2117 matches found
CData Sync < 23.4.8843 - Path Traversal
A path traversal vulnerability exists in the Java version of CData Sync CData - Sync' - r...
CVE-2026-48001
Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction...
CVE-2026-48001 Adobe Commerce | Information Exposure (CWE-200)
Adobe Commerce is affected by an Information Exposure vulnerability that could lead to a limited disclosure of sensitive information. Exploit depends on conditions beyond the attacker's control. Exploitation of this issue does not require user interaction...
CVE-2026-50371 Windows LUA File Virtualization Filter Driver Elevation of Privilege Vulnerability
...
CVE-2026-50371
CVE-2026-50371 affects Windows LUAFV (Windows LUAFV driver). The issue is a race condition due to concurrent access to a shared resource without proper synchronization, enabling an authorized local attacker to elevate privileges. Microsoft has released updates addressing this family of vulnerabil...
CVE-2026-61505
Vulnerability summary: Rejetto HFS versions 3.0.0–3.2.0 are affected by a path traversal via the lang parameter, allowing a remote, unauthenticated attacker to read certain JSON files outside shared folders. The impact is constrained to files matching a narrow naming/format pattern, with no indic...
CVE-2026-57850
RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...
CVE-2026-57850 RustDesk before 1.4.9 Missing Session Scope Enforcement Allows Out-of-Scope Control Message Injection
RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...
EUVD-2026-43008
RustDesk before 1.4.9 does not enforce a session's authorized connection scope on the server side, so a peer granted a limited session type FileTransfer, PortForward, ViewCamera, or Terminal can send control messages and login options reserved for a full Remote session. An authenticated remote pe...
CVE-2026-33390
An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...
EUVD-2026-42536
An Incorrect Privilege Assignment vulnerability was discovered in the synchronization functionality due to Arc sensors receiving CLI permissions. An authenticated user with limited privileges can push administrative CLI commands through the sync, altering the device configuration, and/or affectin...
CVE-2026-26053
An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...
CVE-2026-26053
An Incorrect Privilege Assignment CWE-266 vulnerability in the Command Centre Server allows an authenticated operator with limited privileges to perform some operations that they would not normally be authorized to perform. Version of Command Centre affected: 9.50 prior to vEL9.50.1587MR1, 9.40...
CVE-2026-40141
A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...
CVE-2026-40141 High-Severity Vulnerability In Web Application Component of BeyondTrust Remote Support and Privileged Remote Access
A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...
CVE-2026-40141
A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...
CVE-2026-40141
CVE-2026-40141 affects the web application component of BeyondTrust Remote Support and Privileged Remote Access. The issue stems from insufficient validation of user-supplied input, which could allow an authenticated attacker with limited privileges to access resources or data beyond their author...
PT-2026-55953
A high-severity vulnerability exists in a web application component of BeyondTrust Remote Support and Privileged Remote Access related to the processing of certain input parameters. Insufficient validation of user-supplied input may allow an authenticated attacker with limited privileges to acces...
EUVD-2026-32710
Keycloak has privilege escalation via improper scope mapping enforcement...
CVE-2026-54263 Wagtail: Reflected XSS in dynamic image URL generator view
Wagtail is an open source content management system built on Django. In versions prior to 7.0.8, 7.3.3 and 7.4.2, reflected cross-site scripting XSS vulnerability exists on the dynamic image URL generator view within the Wagtail admin interface. A user with a limited-permission editor account for...