Lucene search
+L

257 matches found

NVD
NVD
added yesterday8 views

CVE-2026-6423

A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel...

8.5CVSS0.00116EPSS
Exploits0References1
Cvelist
Cvelist
added yesterday18 views

CVE-2026-6423 Local privilege escalation via unauthenticated ALPC in ESET Inspect Connector

A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel...

8.5CVSS0.00116EPSS
Exploits0References1
EUVD
EUVD
added yesterday6 views

EUVD-2026-44895

A local privilege escalation vulnerability in ESET Inspect Connector. The vulnerability was caused by improper authentication in an IPC channel...

8.5CVSS6.1AI score0.00116EPSS
Exploits0References1
CVE
CVE
added yesterday13 views

CVE-2026-6423

CVE-2026-6423 concerns a local privilege escalation in the ESET Inspect Connector caused by improper authentication on an ALPC IPC channel. The CVSS 4.0 vector (AV:L/AC:L/PR:L/UI:N/ATT:N/VC:H/VI:H/SA:N/SI:N/VA:H) yields a base score of 8.5 (HIGH). Reported impact indicates elevated confidentialit...

8.5CVSS6.1AI score0.00116EPSS
Exploits0References1
NVD
NVD
added 2026/06/29 8:17 p.m.8 views

CVE-2026-13763

Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This iss...

9.8CVSS0.00473EPSS
Exploits0References2
ATTACKERKB
ATTACKERKB
added 2026/06/29 8:3 p.m.7 views

CVE-2026-13763

Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer with AWS WAF enabled might allow remote actors to bypass AWS WAF managed rule body inspection via crafted HTTP/2 requests that fragment the request body across frames so that only a partial body is inspected. This iss...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References3
CVE
CVE
added 2026/06/29 8:3 p.m.26 views

CVE-2026-13763

This CVE affects AWS Application Load Balancer (ALB) with AWS WAF enabled, where inconsistent interpretation of HTTP/2 requests can allow bypass of WAF body inspection when the request body is fragmented across frames, leading to partial inspection. Affected component: HTTP/2 ALB target groups; r...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References2Affected Software1
Positive Technologies
Positive Technologies
added 2026/06/29 12:0 a.m.18 views

PT-2026-53692

Name of the Vulnerable Software and Affected Versions AWS Application Load Balancer affected versions not specified Description Inconsistent interpretation of HTTP/2 requests in AWS Application Load Balancer when AWS WAF is enabled may allow remote actors to bypass managed rule body inspection. B...

9.8CVSS5.8AI score0.00473EPSS
Exploits0References10
NVD
NVD
added 2026/06/09 7:17 p.m.10 views

CVE-2026-10045

Shenzhen Kangda Xin Intelligent Network Technology Company's router, model DR300, version 2.1.2.121, contains hardcoded login credentials and has telnet enabled by default on WAN and LAN interfaces. These vulnerabilities allow attackers to read and write to memory, modify firmware stored in flash...

9.8CVSS0.00209EPSS
Exploits0References1
Cvelist
Cvelist
added 2026/06/07 12:8 p.m.53 views

CVE-2026-49494 Xcitium Client Security / Comodo Internet Security Remote Denial of Service

Xcitium Client Security XCS before 13.8.2.10019 and Comodo Internet Security CIS through 12.3.4.8162 fix expected by 2026 Q3 contain an integer underflow vulnerability in the firewall driver Inspect.sys that allows remote unauthenticated attackers to crash the system by sending a crafted IPv6...

8.7CVSS0.00542EPSS
Exploits0References4
Vulnrichment
Vulnrichment
added 2026/06/07 12:8 p.m.14 views

CVE-2026-49494 Xcitium Client Security / Comodo Internet Security Remote Denial of Service

Xcitium Client Security XCS before 13.8.2.10019 and Comodo Internet Security CIS through 12.3.4.8162 fix expected by 2026 Q3 contain an integer underflow vulnerability in the firewall driver Inspect.sys that allows remote unauthenticated attackers to crash the system by sending a crafted IPv6...

8.7CVSS6.2AI score0.00542EPSS
Exploits0References4
RedhatCVE
RedhatCVE
added 2026/06/05 7:14 p.m.12 views

CVE-2026-40090

Zarf is an Airgap Native Packager Manager for Kubernetes. Versions 0.23.0 through 0.74.1 contain an arbitrary file write vulnerability in the zarf package inspect sbom and zarf package inspect documentation subcommands. These subcommands output file paths are constructed by joining a...

7.1CVSS5.5AI score0.0032EPSS
Exploits0References1
Snyk
Snyk
added 2026/05/29 5:16 p.m.6 views

Incorrect Authorization

Overview Affected versions of this package are vulnerable to Incorrect Authorization via host resolution in the CLI authentication layer. An attacker can obtain authentication tokens intended for GitHub or GitHub Enterprise by causing authenticated requests to be sent to external hosts, as the ho...

9.1CVSS5.4AI score0.00289EPSS
Exploits0References2
GithubExploit
GithubExploit
added 2026/05/28 4:45 p.m.88 views

Exploit for Deserialization of Untrusted Data in Facebook React

HTB: Reactor !Difficultyhttps://img.shields.io/badge/Diffi...

10CVSS7.9AI score0.99562EPSS
Exploits376
Snyk
Snyk
added 2026/05/27 11:20 p.m.17 views

Command Injection

Overview Affected versions of this package are vulnerable to Command Injection via the check field in metadata files due to unsafe execution using /bin/bash -c. An attacker can craft malicious metadata that executes arbitrary shell commands on the victim’s system when common uniget operations suc...

8.6CVSS6AI score0.00715EPSS
Exploits0References2
EUVD
EUVD
added 2026/05/27 9:5 p.m.12 views

EUVD-2026-32670

uniget is a universal installer and updater for container tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without...

7.8CVSS6.4AI score0.00715EPSS
Exploits0References1
OSV
OSV
added 2026/05/27 9:5 p.m.4 views

CVE-2026-45152 uniget: Command Injection in tool.Check Leading to Arbitrary Code Execution

uniget is a universal installer and updater for container tools. Prior to 0.27.1, a command injection vulnerability exists in uniget due to unsafe execution of the check field from metadata files using /bin/bash -c. Because the check field is loaded directly from untrusted JSON metadata without...

7.8CVSS6.6AI score0.00715EPSS
Exploits0References3
Vulnrichment
Vulnrichment
added 2026/05/13 5:17 p.m.14 views

CVE-2026-43997 vm2: Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain Symbolnodejs.util.inspect.custom. This vulnerability...

10CVSS6AI score0.00976EPSS
Exploits1References1
Cvelist
Cvelist
added 2026/05/13 5:17 p.m.55 views

CVE-2026-43997 vm2: Sandbox Escape

vm2 is an open source vm/sandbox for Node.js. Prior to 3.11.0, it is possible to obtain the host Object. There are various ways to use the host Object, to escape the sandbox, one example would be using HostObject.getOwnPropertySymbols to obtain Symbolnodejs.util.inspect.custom. This vulnerability...

10CVSS0.00976EPSS
Exploits1References1
OSV
OSV
added 2026/05/07 3:54 a.m.8 views

GHSA-QCP4-V2JJ-FJX8 vm2 has a Sandbox Escape Vulnerability

Summary It is possible to reach BaseHandler.getPrototypeOf, which can be used to get arbitrary prototypes Details https://github.com/patriksimek/vm2/blob/408fc855f1cc1bbc2985b029465ee0e732ada433/lib/bridge.jsL655-L658 BaseHandler can be reached via util.inspect same as...

10CVSS6.1AI score0.00815EPSS
Exploits1References5
Rows per page
Query Builder