Lucene search
K

609 matches found

EUVD
EUVD
added 3 days ago11 views

EUVD-2026-43239

Untrusted pointer dereference in Microsoft Edge Chromium-based allows an unauthorized attacker to elevate privileges over a network...

8.3CVSS6.1AI score0.00451EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/07/02 10:18 p.m.7 views

CVE-2026-57100

Server-side request forgery ssrf in Microsoft Entra Provisioning Service SyncFabric allows an authorized attacker to elevate privileges over a network...

9.9CVSS5.8AI score0.0063EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/18 12:0 a.m.24 views

PT-2026-50800

Name of the Vulnerable Software and Affected Versions Microsoft Dynamics 365 affected versions not specified Description Improper access control allows an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...

9.9CVSS5.9AI score0.00426EPSS
Exploits0References8
Tenable Nessus
Tenable Nessus
added 2026/06/18 12:0 a.m.9 views

Devolutions Remote Desktop Manager <= 2026.2.7 Command Injection (DEVO-2026-0018)(CVE-2026-12161)

The version of Devolutions Remote Desktop Manager installed on the remote host is 2025.2.7 or earlier. It is, therefore, affected by a command injection vulnerability: - Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticat...

8.8CVSS6.1AI score0.00295EPSS
Exploits0References2
Vulnrichment
Vulnrichment
added 2026/06/17 2:53 p.m.10 views

CVE-2026-35067

Dell PowerFlex Manager, versions prior to 5.1.0.1, contains an Improper Access Control vulnerability. A low privileged attacker with adjacent network access could potentially exploit this vulnerability, leading to Elevation of privileges and Unauthorized access...

5.7CVSS5.9AI score0.0015EPSS
Exploits0References1
EUVD
EUVD
added 2026/06/16 3:30 a.m.10 views

EUVD-2026-37023

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...

5.7AI score0.00295EPSS
Exploits0References2
NVD
NVD
added 2026/06/16 1:16 a.m.11 views

CVE-2026-12161

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...

8.8CVSS0.00295EPSS
Exploits0References1
CVE
CVE
added 2026/06/15 11:55 p.m.28 views

CVE-2026-12161

CVE-2026-12161 affects Devolutions Remote Desktop Manager 2026.2.7. The flaw is in the SSH Elevate Shell feature, where improper input validation allows an authenticated user (with permission to create/modify a shared SSH entry) to run arbitrary commands on a remote SSH host using stored elevatio...

8.8CVSS5.7AI score0.00295EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2026/06/15 11:55 p.m.32 views

CVE-2026-12161

Improper input validation in the SSH Elevate Shell feature in Devolutions Remote Desktop Manager 2026.2.7 allows an authenticated user with permission to create or modify a shared SSH entry to execute arbitrary commands on a remote SSH host using stored elevation credentials via a crafted alterna...

0.00295EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/15 12:0 a.m.17 views

PT-2026-49549

Name of the Vulnerable Software and Affected Versions Devolutions Remote Desktop Manager version 2026.2.7 Description Improper input validation in the SSH Elevate Shell feature allows an authenticated user with permissions to create or modify a shared SSH entry to execute arbitrary commands on a...

8.8CVSS5.8AI score0.00295EPSS
Exploits0References4
CVE
CVE
added 2026/06/10 12:38 p.m.27 views

CVE-2026-49498

Ghidra 11.0 before 12.1 is affected by a SQL injection in PostgresFunctionDatabase.changePassword(), which fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can craft username parameters in PasswordChange network messages to inject SQL com...

8.8CVSS5.7AI score0.00259EPSS
Exploits0References2Affected Software1
NVD
NVD
added 2026/06/09 7:17 p.m.27 views

CVE-2026-40639

Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges...

5.7CVSS0.00119EPSS
Exploits0References1
CVE
CVE
added 2026/06/09 5:5 p.m.31 views

CVE-2026-45484

This CVE involves deserialization of untrusted data in Microsoft Office SharePoint, enabling an authorized attacker to elevate privileges over a network. Affected component: SharePoint (deserialization vulnerability cited in multiple sources). Root cause: improper handling of deserialized input l...

8.8CVSS5.5AI score0.01982EPSS
Exploits0References1Affected Software1
CNNVD
CNNVD
added 2026/06/09 12:0 a.m.16 views

bookcars 访问控制错误漏洞

Bookcars is a car rental management platform developed by Akram El Assas. Version 8.3 of Bookcars contains an access control vulnerability, which stems from improper permission settings. This vulnerability could allow authenticated attackers to elevate user permissions from the user level to the...

8.1CVSS5.3AI score0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKB
added 2026/05/22 10:3 p.m.7 views

CVE-2026-47280

Improper authentication in Azure Resource Manager ARM allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.8AI score0.00494EPSS
Exploits0References2
Snyk
Snyk
added 2026/05/20 3:46 p.m.11 views

Missing Authorization

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Missing Authorization in the overwritePassword process. An attacker can gain unauthorized access to higher-privileged accounts, including full...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References5
RedhatCVE
RedhatCVE
added 2026/04/22 7:22 a.m.12 views

CVE-2026-35154

Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability. A high privileged attacker with local access could potentially...

6.7CVSS5.8AI score0.00087EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/04/07 11:1 p.m.5 views

CVE-2026-35182

Brave CMS is an open-source CMS. Prior to 2.0.6, this vulnerability is a missing authorization check found in the update role endpoint at routes/web.php. The POST route for /rights/update-role/id lacks the checkUserPermissions:assign-user-roles middleware. This allows any authenticated user to...

8.8CVSS5.9AI score0.00336EPSS
Exploits1References1
CNNVD
CNNVD
added 2026/03/24 12:0 a.m.12 views

Galaxy Software Services Vitals ESP 安全漏洞

Galaxy Software Services Vitals ESP is an office knowledge management system developed by Galaxy Software Services. There is a security vulnerability in Galaxy Software Services Vitals ESP, which stems from improper authorization. This vulnerability could allow authenticated remote attackers to...

8.8CVSS5.9AI score0.00299EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/03/11 12:0 a.m.7 views

Zoom Clients for Windows 安全漏洞

Zoom Clients for Windows is a video conferencing software developed by the American company Zoom. There is a security vulnerability in Zoom Clients for Windows, which stems from improper permission management. This vulnerability could allow authenticated users to elevate their permissions through...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References1
Rows per page
Query Builder