Lucene search
K

1239305 matches found

EUVD
EUVD
added 2 hours ago5 views

EUVD-2026-44587

Allocation of Resources Without Limits and Throttling and Sensitive Information in Resource Not Removed Before Reuse in the ASUS System Control Interface driver and ASUS Business Manager allow a local administrator to disclose sensitive information via crafted IOCTL requests, which, in severe...

8.2CVSS6AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago3 views

EUVD-2026-44585

Permissive Cross-domain Security Policy with Untrusted Domains in ASUS GameSDK allows a remote user to obtain a local user’s NTLM hash by convincing the user to visit a crafted web page that sends a request containing a UNC path to the application’s local service endpoint. This can result in...

7.2CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-44584

Improper Neutralization of Special Elements used in an SQL Command "SQL Injection" in the web management interface of certain ASUS router models allows a remote authenticated user to disclose confidential information via a crafted request that bypasses existing input validation Refer to the ' ...

5.9CVSS6.1AI score
Exploits0References2
EUVD
EUVD
added 2 hours ago4 views

EUVD-2026-44577

An information disclosure vulnerability was identified in TP-Link Kasa EC70 v4 and EC71 v4 in the local discovery mechanism, which exposes sensitive geolocation information without requiring authentication. This issue allows an attacker on the same local network to retrieve geolocation-related da...

5.3CVSS6.1AI score
Exploits0References6
CVE
CVE
added 3 hours ago6 views

CVE-2026-13585

The CVE-2026-13585 affects the ASUS System Control Interface (SCI) driver and ASUS Business Manager. The root cause is Allocation of Resources Without Limits and Throttling, leading to potential exposure of sensitive information via crafted IOCTL requests. A local administrator can leverage this ...

8.2CVSS6AI score
Exploits0References1
CVE
CVE
added 3 hours ago4 views

CVE-2026-8919

CVE-2026-8919 affects ASUS GameSDK. A permissive cross-domain policy with untrusted domains could let a remote user induce a local UNC request to the application’s local service endpoint, exposing a local NTLM hash and enabling information disclosure, data tampering, or service disruption. The is...

7.2CVSS6.1AI score
Exploits0References1
CVE
CVE
added 3 hours ago3 views

CVE-2026-11851

CVE-2026-11851 is an SQL Injection vulnerability in the web management interface of certain ASUS router models. The root cause is improper neutralization of special elements in SQL commands. It can be exploited by a remote authenticated attacker with high privileges, without user interaction, to ...

5.9CVSS6.1AI score
Exploits0References1
EUVD
EUVD
added 5 hours ago4 views

EUVD-2026-44528

CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...

7.5CVSS6.1AI score
Exploits0References2
BDU FSTEC
BDU FSTEC
added 5 hours ago17 views

The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.

The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...

7.7CVSS5.7AI score
Exploits0Affected Software1
NVD
NVD
added yesterday4 views

CVE-2026-48295

CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...

7.5CVSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added yesterday2 views

CVE-2026-48295

CAI Content Credentials is affected by an Insufficiently Protected Credentials vulnerability that could result in disclosure of sensitive information. An attacker could leverage this vulnerability to gain unauthorized read access. Exploitation of this issue does not require user interaction...

7.5CVSS6.1AI score
Exploits0References2
CVE
CVE
added yesterday9 views

CVE-2026-48295

Technical details about CVE-2026-48295 are not publicly available in the provided documents. Monitor for updates from official sources; the available information notes insufficiently protected credentials and potential unauthorized read access without user interaction.

7.5CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-47979

Media Encoder is affected by an out-of-bounds read vulnerability (CWE-125) that could disclose sensitive memory. Exploitation requires user interaction: the victim must open a malicious file. CVSSv3.1 base score is 5.5 (Medium) with LOCAL attack vector, low complexity, no privileges required, and...

5.5CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday35 views

CVE-2026-45071

CVE-2026-45071 affects the Symfony PHP framework (dom-crawler component). Before patches, Crawler::addXmlContent() set DOMDocument::$validateOnParse = true prior to loadXML(), re-enabling external entity resolution and allowing attacker-controlled XML to resolve file:// URIs (local file disclosur...

8.7CVSS6.1AI score0.00052EPSS
Exploits0References6
NVD
NVD
added yesterday2 views

CVE-2026-4017

Buffer Overflow in the entry handler of the TraceEvent system call could allow an attacker with local access to cause information disclosure, data tampering or a crash of the QNX Neutrino kernel...

7.4CVSS
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-47969

Audition (Adobe Audition) is affected by an out-of-bounds read vulnerability (CVE-2026-47969) that could disclose sensitive memory. The issue targets a component/area handling data reads and is triggered by the user opening a specially crafted file, with exploitability described as Local access a...

5.5CVSS6AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-4018

CVE-2026-4018 describes a TOCTOU race condition in specific trace commands of the TraceEvent() system call in the QNX Neutrino kernel, affecting versions of the QNX Software Development Platform and QNX OS for Safety. The vulnerability could allow a local attacker with PROCMGR_AID_TRACE privilege...

6.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday9 views

CVE-2026-4017

The CVE-2026-4017 entry concerns a buffer overflow in the TraceEvent() system call entry handler for the QNX Neutrino kernel (affecting QNX Software Development Platform and QNX OS for Safety). The underlying issue, a buffer overflow in the entry handler, could enable a local attacker to cause in...

7.4CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday5 views

CVE-2026-58529

Out-of-bounds read in Active Directory Federation Services AD FS allows an authorized attacker to disclose information over a network...

7.1CVSS6.1AI score
Exploits0References1
CVE
CVE
added yesterday4 views

CVE-2026-55121

Out-of-bounds read in Microsoft Office allows an unauthorized attacker to disclose information locally...

5.5CVSS6AI score
Exploits0References1
Rows per page
Query Builder