4065 matches found
Windows UPnP Device Host Elevation of Privilege Vulnerability
Untrusted pointer dereference in Windows Universal Plug and Play UPnP Device Host allows an authorized attacker to elevate privileges locally...
PT-2026-32806
CVE-2026-32080 Use after free in Windows WalletService allows an authorized attacker to elevate privileges locally. https://t.co/ot43xvauta...
EUVD-2026-22030
A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opjpiinitialiseencode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The...
CVE-2026-6192
A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opjpiinitialiseencode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The...
CVE-2026-6192
A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opjpiinitialiseencode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The...
UBUNTU-CVE-2026-6192
A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opjpiinitialiseencode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The...
CVE-2026-6192
Affected software: uclouvain openjpeg (up to 2.5.4). Vulnerable component: opj_pi_initialise_encode in src/lib/openjp2/pi.c due to an integer overflow. Impact: local attacker can exploit; exploit exists publicly. Patch: reference to patch identifier 839936aa33eb8899bbbd80fda02796bb65068951 should...
CVE-2026-6192 uclouvain openjpeg pi.c opj_pi_initialise_encode integer overflow
A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opjpiinitialiseencode in the library src/lib/openjp2/pi.c. The manipulation leads to integer overflow. The attack must be carried out locally. The exploit is publicly available and might be used. The...
PT-2026-32530
A vulnerability was determined in aandrew-me ytDownloader up to 3.20.2. This affects the function child process.exec of the file src/compressor.js of the component Compressor Feature. This manipulation causes command injection. The attack can only be executed locally. The exploit has been publicl...
Linux Distros Unpatched Vulnerability : CVE-2025-14569
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was detected in ggml-org whisper.cpp up to 1.8.2. Affected is the function readaudiodata of the file /whisper.cpp/examples/common-whisper.cpp. T...
Linux Distros Unpatched Vulnerability : CVE-2026-6192
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A vulnerability was identified in uclouvain openjpeg up to 2.5.4. This impacts the function opjpiinitialiseencode in the library src/lib/openjp2/pi.c. The...
Amazon Linux 2023 : vim-common, vim-data, vim-default-editor (ALAS2023-2026-1584)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2026-1584 advisory. When switching to other buffers using the :all command and visual mode still being active, this may cause a heap-buffer overflow, because Vim does not properly end visual mode and therefore ma...
PT-2026-32162
R 3.4.4 contains a local buffer overflow vulnerability that allows attackers to execute arbitrary code by injecting malicious input into the GUI Preferences language field. Attackers can craft a payload with a 292-byte offset and JMP ESP instruction to execute commands like calc.exe when the...
OESA-2026-1860 mxml security update
Mini-XML is a small XML parsing library that you can use to read XML and XML-like data files in your application without requiring large non-standard libraries. Security Fixes: A vulnerability was determined in mxml up to 4.0.4. This issue affects the function indexsort of the file mxml-index.c o...
EUVD-2026-21354
A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix...
CVE-2026-6042
A security flaw has been discovered in musl libc up to 1.2.6. Affected is the function iconv of the file src/locale/iconv.c of the component GB18030 4-byte Decoder. Performing a manipulation results in inefficient algorithmic complexity. The attack must be initiated from a local position. To fix...
PT-2026-31904
Name of the Vulnerable Software and Affected Versions musl libc versions up to 1.2.6 Description A security flaw exists in the iconv function within the GB18030 4-byte Decoder component of musl libc, specifically in the file src/locale/iconv.c. A manipulation of this function leads to inefficient...
Unity Linux 20.1070e Security Update: binutils (UTSA-2026-007090)
The Unity Linux 20 host has a package installed that is affected by a vulnerability as referenced in the UTSA-2026-007090 advisory. A vulnerability, which was classified as problematic, has been found in GNU Binutils 2.45. Affected by this issue is the function bfdelfsetgroupcontents of the file...
GHSA-95HG-3C55-XF9X awwaiid mcp-server-taskwarrior vulnerable to command injection
A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function server.setRequestHandler of the file index.ts. Such manipulation of the argument Identifier leads to command injection. The attack must be carried out locally. The exploit has been...
CVE-2026-5833
A security vulnerability has been detected in awwaiid mcp-server-taskwarrior up to 1.0.1. This impacts the function server.setRequestHandler of the file index.ts. Such manipulation of the argument Identifier leads to command injection. The attack must be carried out locally. The exploit has been...