Lucene search
K

804 matches found

EUVD
EUVD
added 2026/05/11 3:31 a.m.8 views

EUVD-2026-29017

A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. T...

5.9CVSS5.9AI score0.00154EPSS
Exploits0References6
NVD
NVD
added 2026/05/11 2:16 a.m.16 views

CVE-2026-8261

A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. T...

5.9CVSS0.00154EPSS
Exploits0References5
Vulnrichment
Vulnrichment
added 2026/05/11 1:30 a.m.6 views

CVE-2026-8261 Squirrel sqobject.cpp Load heap-based overflow

A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. T...

5.9CVSS6.3AI score0.00154EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2026/05/11 1:30 a.m.7 views

CVE-2026-8261

A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. T...

5.9CVSS6.3AI score0.00154EPSS
Exploits0References5
CVE
CVE
added 2026/05/11 1:30 a.m.19 views

CVE-2026-8261

The CVE-2026-8261 entry concerns Squirrel up to version 3.2. The vulnerability resides in SQFunctionProto::Load within squirrel/sqobject.cpp, causing a heap-based buffer overflow. Attack is restricted to local execution. Public disclosure of the exploit is noted, and the project was informed via ...

5.9CVSS6.3AI score0.00154EPSS
Exploits0References5
Debian CVE
Debian CVE
added 2026/05/11 1:30 a.m.10 views

CVE-2026-8261

A vulnerability was determined in Squirrel up to 3.2. This affects the function SQFunctionProto::Load of the file squirrel/sqobject.cpp. This manipulation causes heap-based buffer overflow. The attack is restricted to local execution. The exploit has been publicly disclosed and may be utilized. T...

5.9CVSS6.3AI score0.00154EPSS
Exploits0
NVD
NVD
added 2026/05/07 7:16 p.m.41 views

CVE-2026-8084

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit...

5.5CVSS0.00264EPSS
Exploits1References9
AlpineLinux
AlpineLinux
added 2026/05/07 6:30 p.m.9 views

CVE-2026-8084

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit...

5.5CVSS5.3AI score0.00264EPSS
Exploits1References9
OSV
OSV
added 2026/05/07 6:30 p.m.5 views

CVE-2026-8084 OSGeo gdal HDF-EOS Grid File SWapi.c memmove out-of-bounds

A vulnerability was determined in OSGeo gdal up to 3.13.0dev-4. This vulnerability affects the function memmove of the file frmts/hdf4/hdf-eos/SWapi.c of the component HDF-EOS Grid File Handler. This manipulation causes out-of-bounds read. The attack is restricted to local execution. The exploit...

4.8CVSS5.4AI score0.00264EPSS
Exploits1References11
Positive Technologies
Positive Technologies
added 2026/05/04 12:0 a.m.10 views

PT-2026-36828

An issue in Lymphatus caesium-image-compressor All versions up to and including commit 02da2c6 allows a local attacker to execute arbitrary code via the shutdownMachine and putMachineToSleep functions in PostCompressionActions.cpp...

6.2AI score0.00137EPSS
Exploits0References5
CVE
CVE
added 2026/04/26 1:19 p.m.10 views

CVE-2018-25283

CVE-2018-25283 affects iSmartViewPro 1.5. The vulnerability is a SEH-based buffer overflow in the 'Save Path for Snapshot and Record file' field. A crafted payload exceeding 260 bytes via the System Setup interface can overwrite SEH records and execute shellcode with application privileges, enabl...

8.6CVSS6.1AI score0.00147EPSS
Exploits0References3
ATTACKERKB
ATTACKERKB
added 2026/04/26 12:0 p.m.3 views

CVE-2026-7038

A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made...

4.8CVSS5AI score0.00138EPSS
Exploits0References5Affected Software1
EUVD
EUVD
added 2026/04/26 12:0 p.m.8 views

EUVD-2026-25715

A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made...

4.8CVSS5.1AI score0.00138EPSS
Exploits0References5
CVE
CVE
added 2026/04/26 12:0 p.m.24 views

CVE-2026-7038

The CVE-2026-7038 affects tufantunc ssh-mcp prior to 1.5.0, specifically an unknown function in src/index.ts of the Command Line Handler. The root cause is a weakness that leaves credentials insufficiently protected, enabling local exploitation. The attack is restricted to local execution, and an...

4.8CVSS5AI score0.00138EPSS
Exploits0References5
Positive Technologies
Positive Technologies
added 2026/04/26 12:0 a.m.18 views

PT-2026-35221

A weakness has been identified in tufantunc ssh-mcp up to 1.5.0. Impacted is an unknown function of the file src/index.ts of the component Command Line Handler. This manipulation causes insufficiently protected credentials. The attack is restricted to local execution. The exploit has been made...

4.8CVSS4.5AI score0.00138EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 2026/04/23 12:3 a.m.6 views

CVE-2026-41179

Rclone is a command-line program to sync files and directories to and from different cloud storage providers. Starting in version 1.48.0 and prior to version 1.73.5, the RC endpoint operations/fsinfo is exposed without AuthRequired: true and accepts attacker-controlled fs input. Because rc.GetFs...

9.2CVSS5.9AI score0.09199EPSS
Exploits2References5Affected Software1
Positive Technologies
Positive Technologies
added 2026/04/22 12:0 a.m.14 views

PT-2026-43126

Name of the Vulnerable Software and Affected Versions GNU LibreDWG versions prior to 0.15 Description The decompress R2004 section function within the src/decode.c file of the Dwgread Utility contains an uncontrolled reachable assertion. This issue allows a local attacker to cause a denial of...

4.8CVSS6.1AI score0.00144EPSS
Exploits0References14
OSV
OSV
added 2026/04/21 2:22 p.m.3 views

CVE-2026-5789 Search path without quotes in CivetWeb

Vulnerability related to an unquoted search path in CivetWeb v1.16. This vulnerability allows a local attacker to execute arbitrary code with elevated privileges by placing a malicious executable in a directory that is scanned before the intended application path C:\Program...

8.5CVSS6.3AI score0.00139EPSS
Exploits0References3
Github Security Blog
Github Security Blog
added 2026/04/17 9:48 p.m.8 views

OpenClaw: Heartbeat owner downgrade missed local async exec completion events

Summary Heartbeat owner downgrade missed local async exec completion events. Affected Packages / Versions - Package: openclaw - Ecosystem: npm - Affected versions: = 2026.3.31 = 2026.4.10 Impact Local background exec completion text could be missed by heartbeat owner-downgrade detection, leaving ...

5.7AI score
Exploits0References4Affected Software1
Hacker One
Hacker One
added 2026/04/17 7:47 a.m.25 views

Shopify: mruby-engine: UAF in MRubyEngine#initialize enables local RCE

Summary Double-init of MRubyEngine frees engine + unmaps mspace, but leaves Ruby DATAPTR dangling. Kernel reuses freed VA via mmapMAPFIXED. Attacker forges memrubyengine struct + mrbstate in reclaimed region, points mrbstate-allocf at libc.system, arranges bytes of mrbstate to also spell a shell...

5.8AI score
Exploits0
Rows per page
Query Builder