218196 matches found
CVE-2026-49161
Improper access control in Microsoft PC Manager allows an authorized attacker to bypass a security feature locally...
CVE-2026-47643
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...
CVE-2026-47292
Inclusion of functionality from untrusted control sphere in Visual Studio Code allows an unauthorized attacker to elevate privileges locally...
CVE-2026-45649
Improper access control in Office for Android allows an unauthorized attacker to perform spoofing locally...
CVE-2026-42829
Improper access control in Windows Administrator Protection allows an authorized attacker to bypass a security feature locally...
CVE-2026-41092
Improper access control in Microsoft Kinect allows an authorized attacker to elevate privileges locally...
CVE-2026-38615
DedeCMS V5.7.118 is vulnerable to Command Execution in filemanagecontrol.php...
EUVD-2026-35579
External control of file name or path in Azure Stack Edge allows an unauthorized attacker to execute code over a network...
CVE-2026-42829
CVE-2026-42829 describes an improper access control in Windows Administrator Protection that allows an authorized attacker with LOCAL access and LOW privileges to bypass a security feature with NO user interaction. The impact is HIGH on confidentiality, integrity, and availability, per CVSS 3.1. ...
CVE-2026-49161
Technical details (affected product, component, root cause, impact, fixes) are not publicly available in the provided documents. Monitor for updates.
CVE-2026-41092
CVE-2026-41092 describes an improper access control in Microsoft Kinect that enables a locally authenticated attacker to elevate privileges. The CVSS 3.1 vector is AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H with a base score of 7.8 (HIGH). Affected component: Kinect functionality; root cause is insuffic...
CVE-2026-47292
CVE-2026-47292 concerns a vulnerability in the Visual Studio Code MSSQL Extension where inclusion of functionality from an untrusted control sphere allows an attacker to escalate privileges locally. The connected documents confirm the affected product (Visual Studio Code MSSQL Extension) and the ...
CVE-2026-45649
CVE-2026-45649 : Improper access control in Office for Android allows an unauthorized attacker to perform local spoofing. This is a local attack with user interaction required; impact on confidentiality and integrity is high, availability not affected. Connected documents confirm an Office for An...
CVE-2026-49938
A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via...
CVE-2026-0418 Certain NETGEAR devices allow administrators to tamper with system
Insufficient configuration management in the listed devices allows authenticated administrators connected to the local network to tamper with the system...
CVE-2026-9211
Technical details (affected products, root cause, versions, and precise impact) are not publicly available in the provided documents. Monitor for updates.
CVE-2026-9211 Certain NETGEAR routers allow unauthenticated users to gain control of the router
An unauthenticated user on the local network can gain control of the router and make unauthorized changes to its operation...
CVE-2026-46656
Bludit is a content management system. Versions prior to 3.22.0 have a Broken Access Control flaw where active sessions remain valid even after the corresponding user account has been physically deleted from the database. This "Ghost Session" allows revoked users to maintain full unauthorized...
CVE-2026-49186
The local MQTT broker does not enforce topic-level Access Control Lists ACLs. This allows any client to subscribe using wildcard characters or + to enumerate hidden network devices or publish rogue control commands...
CVE-2026-49938
A improper access control vulnerability in Fortinet FortiPortal 7.4.0 through 7.4.7, FortiPortal 7.2.0 through 7.2.8, FortiPortal 7.0 all versions may allow attacker to improper access control via...