticate...
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...
Windows Cloud Files Mini Filter Driver Elevation of Privilege Vulnerability
Use after free in Windows Cloud Files Mini Filter Driver allows an authorized attacker to elevate privileges locally...
CVE-2026-44477 vulnerabilities
Vulnerabilities for packages: cloudnative-pg...
GHSA-423P-G724-FR39 vulnerabilities
Vulnerabilities for packages: cloudnative-pg...
Introducing Wiz Audit History: Track Every Change Across your Environment
Wiz Audit History is now GA, providing a continuous, cross-cloud timeline of changes to resource configurations and findings to accelerate incident response and simplify compliance...
CVE-2026-44477 vulnerabilities
Vulnerabilities for packages: cloudnative-pg-fips, cloudnative-pg, plugin-barman-cloud-fips, plugin-barman-cloud...
GHSA-423P-G724-FR39 vulnerabilities
Vulnerabilities for packages: cloudnative-pg-fips, cloudnative-pg, plugin-barman-cloud-fips, plugin-barman-cloud...
CVE-2026-7428
Prior to 2025-11-03, well-intended users of Terraform or REST API for Google Cloud AlloyDB for PostgreSQL could have created clusters with an insecure default password which could have been exploited by a remote attacker to gain full administrative access to the database. Exploitation required...
Malicious code in dlty (PyPI)
--- -= Per source details. Do not edit below this line.=- Source: amazon-inspector 494f5fbab24a26771e84ce06eea5303b7d1b9135b505a6d93a01c417603f1902 Importing the dlty package triggers an active data-exfiltration channel from the installer to third-party-controlled infrastructure. dlty/init.py...