Lucene search
K

2504 matches found

NVD
NVD
added 6 days ago9 views

CVE-2026-47830

Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\servicewrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full...

8.8CVSS0.001EPSS
Exploits0References1
EUVD
EUVD
added 6 days ago7 views

EUVD-2026-42516

Incorrect Permission Assignment in BOSH.Utils.psm1 in BOSH-Ecosystem bosh-windows-stemcell-builder allows low-privilege authenticated users to overwrite C:\bosh\servicewrapper.exe or C:\bosh\bosh-agent.exe and gain NT AUTHORITY\SYSTEM on the next service restart or reboot. This can lead to full...

8.8CVSS7.2AI score0.001EPSS
Exploits0References1
EUVD
EUVD
added 2026/07/07 9:26 a.m.7 views

EUVD-2026-42032

The encryption algorithm used to protect the configuration of user accounts, stored in the built-in user directory of PcVue projects, all versions prior to 17.0.0, is not strong enough for the level of protection required. A local attacker could alter the existing configuration and ultimately gai...

8.4CVSS5.9AI score0.0005EPSS
Exploits0References1
OSV
OSV
added 2026/07/02 2:13 p.m.8 views

PYSEC-2026-764 High severity vulnerability that affects Plone and Zope2

Unspecified vulnerability in 1 Zope 2.12.x before 2.12.19 and 2.13.x before 2.13.8, as used in Plone 4.x and other products, and 2 PloneHotfix20110720 for Plone 3.x allows attackers to gain privileges via unspecified vectors, related to a "highly serious vulnerability." NOTE: this vulnerability...

7.5CVSS6AI score0.02014EPSS
Exploits0References17
ATTACKERKB
ATTACKERKB
added 2026/06/22 9:30 a.m.10 views

CVE-2026-12581

EasyFlow .NET developed by Digiwin has a Session Fixation vulnerability. If unauthenticated remote attackers replace a specific session ID for a user, they can gain the user's privilege once the user logs in...

7.7CVSS5.9AI score0.00299EPSS
Exploits0References3
Snyk
Snyk
added 2026/06/12 7:32 p.m.6 views

Missing Authorization

Overview typo3/cms-form is a Form Library, Plugin and Editor Affected versions of this package are vulnerable to Missing Authorization via the DataHandler. An attacker can execute unauthorized database queries and gain elevated privileges by directly manipulating form definition records, bypassin...

8.7CVSS5.5AI score0.00244EPSS
Exploits0References3
CVE
CVE
added 2026/06/11 1:52 p.m.42 views

CVE-2026-10847

CVE-2026-10847 is a local privilege escalation affecting Check Point Identity Agent Full for Windows OS. An authenticated local user may gain SYSTEM privileges by exploiting improper handling of executable resolution during log collection. The documented impact is elevated privileges on the affec...

7.8CVSS6AI score0.00124EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/11 2:59 a.m.13 views

CVE-2025-58468

A cross-site request forgery CSRF vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: Notification Center 1.10.0.3291...

5.1CVSS5.4AI score0.00184EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/10 1:38 a.m.10 views

CVE-2025-58468 Notification Center

A cross-site request forgery CSRF vulnerability has been reported to affect Notification Center. The remote attackers can then exploit the vulnerability to gain privileges or hijack user identities. We have already fixed the vulnerability in the following version: Notification Center 1.10.0.3291...

5.1CVSS5.4AI score0.00184EPSS
Exploits0References1
Microsoft CVE
Microsoft CVE
added 2026/06/09 2:0 p.m.27 views

Microsoft Office Click-To-Run Elevation of Privilege Vulnerability

Use after free in Microsoft Office Click-To-Run allows an authorized attacker to elevate privileges locally...

7CVSS5.4AI score0.00234EPSS
Exploits0
Cvelist
Cvelist
added 2026/06/09 12:11 p.m.35 views

CVE-2026-46319 net/sched: act_ct: Only release RCU read lock after ct_ft

In the Linux kernel, the following vulnerability has been resolved: net/sched: actct: Only release RCU read lock after ctft When looking up a flow table in actct in tcfctflowtableget, rhashtablelookupfast internally opens and closes an RCU read critical section before returning ctft. The...

7.8CVSS0.00125EPSS
Exploits0References8
EUVD
EUVD
added 2026/06/09 6:20 a.m.11 views

EUVD-2026-35354

An authorization bypass through user-controlled key vulnerability has been reported to affect QuMagie. The remote attackers can then exploit the vulnerability to gain unintended privileges. We have already fixed the vulnerability in the following version: QuMagie 2.9.1 and later...

8.7CVSS5.5AI score0.0046EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 12:9 a.m.10 views

CVE-2026-36175

An issue in the U-Boot component of GNCC GP5 v7.1.76 allows physically-proximate attackers to bypass authentication and gain root access via interrupting the boot sequence and injecting a crafted string into the kernel boot arguments...

6.8CVSS5.8AI score0.00191EPSS
Exploits0References1
Debian CVE
Debian CVE
added 2026/06/04 11:6 p.m.11 views

CVE-2026-11295

Inappropriate implementation in WebView in Google Chrome on Android prior to 149.0.7827.53 allowed a remote attacker to perform privilege escalation via a crafted HTML page. Chromium security severity: Low...

8.8CVSS5.5AI score0.00206EPSS
Exploits0
The Hacker News
The Hacker News
added 2026/06/04 12:22 p.m.18 views

China-Linked TA4922 Expands Phishing Attacks to U.K., Germany, Italy, and South Africa

A new China-linked cybercrime group known as TA4922 has expanded its targeting focus to target European organizations in the U.K., Germany, Italy, and South Africa. These efforts have been complemented by a "rapid operational tempo" and a continually evolving malware arsenal comprising known...

5.9AI score
Exploits0
SUSE CVE
SUSE CVE
added 2026/05/29 1:14 a.m.12 views

SUSE CVE-2026-46239

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in sctrl Three control cases AUTOGAIN, EXPOSUREAUTO, ANALOGUEGAIN directly return without calling pmruntimeput, causing runtime PM reference count leaks. Change these cases from...

5.5CVSS5.8AI score0.00105EPSS
Exploits0References3
NVD
NVD
added 2026/05/28 10:16 a.m.17 views

CVE-2026-46239

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in sctrl Three control cases AUTOGAIN, EXPOSUREAUTO, ANALOGUEGAIN directly return without calling pmruntimeput, causing runtime PM reference count leaks. Change these cases from...

5.5CVSS0.00105EPSS
Exploits0References2
OSV
OSV
added 2026/05/28 10:16 a.m.8 views

UBUNTU-CVE-2026-46239

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in sctrl Three control cases AUTOGAIN, EXPOSUREAUTO, ANALOGUEGAIN directly return without calling pmruntimeput, causing runtime PM reference count leaks. Change these cases from...

5.5CVSS5.7AI score0.00105EPSS
Exploits0References5
Cvelist
Cvelist
added 2026/05/28 9:41 a.m.33 views

CVE-2026-46239 media: i2c: ov5647: Fix runtime PM refcount leak in s_ctrl

In the Linux kernel, the following vulnerability has been resolved: media: i2c: ov5647: Fix runtime PM refcount leak in sctrl Three control cases AUTOGAIN, EXPOSUREAUTO, ANALOGUEGAIN directly return without calling pmruntimeput, causing runtime PM reference count leaks. Change these cases from...

0.00105EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/05/26 9:32 p.m.13 views

CVE-2025-43306

A logic issue was addressed with improved checks. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. A malicious app may be able to gain root privileges...

7.8CVSS5.8AI score0.00135EPSS
Exploits0References4
Rows per page
Query Builder