Lucene search
K

7302 matches found

ATTACKERKB
ATTACKERKB
added 2026/06/01 9:14 p.m.8 views

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

6AI score0.00084EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2026/06/01 9:14 p.m.41 views

CVE-2026-0055

In createSessionInternal of PackageInstallerService.java, there is a possible to update a Device Policy Controller DPC into an invalid directory due to a path traversal error. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not...

0.00084EPSS
Exploits0References1
Vulnrichment
Vulnrichment
added 2026/06/01 6:53 p.m.14 views

CVE-2026-49134 CodexBar < 0.32.0 Privilege Escalation via CLI Installer Temp File

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS6.1AI score0.0027EPSS
Exploits0References4
EUVD
EUVD
added 2026/06/01 6:53 p.m.17 views

EUVD-2026-33750

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS6.1AI score0.0027EPSS
Exploits0References4
Cvelist
Cvelist
added 2026/06/01 6:53 p.m.33 views

CVE-2026-49134 CodexBar < 0.32.0 Privilege Escalation via CLI Installer Temp File

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS0.0027EPSS
Exploits0References4
OSV
OSV
added 2026/06/01 6:53 p.m.3 views

CVE-2026-49134 CodexBar < 0.32.0 Privilege Escalation via CLI Installer Temp File

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS6.2AI score0.0027EPSS
Exploits0References7
OSV
OSV
added 2026/06/01 2:15 p.m.11 views

GHSA-Q53Q-5R4J-5729 rattler has an entry-point path traversal in noarch:python install (arbitrary file write)

Summary EntryPoint::FromStr in rattlercondatypes performs only .trim on the command field before the linker joins it onto the install prefix and writes an executable Python script. A malicious noarch:python package can ship an info/link.json with an entry-point name containing .., /, , or an...

8.7CVSS5.9AI score0.00058EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/01 6:52 a.m.15 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.11.2

Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.11.2 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.11.2 release that simplify the process of...

7.5CVSS7.1AI score0.00615EPSS
Exploits0References2
RedHat Linux
RedHat Linux
added 2026/06/01 6:45 a.m.24 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 9 components for Multicluster Engine for Kubernetes 2.8.7

Assisted installer RHEL 9 components for the multicluster engine for Kubernetes 2.8.7 General Availability release, with updates to container images. Assisted Installer RHEL 9 integrates components for the general multicluster engine for Kubernetes 2.8.7 release that simplify the process of...

7.5CVSS6.9AI score0.00651EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2026/06/01 6:42 a.m.26 views

Important: Red Hat Security Advisory: Assisted Installer RHEL 8 components for Multicluster Engine for Kubernetes 2.8.7

Assisted installer RHEL 8 components for the multicluster engine for Kubernetes 2.8.7 General Availability release, with updates to container images. Assisted Installer RHEL 8 integrates components for the general multicluster engine for Kubernetes 2.8.7 release that simplify the process of...

7.5CVSS6.9AI score0.00651EPSS
Exploits0References3
OSV
OSV
added 2026/06/01 12:0 a.m.12 views

ASB-A-471127462

In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00079EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.21 views

PT-2026-45594

In getCallingAppLabel of CertInstaller.java, there is a possible way to hide a sensitive security dialogue due to misleading or insufficient UI. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00079EPSS
Exploits0References2
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.28 views

PT-2026-45595

In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

5.9AI score0.00067EPSS
Exploits0References2
OSV
OSV
added 2026/06/01 12:0 a.m.15 views

ASB-A-485397908

In multiple functions of PackageInstallerService.java, there is a possible way to install unverified apps due to a missing permission check. This could lead to local escalation of privilege with no additional execution privileges needed. User interaction is not needed for exploitation...

7.8CVSS5.9AI score0.00067EPSS
Exploits0References1
Positive Technologies
Positive Technologies
added 2026/06/01 12:0 a.m.27 views

PT-2026-45557

CodexBar prior to 0.32.0 contains a privilege escalation vulnerability in the CLI installer that allows local attackers to execute arbitrary commands as root by exploiting a race condition in temporary file handling. The installer creates a temporary file with mktemp, writes a privileged shell...

7.5CVSS6.1AI score0.0027EPSS
Exploits0References5
CNNVD
CNNVD
added 2026/06/01 12:0 a.m.10 views

Google Android 安全漏洞

Google Android is an open-source operating system based on Linux, developed by Google Inc. There are security vulnerabilities in Google Android, which stem from insufficient permission checks in multiple functions of PackageInstallerService.java. These vulnerabilities may lead to the installation...

7.8CVSS5.3AI score0.00067EPSS
Exploits0References1
GithubExploit
GithubExploit
added 2026/05/30 6:16 p.m.139 views

cyanide

Cyanide By @zeroxjf — an iOS...

5.8AI score
Exploits0
GithubExploit
GithubExploit
added 2026/05/30 10:3 a.m.139 views

Exploit for Improper Input Validation in Drupal

LAB 9-CVE-2018-7600 I. SYSTEM ANALYSIS Identify...

9.8CVSS7.5AI score0.99993EPSS
Exploits46
EUVD
EUVD
added 2026/05/29 12:38 a.m.14 views

EUVD-2026-33230

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have...

5.1CVSS5.8AI score0.00123EPSS
Exploits0References5
NVD
NVD
added 2026/05/29 12:16 a.m.15 views

CVE-2026-6891

Improper handling of symbolic links in the installer of My Image Garden for macOS Version 3.6.8 or earlier may allow a local attacker with login privileges to exploit a specially crafted symbolic link during installation to modify permissions of files for which they would not normally have...

5.1CVSS0.00123EPSS
Exploits0References4
Rows per page
Query Builder