Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in
🔥 Daily Hot!
💪🏽 CPE Enhanced Advisories
🕶 Shadow Exploits
🕵🏼 Vulners CPE
🔐 Security news
💻 Exploit updates
📑 Blogs review
🐧 Linux vulnerabilities
🐞 Bugbounty
🤖 AI High Score
📰 CVE Feed
show all

523 matches found

Positive Technologies
Positive Technologiesadded 3 days ago8 views

PT-2026-50800

Name of the Vulnerable Software and Affected Versions Microsoft Dynamics 365 affected versions not specified Description Improper access control allows an authorized attacker to elevate privileges over a network. Recommendations At the moment, there is no information about a newer version that...

9.9CVSS5.9AI score
Exploits0References3
CVE
CVEadded 2026/06/10 12:38 p.m.17 views

CVE-2026-49498

Ghidra 11.0 before 12.1 is affected by a SQL injection in PostgresFunctionDatabase.changePassword(), which fails to escape double quotes in usernames interpolated into ALTER ROLE statements. Authenticated attackers can craft username parameters in PasswordChange network messages to inject SQL com...

8.8CVSS5.7AI score0.00259EPSS
Exploits0References2Affected Software1
NVD
NVDadded 2026/06/09 7:17 p.m.20 views

CVE-2026-40639

Dell Client Platform BIOS contains a Weak Encoding for Password vulnerability. An unauthenticated attacker with physical access could potentially exploit this vulnerability, leading to Elevation of Privileges...

5.7CVSS0.00119EPSS
Exploits0References1
CVE
CVEadded 2026/06/09 5:5 p.m.14 views

CVE-2026-45484

This CVE involves deserialization of untrusted data in Microsoft Office SharePoint, enabling an authorized attacker to elevate privileges over a network. Affected component: SharePoint (deserialization vulnerability cited in multiple sources). Root cause: improper handling of deserialized input l...

8.8CVSS5.5AI score0.01489EPSS
Exploits0References1Affected Software1
CNNVD
CNNVDadded 2026/06/09 12:0 a.m.7 views

bookcars 访问控制错误漏洞

Bookcars is a car rental management platform developed by Akram El Assas. Version 8.3 of Bookcars contains an access control vulnerability, which stems from improper permission settings. This vulnerability could allow authenticated attackers to elevate user permissions from the user level to the...

8.1CVSS5.3AI score0.00248EPSS
Exploits0References1
ATTACKERKB
ATTACKERKBadded 2026/05/22 10:3 p.m.4 views

CVE-2026-47280

Improper authentication in Azure Resource Manager ARM allows an unauthorized attacker to elevate privileges over a network...

10CVSS5.8AI score0.00667EPSS
Exploits0References2
Snyk
Snykadded 2026/05/20 3:46 p.m.6 views

Missing Authorization

Overview phpmyfaq/phpmyfaq is a FAQ system for PHP and MySQL, PostgreSQL and other databases Affected versions of this package are vulnerable to Missing Authorization in the overwritePassword process. An attacker can gain unauthorized access to higher-privileged accounts, including full...

8.8CVSS5.8AI score0.00303EPSS
Exploits0References5
RedhatCVE
RedhatCVEadded 2026/04/22 7:22 a.m.4 views

CVE-2026-35154

Dell PowerProtect Data Domain appliances, versions 7.7.1.0 through 8.7.0.0, LTS2025 release versions 8.3.1.0 through 8.3.1.20, LTS2024 release versions 7.13.1.0 through 7.13.1.60 contain an improper privilege management vulnerability. A high privileged attacker with local access could potentially...

6.7CVSS5.8AI score0.00087EPSS
Exploits0References1
CNNVD
CNNVDadded 2026/03/24 12:0 a.m.6 views

Galaxy Software Services Vitals ESP 安全漏洞

Galaxy Software Services Vitals ESP is an office knowledge management system developed by Galaxy Software Services. There is a security vulnerability in Galaxy Software Services Vitals ESP, which stems from improper authorization. This vulnerability could allow authenticated remote attackers to...

8.8CVSS5.9AI score0.00299EPSS
Exploits0References2
CNNVD
CNNVDadded 2026/03/11 12:0 a.m.4 views

Zoom Clients for Windows 安全漏洞

Zoom Clients for Windows is a video conferencing software developed by the American company Zoom. There is a security vulnerability in Zoom Clients for Windows, which stems from improper permission management. This vulnerability could allow authenticated users to elevate their permissions through...

7.8CVSS5.8AI score0.00112EPSS
Exploits0References1
OSV
OSVadded 2026/03/10 6:18 p.m.4 views

CVE-2026-21262

Improper access control in SQL Server allows an authorized attacker to elevate privileges over a network...

8.8CVSS5.8AI score0.02044EPSS
Exploits0References1
Positive Technologies
Positive Technologiesadded 2026/01/13 12:0 a.m.3 views

PT-2026-2695

Name of the Vulnerable Software and Affected Versions Windows SMB Server affected versions not specified Description A race condition exists in Windows SMB Server due to concurrent execution using a shared resource with improper synchronization. This allows an authorized attacker to potentially...

7.5CVSS5.4AI score0.00731EPSS
Exploits0References7
Positive Technologies
Positive Technologiesadded 2025/12/24 12:0 a.m.6 views

PT-2026-21793

Name of the Vulnerable Software and Affected Versions Dell Wyse Management Suite versions prior to 5.5 Description Dell Wyse Management Suite versions prior to 5.5 contain a Missing Authorization issue. A low privileged attacker with remote access could potentially exploit this, leading to...

9CVSS5.3AI score0.00396EPSS
Exploits0References14
Positive Technologies
Positive Technologiesadded 2025/12/09 12:0 a.m.4 views

PT-2025-50189

Name of the Vulnerable Software and Affected Versions Windows Shell affected versions not specified Description A flaw exists in Windows Shell that could allow a local attacker to gain elevated privileges. The issue is a use-after-free condition. Recommendations At the moment, there is no...

7.3CVSS6.3AI score0.00513EPSS
Exploits0References5
CVE
CVEadded 2025/11/12 7:35 a.m.15 views

CVE-2025-12870

The CVE-2025-12870 entry concerns the a+HRD product from aEnrich. The vulnerability is described as an Authentication Abuse issue whereby unauthenticated remote attackers can craft packets to obtain administrator access tokens and then operate with elevated privileges on the system. The reported ...

9.8CVSS6.7AI score0.00564EPSS
Exploits0References3Affected Software1
Positive Technologies
Positive Technologiesadded 2025/10/14 12:0 a.m.3 views

PT-2025-41997

Name of the Vulnerable Software and Affected Versions Microsoft Graphics Component affected versions not specified Description A use after free issue exists in the Microsoft Graphics Component. This flaw could allow an authorized attacker to elevate privileges over a network. Recommendations At t...

9.9CVSS9.4AI score0.00983EPSS
Exploits0References9
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2018-1251

Malware in sbrugna...

7.2CVSS6.9AI score0.00436EPSS
Exploits0References4
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2019-10491

Malware in sbrugna...

8.8CVSS8.8AI score0.01593EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.1 views

EUVD-2020-24871

Malware in sbrugna...

7.8CVSS7.6AI score0.00283EPSS
Exploits0References2
EUVD
EUVDadded 2025/10/07 12:30 a.m.3 views

EUVD-2021-21369

Malware in sbrugna...

7.8CVSS7.6AI score0.00273EPSS
Exploits0References2
Rows per page
Query Builder