Lucene search
K

14 matches found

Cvelist
Cvelist
added 6 days ago37 views

CVE-2026-48936

A flaw in Node.js Permission API can cause a local server to be started via a Unix domain socket, even without the --allow-net permission. This vulnerability affects one supported release line: Node.js 26...

3.3CVSS0.00154EPSS
Exploits0References1
RedhatCVE
RedhatCVE
added 2026/06/05 7:18 p.m.14 views

CVE-2026-45108

Himmelblau is an interoperability suite for Microsoft Azure Entra ID and Intune. From 2.0.0 to before 3.1.5 and 2.3.11, Himmelblau contained an authentication bypass vulnerability in the Device Authorization Grant DAG flow that allowed a user within the same Entra ID domain to obtain a local Unix...

8.4CVSS5.5AI score0.00246EPSS
Exploits0References1
OSV
OSV
added 2026/05/28 7:55 p.m.8 views

GHSA-27VP-2MMC-VMH3 nono: Sandbox escape on Linux via D-Bus: `systemd-run --user`

Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...

6.1CVSS6AI score0.00012EPSS
Exploits0References2
Github Security Blog
Github Security Blog
added 2026/05/28 7:55 p.m.12 views

nono: Sandbox escape on Linux via D-Bus: `systemd-run --user`

Summary The nono Landlock/seccomp policies allow access to local Unix domain sockets concrete and abstract. This allows an easy sandbox escape by talking to the per-user systemd dbus socket. Threat scenario: Running Aider, Claude Code, OpenCode or similar tools with "allow bash" policy so that it...

6AI score0.00012EPSS
Exploits0References2Affected Software1
CNNVD
CNNVD
added 2026/05/28 12:0 a.m.10 views

CloudNativePG 代码问题漏洞

CloudNativePG is an open-source platform developed by CloudNativePG for managing the entire lifecycle of PostgreSQL databases on Kubernetes. Versions of CloudNativePG prior to 1.29.1 and 1.28.3 contained code vulnerabilities. These vulnerabilities stemmed from the metric exporter using the pod’s...

9.4CVSS5.9AI score0.0048EPSS
Exploits0References2
CNNVD
CNNVD
added 2026/05/27 12:0 a.m.9 views

Himmelblau 安全漏洞

Himmelblau is an open-source Azure Entra ID authentication module developed by Himmelblau. Versions of Himmelblau from 2.0.0 to 3.1.5, as well as versions prior to 2.3.11, contained security vulnerabilities. These vulnerabilities stemmed from the tokenvalidate function, which did not verify wheth...

8.4CVSS5.8AI score0.00246EPSS
Exploits0References1
RedHat Linux
RedHat Linux
added 2022/09/13 9:48 a.m.6 views

nodejs-got: missing verification of requested URLs allows redirects to UNIX sockets

A flaw was found in the got package for node.js. Requested URLs are not verified and allow open redirection to a local UNIX socket...

5.3CVSS7.1AI score0.01855EPSS
Exploits0References6
RedhatCVE
RedhatCVE
added 2022/06/29 5:5 a.m.30 views

CVE-2022-33987

A flaw was found in the got package for node.js. Requested URLs are not verified and allow open redirection to a local UNIX socket...

5.3CVSS3.3AI score0.01855EPSS
Exploits0References5
ATTACKERKB
ATTACKERKB
added 2022/06/14 7:15 p.m.3 views

CVE-2022-31594

A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system...

7.2CVSS5.4AI score0.0023EPSS
Exploits0References3Affected Software1
OSV
OSV
added 2022/06/14 7:15 p.m.4 views

CVE-2022-31594

A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system...

6.7CVSS6.7AI score0.0023EPSS
Exploits0References2
Cvelist
Cvelist
added 2022/06/14 6:44 p.m.21 views

CVE-2022-31594

A highly privileged user can exploit SUID-root program to escalate his privileges to root on a local Unix system...

6.7AI score0.0023EPSS
Exploits0References2
CNNVD
CNNVD
added 2022/06/14 12:0 a.m.3 views

SAP Adaptive Server Enterprise 安全漏洞

SAP Adaptive Server Enterprise ASE is a relational database server from SAP, Germany. An elevation of privilege vulnerability exists in SAP Adaptive Server Enterprise. The vulnerability stems from an incorrect programmatic call to an advanced local procedure. An attacker could use the vulnerabili...

7.2CVSS5.6AI score0.0023EPSS
Exploits0References4
UbuntuCve
UbuntuCve
added 2022/05/10 8:15 p.m.63 views

CVE-2022-20011

In getArray of NotificationManagerService.java , there is a possible leak of one user notifications to another due to missing check. This could lead to local information disclosure with no additional execution privileges needed. User interaction is not needed for exploitation.Product:...

5.5CVSS6.3AI score0.00126EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2018/02/26 9:37 p.m.6 views

OpenJDK: loading of classes from untrusted locations (I18n, 8182601)

It was discovered that the I18n component of OpenJDK could use an untrusted search path when loading resource bundle classes. A local attacker could possibly use this flaw to execute arbitrary code as another local user by making their Java application load an attacker controlled class file...

4.5CVSS7.7AI score0.00631EPSS
Exploits0References4
Rows per page
Query Builder