47 matches found
CVE-2026-0775
npm cli Incorrect Permission Assignment Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of npm cli. An attacker must first obtain the ability to execute low-privileged code on the target system in order to exploi...
CVE-2026-0776 Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability
Discord Client Uncontrolled Search Path Element Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Discord Client. An attacker must first obtain the ability to execute low-privileged code on the target system in...
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Microsoft
CVE-2026-20805-PoC The PoC of information disclosure in Micros...
CVE-2009-4150
dasauto in IBM DB2 8 before FP18, 9.1 before FP8, 9.5 before FP4, and 9.7 before FP1 permits execution by unprivileged user accounts, which has unspecified impact and local attack vectors...
CVE-2025-64343
conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...
CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation
conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...
CVE-2025-64343
CVE-2025-64343 affects the conda Constructor tool. In versions 3.12.2 and earlier, the installation directory inherits permissions from its parent, and outside restricted directories those permissions can permit write access by authenticated users. Any logged-in user could modify during installat...
EUVD-2025-38241
conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...
CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation
conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...
CVE-2025-64343 (conda) Constructor: Excessive permissions during and after installation
conda Constructor is a tool that enables users to create installers for conda package collections. In versions 3.12.2 and below, the installation directory inherits permissions from its parent directory. Outside of restricted directories, the permissions are very permissive and often allow write...
EUVD-2019-1935
Malware in sbrugna...
EUVD-2009-3506
Malware in sbrugna...
EUVD-2004-1181
Malware in sbrugna...
EUVD-2008-1676
Malware in sbrugna...
EUVD-2023-31852
Malicious code in bioql PyPI...
EUVD-2022-46145
Malicious code in bioql PyPI...
CVE-2025-50892
The CVE-2025-50892 entry concerns EaseUS Todo Backup 1.2.0.1, where the eudskacs.sys driver (version 20250328) fails to properly validate privileges for I/O requests (IRP_MJ_READ/IRP_MJ_WRITE) sent to its device object. This creates a local, low-privileged attacker capability to perform arbitrary...
CVE-2025-6516 HDF5 H5Fint.c H5F_addr_decode_len heap-based overflow
A vulnerability has been found in HDF5 up to 1.14.6 and classified as critical. This vulnerability affects the function H5Faddrdecodelen of the file /hdf5/src/H5Fint.c. The manipulation leads to heap-based buffer overflow. An attack has to be approached locally. The exploit has been disclosed to...
CVE-2023-28140
An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library DLL via a local attack vector instead of the DLL that the application was expecting, when processes are running with...
CVE-2023-28140
An Executable Hijacking condition exists in the Qualys Cloud Agent for Windows platform in versions before 4.5.3.1. Attackers may load a malicious copy of a Dependency Link Library DLL via a local attack vector instead of the DLL that the application was expecting, when processes are running with...